Sweet Page nicht entfernbar

Twentyflux · 13.02.2014, 01:18

Mein Laptop wurde mit einem Windows Vista System neu bespielt.

Als ich mir Programme runtergeladen habe: Thunderbird, Firefox Version 26.0, Skype, Adobe Reader, VLC Player und AdBlocker muss ich etwas übersehen haben und nun erscheint beim Öffnen des Firefox immer die Sweet Page. Und beim Öffnen eines neuen Tabs öffnet sich eine leere Seite und es steht folgendes in der Adresszeile: chrome://lightning/content/newtab.html Ich benutze aber gar kein Chrome.

Unter Einstellungen habe ich schon nach Add-ons gesucht um diese Sweet Page zu entfernen, doch sie erscheint dort nicht.

Nun weiß ich nicht wie ich fortfahren soll.

Kann ich den Virus durch ein Programm entfernen oder muss ich den Laptop nochmal plattmachen lassen?

Ich wäre sehr dankbar wenn mir jemand bei diesem Problem helfen könnte.

Ich habe im folgenden Logfiles angehängt.

Vielen Dank.

schrauber · 13.02.2014, 05:47

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Twentyflux · 13.02.2014, 18:58

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:38 on 12/02/2014 (Regina)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST Teil I

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-02-2014 01
Ran by Regina (administrator) on REGINA-PC on 12-02-2014 12:41:41
Running from C:\Users\Regina\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
() C:\Program Files (x86)\RightSurf\updateRightSurf.exe
() C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-24] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x99035DB06E18CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263&q={searchTerms}
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: RightSurf - {88be1aa9-6740-461c-9e3e-f35eb8fa741c} - C:\Program Files (x86)\RightSurf\RightSurfbho.dll (RightSurf)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\4o7rdo4p.default
FF NewTab: chrome://lightning/content/newtab.html
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Extension_Protected - C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\4o7rdo4p.default\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi [2014-01-26]
FF Extension: Adblock Plus - C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\4o7rdo4p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-26]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-17]
FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\4o7rdo4p.default\extensions\lightningnewtab@gmail.com.xpi

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-24] (AVAST Software)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [508016 2014-01-14] (Cherished Technololgy LIMITED)
R2 Update RightSurf; C:\Program Files (x86)\RightSurf\updateRightSurf.exe [80160 2014-02-11] ()
R2 Util RightSurf; C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe [80160 2014-02-11] ()
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [493568 2014-01-26] (Cherished Technololgy LIMITED)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-01-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-24] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-01-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-17] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [56832 2009-04-01] (Atheros Communications, Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-12 12:41 - 2014-02-12 12:41 - 00010906 _____ () C:\Users\Regina\Desktop\FRST.txt
2014-02-12 12:41 - 2014-02-12 12:41 - 00000000 ____D () C:\FRST
2014-02-12 12:39 - 2014-02-12 12:40 - 02151424 _____ (Farbar) C:\Users\Regina\Desktop\FRST64.exe
2014-02-12 12:37 - 2014-02-12 12:38 - 00000474 _____ () C:\Users\Regina\Desktop\defogger_disable.log
2014-02-12 12:37 - 2014-02-12 12:37 - 00000000 _____ () C:\Users\Regina\defogger_reenable
2014-02-11 23:03 - 2014-02-11 23:03 - 00010506 _____ () C:\Users\Regina\Desktop\prefs.js
2014-02-11 15:28 - 2014-02-11 15:29 - 00277280 _____ () C:\Windows\Minidump\Mini021114-02.dmp
2014-02-11 15:00 - 2014-02-11 15:28 - 390989177 _____ () C:\Windows\MEMORY.DMP
2014-02-11 15:00 - 2014-02-11 15:28 - 00000000 ____D () C:\Windows\Minidump
2014-02-11 15:00 - 2014-02-11 15:00 - 00277256 _____ () C:\Windows\Minidump\Mini021114-01.dmp
2014-02-10 17:43 - 2014-02-10 17:43 - 00050477 _____ () C:\Users\Regina\Desktop\Defogger.exe
2014-02-06 14:18 - 2014-02-06 14:18 - 00000000 ____D () C:\ProgramData\Mozilla
2014-02-06 14:18 - 2014-02-06 14:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-02 19:40 - 2014-02-02 19:40 - 00000000 ____D () C:\Users\Regina\Desktop\Bilder 2014
2014-01-29 12:25 - 2014-01-29 12:25 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-01-28 23:04 - 2014-01-29 00:17 - 00000000 ___RD () C:\Users\Regina\Desktop\Fotos_Videos_ReginaBerthold_2005-2014
2014-01-28 22:57 - 2014-01-28 22:58 - 00000000 ____D () C:\Users\Regina\Desktop\Uni BA MA
2014-01-28 22:56 - 2014-01-28 22:56 - 00003584 _____ () C:\Users\Regina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-28 22:56 - 2014-01-28 22:56 - 00000000 ____D () C:\Users\Regina\Desktop\Ungeordnete Dateien Regina
2014-01-28 22:46 - 2014-01-28 22:53 - 00000000 ____D () C:\Users\Regina\Desktop\Musik von Regina
2014-01-28 22:45 - 2014-01-29 21:59 - 00000000 ___RD () C:\Users\Regina\Desktop\Projekte
2014-01-28 21:45 - 2014-01-29 21:59 - 00000000 ___RD () C:\Users\Regina\Desktop\Freizeit
2014-01-28 21:34 - 2014-01-28 21:34 - 00000000 ____D () C:\Users\Regina\Desktop\Bewerbung
2014-01-28 21:33 - 2014-01-31 18:15 - 00000000 ____D () C:\Users\Regina\Desktop\Jobs
2014-01-26 17:45 - 2014-02-02 14:37 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Skype
2014-01-26 17:45 - 2014-01-26 17:45 - 00000000 ____D () C:\Users\Regina\AppData\Local\Skype
2014-01-26 17:44 - 2014-01-26 17:44 - 00001892 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-01-26 17:44 - 2014-01-26 17:44 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-01-26 17:44 - 2014-01-26 17:44 - 00000000 ____D () C:\ProgramData\Skype
2014-01-26 17:42 - 2014-01-26 17:43 - 35671200 _____ (Skype Technologies S.A.) C:\Users\Regina\Downloads\SkypeSetupFull.exe
2014-01-26 17:13 - 2014-02-11 21:52 - 00000000 ___RD () C:\Users\Regina\Dropbox
2014-01-26 17:13 - 2014-01-26 17:13 - 00000942 _____ () C:\Users\Regina\Desktop\Dropbox.lnk
2014-01-26 17:11 - 2014-01-26 17:13 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\DropboxMaster
2014-01-26 17:11 - 2014-01-26 17:11 - 00000000 ____D () C:\Program Files (x86)\Dropbox
2014-01-26 17:10 - 2014-01-26 17:10 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-26 17:08 - 2014-02-11 21:52 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Dropbox
2014-01-26 17:05 - 2014-01-26 17:06 - 37660568 _____ (Dropbox, Inc.) C:\Users\Regina\Downloads\Dropbox 2.6.2.exe
2014-01-26 13:15 - 2014-01-26 13:15 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\0F1F1C2Y1H1P1C0I0T
2014-01-26 13:15 - 2014-01-26 13:15 - 00000000 ____D () C:\ProgramData\IePluginService
2014-01-26 13:15 - 2014-01-26 13:15 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-01-26 13:14 - 2014-01-27 10:57 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-01-26 13:14 - 2014-01-26 13:14 - 00000000 ____D () C:\ProgramData\WPM
2014-01-26 13:13 - 2014-01-26 14:14 - 00000000 ____D () C:\Program Files (x86)\RightSurf
2014-01-26 13:13 - 2014-01-26 13:14 - 00437118 _____ () C:\Users\Regina\AppData\Local\dd_vcredistMSI4E0F.txt
2014-01-26 13:13 - 2014-01-26 13:14 - 00012072 _____ () C:\Users\Regina\AppData\Local\dd_vcredistUI4E0F.txt
2014-01-26 13:12 - 2014-01-27 10:58 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\systweak
2014-01-26 13:12 - 2014-01-26 13:11 - 00608840 _____ () C:\Users\Regina\Downloads\adblock-plus.xpi
2014-01-26 13:12 - 2013-12-27 18:10 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-01-26 13:11 - 2014-01-26 13:11 - 00675736 _____ ( ) C:\Users\Regina\Downloads\adblock-plus.exe
2014-01-24 22:01 - 2014-02-02 19:41 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\vlc
2014-01-24 21:49 - 2014-01-24 21:49 - 00000901 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-01-24 21:49 - 2014-01-24 21:49 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-01-24 21:38 - 2014-01-24 21:39 - 24097311 _____ () C:\Users\Regina\Downloads\vlc-2.1.2-win32.exe
2014-01-24 20:26 - 2014-02-12 12:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-24 20:26 - 2014-02-06 14:29 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-24 20:10 - 2014-01-26 17:17 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Adobe
2014-01-24 20:10 - 2014-01-24 20:10 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Macromedia
2014-01-24 20:10 - 2014-01-24 20:10 - 00000000 ____D () C:\Users\Regina\AppData\Local\Macromedia
2014-01-24 20:09 - 2014-01-24 20:09 - 00001922 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-01-24 20:09 - 2014-01-24 20:09 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-01-24 20:08 - 2014-01-30 23:35 - 00000000 ____D () C:\ProgramData\Adobe
2014-01-24 20:02 - 2014-02-06 14:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-24 20:02 - 2014-02-06 14:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-24 20:02 - 2014-01-24 20:02 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-01-24 20:02 - 2014-01-24 20:02 - 00000000 ____D () C:\Windows\system32\Macromed
2014-01-24 20:00 - 2014-01-26 17:17 - 00000000 ____D () C:\Users\Regina\AppData\Local\Adobe
2014-01-23 21:02 - 2014-01-23 21:02 - 00001003 _____ () C:\Users\Regina\Documents\MailShield.der
2014-01-23 20:46 - 2014-02-06 14:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-01-23 20:46 - 2014-02-04 18:32 - 00000000 ____D () C:\Users\Regina\AppData\Local\Thunderbird
2014-01-23 20:46 - 2014-01-23 20:46 - 00001844 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-01-23 20:46 - 2014-01-23 20:46 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Thunderbird
2014-01-23 20:17 - 2014-01-23 20:18 - 21981704 _____ (Mozilla) C:\Users\Regina\Downloads\Thunderbird Setup 24.2.0.exe
2014-01-23 20:16 - 2014-01-26 13:13 - 00001098 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-23 20:16 - 2014-01-23 20:16 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Mozilla
2014-01-23 20:16 - 2014-01-23 20:16 - 00000000 ____D () C:\Users\Regina\AppData\Local\Mozilla
2014-01-23 20:16 - 2014-01-23 20:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-01-20 16:09 - 2014-01-20 16:09 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\LibreOffice
2014-01-20 14:46 - 2014-01-20 15:00 - 01541636 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-20 14:16 - 2013-08-27 04:39 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-01-20 14:16 - 2013-08-27 04:39 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-01-20 14:16 - 2013-08-27 04:39 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-01-20 14:16 - 2013-08-27 04:39 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-01-20 14:16 - 2013-08-27 03:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-01-20 14:16 - 2013-08-27 03:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-01-20 14:16 - 2013-08-27 03:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-01-20 14:16 - 2013-08-27 03:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-01-20 14:16 - 2013-08-27 03:32 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-01-20 14:16 - 2013-08-27 03:30 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-01-20 14:16 - 2013-08-27 03:06 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-01-20 14:16 - 2013-08-27 03:00 - 01556480 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-01-20 14:16 - 2013-08-27 03:00 - 01149952 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-01-20 14:16 - 2013-08-27 02:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-01-20 14:16 - 2013-08-27 02:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-01-20 14:16 - 2013-08-27 02:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-01-20 14:16 - 2013-08-27 02:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-01-20 14:16 - 2011-03-12 23:52 - 01653760 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-01-20 14:16 - 2011-03-12 22:55 - 00876032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-01-20 14:04 - 2014-01-20 14:04 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-01-20 13:58 - 2014-01-20 13:58 - 00000000 ____D () C:\Windows\SysWOW64\spool
2014-01-20 13:58 - 2014-01-20 13:58 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-01-20 13:58 - 2014-01-20 13:58 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2014-01-20 13:57 - 2014-01-20 13:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_07_00.Wdf
2014-01-20 13:46 - 2009-10-01 02:02 - 02537472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2014-01-20 13:46 - 2009-10-01 02:02 - 00334848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceApi.dll
2014-01-20 13:46 - 2009-10-01 02:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDShServiceObj.dll
2014-01-20 13:46 - 2009-10-01 02:02 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDShextAutoplay.exe
2014-01-20 13:46 - 2009-10-01 02:01 - 00350208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDSp.dll
2014-01-20 13:46 - 2009-10-01 02:01 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceWMDRM.dll
2014-01-20 13:46 - 2009-10-01 02:01 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceTypes.dll
2014-01-20 13:46 - 2009-10-01 02:01 - 00100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceClassExtension.dll
2014-01-20 13:46 - 2009-10-01 02:01 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceConnectApi.dll
2014-01-20 13:46 - 2009-10-01 01:52 - 02727936 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2014-01-20 13:46 - 2009-10-01 01:52 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2014-01-20 13:46 - 2009-10-01 01:52 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\WPDShextAutoplay.exe
2014-01-20 13:46 - 2009-10-01 01:51 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2014-01-20 13:46 - 2009-10-01 01:51 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\WPDSp.dll
2014-01-20 13:46 - 2009-10-01 01:51 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWMDRM.dll
2014-01-20 13:46 - 2009-10-01 01:51 - 00214528 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceTypes.dll
2014-01-20 13:46 - 2009-10-01 01:51 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceClassExtension.dll
2014-01-20 13:46 - 2009-10-01 01:51 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll
2014-01-20 13:46 - 2009-10-01 01:51 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2014-01-20 13:46 - 2009-10-01 01:51 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceConnectApi.dll
2014-01-20 13:46 - 2009-10-01 01:51 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\BthMtpContextHandler.dll
2014-01-20 12:28 - 2012-07-26 04:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-01-20 12:28 - 2012-07-26 04:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-01-20 12:28 - 2012-07-26 04:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-01-20 12:28 - 2012-07-26 04:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-01-20 12:28 - 2012-07-26 04:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-01-20 12:28 - 2012-07-26 03:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-01-20 12:28 - 2012-07-26 03:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-01-20 12:28 - 2012-06-02 15:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-01-20 12:28 - 2009-07-14 13:19 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\winusb.dll
2014-01-20 12:28 - 2009-07-14 13:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winusb.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 17847296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 12344320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-01-20 12:20 - 2014-01-20 12:20 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-01-20 12:20 - 2014-01-20 12:20 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-01-20 12:20 - 2014-01-20 12:20 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-20 12:20 - 2014-01-20 12:20 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-01-20 12:20 - 2014-01-20 12:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-01-20 12:20 - 2014-01-20 12:20 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-01-20 12:20 - 2014-01-20 12:20 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-01-20 12:20 - 2014-01-20 12:20 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\advpack.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-01-20 12:20 - 2014-01-20 12:20 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-01-20 12:20 - 2014-01-20 12:20 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-01-20 12:18 - 2014-01-20 12:18 - 03548672 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 03068416 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 01554432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsservices.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\MFH264Dec.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 01075712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 01032192 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe
2014-01-20 12:18 - 2014-01-20 12:18 - 00979456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFH264Dec.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00847360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00625152 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00586240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00428544 _____ (Microsoft Corporation) C:\Windows\system32\MFHEAACdec.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4src.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2014-01-20 12:18 - 2014-01-20 12:18 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFHEAACdec.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00345088 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00302592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4src.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00258048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2014-01-20 12:18 - 2014-01-20 12:18 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00135680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelineprxy.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-01-20 12:17 - 2014-01-20 12:17 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00449024 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00369664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\dxdiag.exe
2014-01-20 12:17 - 2014-01-20 12:17 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\dxdiagn.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiag.exe
2014-01-20 12:17 - 2014-01-20 12:17 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiagn.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00189440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-01-20 12:16 - 2014-01-20 12:21 - 00004287 _____ () C:\Windows\IE9_main.log
2014-01-20 11:44 - 2009-09-10 03:07 - 03815424 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll
2014-01-20 11:44 - 2009-09-10 03:06 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2014-01-20 11:44 - 2009-09-10 03:05 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-01-20 11:44 - 2009-09-10 03:01 - 03023360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbon.dll
2014-01-20 11:44 - 2009-09-10 03:00 - 01164800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll
2014-01-20 11:44 - 2009-09-10 03:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2014-01-20 11:43 - 2012-02-29 16:37 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2014-01-20 11:43 - 2012-02-29 16:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2014-01-20 11:43 - 2012-02-29 14:52 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2014-01-20 11:33 - 2014-02-11 15:00 - 00001576 _____ () C:\Windows\system32\spsys.log
2014-01-20 11:20 - 2013-10-11 05:23 - 00781824 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-01-20 11:20 - 2013-10-11 05:23 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-01-20 11:20 - 2013-10-11 03:29 - 00217074 _____ () C:\Windows\system32\WFP.TMF
2014-01-20 11:20 - 2013-10-11 03:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-01-20 11:20 - 2013-08-02 15:06 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-01-20 11:20 - 2013-08-02 05:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-01-20 11:20 - 2013-07-09 13:04 - 01585256 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-01-20 11:20 - 2013-07-09 13:04 - 01168088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-01-20 11:20 - 2013-07-08 05:51 - 04691904 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-01-20 11:20 - 2013-07-08 05:20 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-01-20 11:20 - 2013-07-08 05:18 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-01-20 11:20 - 2013-07-08 05:15 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-01-20 11:20 - 2013-07-08 05:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-01-20 11:20 - 2013-07-08 02:39 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-01-20 11:20 - 2013-07-08 02:39 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-01-20 11:20 - 2013-07-08 02:39 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-01-20 11:20 - 2013-03-09 05:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-01-20 11:20 - 2013-03-09 02:48 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-01-20 11:20 - 2013-03-03 20:13 - 01513320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-01-20 11:20 - 2012-09-25 17:31 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2014-01-20 11:20 - 2012-09-25 17:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2014-01-20 11:20 - 2012-05-01 15:29 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-01-20 11:20 - 2011-12-14 17:38 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2014-01-20 11:20 - 2011-12-14 17:17 - 00680448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2014-01-20 11:20 - 2011-02-22 15:47 - 00479744 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-01-20 11:20 - 2011-02-22 15:13 - 00288768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-01-20 11:18 - 2013-07-10 10:47 - 00677888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-01-20 11:18 - 2013-07-10 10:42 - 01303552 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-01-20 11:18 - 2013-04-24 05:09 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2014-01-20 11:18 - 2013-04-24 05:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2014-01-20 11:18 - 2013-04-24 03:10 - 01078272 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-01-20 11:18 - 2013-04-24 02:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2014-01-20 11:18 - 2011-10-25 17:13 - 00352256 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-01-20 11:18 - 2011-10-25 16:58 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-01-20 11:17 - 2013-10-11 05:27 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-01-20 11:17 - 2013-10-11 05:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-01-20 11:17 - 2013-10-11 03:19 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-01-20 11:17 - 2013-10-11 03:19 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-01-20 11:17 - 2013-10-11 03:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-01-20 11:17 - 2013-10-11 03:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-01-20 11:17 - 2013-10-11 03:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshcon.dll
2014-01-20 11:17 - 2013-10-11 01:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-01-20 11:17 - 2013-10-11 01:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-01-20 11:17 - 2013-07-08 05:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-01-20 11:17 - 2013-07-08 05:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-01-20 11:17 - 2013-07-08 05:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2014-01-20 11:17 - 2013-07-08 05:15 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-01-20 11:17 - 2013-07-08 05:12 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-01-20 11:17 - 2013-07-08 05:12 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-01-20 11:17 - 2013-04-17 14:04 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-01-20 11:17 - 2013-04-17 13:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2014-01-20 11:17 - 2013-02-12 03:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2014-01-20 11:17 - 2012-11-02 11:47 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-01-20 11:17 - 2012-11-02 11:47 - 01794560 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-01-20 11:17 - 2012-11-02 11:19 - 01400832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-01-20 11:17 - 2012-11-02 11:19 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-01-20 11:17 - 2012-06-08 18:59 - 12899840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-01-20 11:17 - 2012-06-08 18:47 - 11586048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-01-20 11:17 - 2012-05-11 17:34 - 00788480 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-01-20 11:17 - 2012-05-11 16:57 - 00623616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\localspl.dll
2014-01-20 11:17 - 2012-02-01 16:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2014-01-20 11:17 - 2011-08-25 17:20 - 00735744 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2014-01-20 11:17 - 2011-08-25 17:19 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-01-20 11:17 - 2011-08-25 17:19 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2014-01-20 11:17 - 2011-08-25 17:15 - 00555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2014-01-20 11:17 - 2011-08-25 17:14 - 00563712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-01-20 11:17 - 2011-08-25 17:14 - 00238080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2014-01-20 11:17 - 2011-08-25 14:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\oleaccrc.dll
2014-01-20 11:17 - 2011-08-25 14:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaccrc.dll
2014-01-20 11:16 - 2013-10-03 16:02 - 01278976 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-01-20 11:16 - 2013-10-03 13:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-01-20 11:16 - 2013-07-20 11:45 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-01-20 11:16 - 2013-07-20 11:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-01-20 11:16 - 2013-07-17 21:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-01-20 11:16 - 2013-07-17 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-01-20 11:16 - 2013-07-16 10:25 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2014-01-20 11:16 - 2013-07-16 05:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2014-01-20 11:16 - 2013-07-03 03:22 - 00031616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-01-20 11:16 - 2013-06-01 05:19 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-01-20 11:16 - 2013-06-01 05:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-01-20 11:16 - 2013-05-02 05:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-01-20 11:16 - 2013-05-02 05:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2014-01-20 11:16 - 2013-05-02 05:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printcom.dll
2014-01-20 11:16 - 2013-03-08 05:17 - 02425344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-01-20 11:16 - 2013-03-08 04:52 - 02067968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-01-20 11:16 - 2012-11-22 05:22 - 00456192 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2014-01-20 11:16 - 2012-11-22 04:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shlwapi.dll
2014-01-20 11:16 - 2012-09-28 17:34 - 01210368 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-01-20 11:16 - 2012-09-28 17:13 - 00860160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-01-20 11:16 - 2012-06-04 16:29 - 00516480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-01-20 11:16 - 2012-06-02 01:22 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-01-20 11:16 - 2012-06-02 01:05 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-01-20 11:16 - 2012-06-02 01:04 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-01-20 11:16 - 2011-11-16 17:43 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2014-01-20 11:16 - 2011-11-16 17:42 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-01-20 11:16 - 2011-11-16 17:41 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-01-20 11:16 - 2011-11-16 17:23 - 00377344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2014-01-20 11:16 - 2011-11-16 15:34 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-01-20 11:16 - 2011-07-29 17:08 - 00375808 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2014-01-20 11:16 - 2011-07-29 17:08 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2014-01-20 11:16 - 2011-07-29 17:06 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\Mpeg2Data.ax
2014-01-20 11:16 - 2011-07-29 17:06 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax
2014-01-20 11:16 - 2011-07-29 17:01 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2014-01-20 11:16 - 2011-07-29 17:01 - 00217088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2014-01-20 11:16 - 2011-07-29 17:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax
2014-01-20 11:16 - 2011-07-29 17:00 - 00057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax
2014-01-20 11:14 - 2013-08-01 05:10 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-01-20 11:14 - 2013-08-01 04:37 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-01-20 11:13 - 2013-10-30 03:10 - 02776064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-20 11:13 - 2013-09-04 03:31 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-01-20 11:13 - 2013-07-05 05:45 - 01423808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-01-20 11:13 - 2013-07-04 05:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-01-20 11:13 - 2013-07-04 05:13 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-01-20 11:13 - 2013-06-29 03:25 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-20 11:13 - 2013-06-29 03:25 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-20 11:13 - 2013-06-29 03:25 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-20 11:13 - 2013-06-29 03:25 - 00007552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-20 11:13 - 2013-06-27 00:00 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-01-20 11:13 - 2013-06-27 00:00 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-01-20 11:13 - 2013-06-27 00:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2014-01-20 11:13 - 2013-06-15 14:27 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2014-01-20 11:13 - 2013-06-15 12:38 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-01-20 11:13 - 2013-06-04 05:16 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-01-20 11:13 - 2013-06-04 05:16 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-01-20 11:13 - 2013-06-04 03:01 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-01-20 11:13 - 2013-06-04 02:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-01-20 11:13 - 2011-10-14 18:31 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2014-01-20 11:13 - 2011-10-14 18:27 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\mcicda.dll
2014-01-20 11:13 - 2011-10-14 18:27 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\mciwave.dll
2014-01-20 11:13 - 2011-10-14 18:27 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\mciseq.dll
2014-01-20 11:13 - 2011-10-14 17:03 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2014-01-20 11:13 - 2011-10-14 17:00 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mciseq.dll
2014-01-20 11:13 - 2011-05-05 15:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-20 11:13 - 2011-05-05 15:17 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-20 11:12 - 2013-10-30 05:34 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2014-01-20 11:12 - 2013-10-30 04:55 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-01-20 11:12 - 2013-10-30 03:33 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-01-20 11:12 - 2013-10-22 10:31 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-01-20 11:12 - 2013-10-22 08:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-01-20 11:12 - 2013-10-03 16:03 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-01-20 11:12 - 2013-10-03 13:46 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-01-20 11:12 - 2013-07-12 10:19 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2014-01-20 11:12 - 2013-03-08 05:18 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-01-20 11:12 - 2012-11-20 05:22 - 00204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-01-20 11:12 - 2012-11-20 05:21 - 00253952 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-01-20 11:12 - 2012-11-08 05:26 - 01570816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-01-20 11:12 - 2012-11-08 04:48 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-01-20 11:12 - 2012-11-02 11:45 - 00477696 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2014-01-20 11:12 - 2012-11-02 11:45 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll
2014-01-20 11:12 - 2012-11-02 11:18 - 00376320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2014-01-20 11:12 - 2012-11-02 09:59 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2014-01-20 11:12 - 2012-11-02 09:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
2014-01-20 11:12 - 2012-08-21 12:50 - 00267648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-01-20 11:12 - 2012-06-29 17:20 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2014-01-20 11:12 - 2012-06-29 17:01 - 00467968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2014-01-20 11:12 - 2012-03-21 00:34 - 00072576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2014-01-20 11:12 - 2011-11-18 19:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-01-20 11:12 - 2011-11-18 18:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-01-20 11:12 - 2011-10-14 18:30 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2014-01-20 11:12 - 2011-10-14 17:02 - 00429056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2014-01-20 11:12 - 2011-06-15 17:16 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2014-01-20 11:12 - 2011-06-15 17:12 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2014-01-20 11:12 - 2010-05-04 20:40 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msshsq.dll
2014-01-20 11:12 - 2010-05-04 20:13 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshsq.dll
2014-01-20 10:52 - 2012-01-09 17:16 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2014-01-20 10:52 - 2012-01-09 16:54 - 00613376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2014-01-20 10:25 - 2012-06-02 23:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-01-20 10:25 - 2012-06-02 23:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-01-20 10:25 - 2012-06-02 23:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-01-20 10:25 - 2012-06-02 23:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-01-20 10:24 - 2012-06-02 23:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-01-20 10:24 - 2012-06-02 23:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-01-20 10:24 - 2012-06-02 23:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-01-20 10:24 - 2012-06-02 23:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-01-20 10:24 - 2012-06-02 23:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-01-20 10:24 - 2012-06-02 23:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-01-20 10:23 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-01-20 10:23 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-01-20 10:23 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-01-20 10:23 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-01-17 19:31 - 2014-01-17 19:31 - 00000000 ____D () C:\Windows\SysWOW64\vi-VN
2014-01-17 19:31 - 2014-01-17 19:31 - 00000000 ____D () C:\Windows\SysWOW64\eu-ES
2014-01-17 19:31 - 2014-01-17 19:31 - 00000000 ____D () C:\Windows\SysWOW64\ca-ES
2014-01-17 19:31 - 2014-01-17 19:31 - 00000000 ____D () C:\Windows\system32\vi-VN
2014-01-17 19:31 - 2014-01-17 19:31 - 00000000 ____D () C:\Windows\system32\eu-ES
2014-01-17 19:31 - 2014-01-17 19:31 - 00000000 ____D () C:\Windows\system32\ca-ES
2014-01-17 18:16 - 2014-01-17 18:16 - 00000000 ____D () C:\Windows\system32\EventProviders
2014-01-17 18:15 - 2009-04-11 08:11 - 03108864 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-01-17 18:15 - 2009-04-11 08:11 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2014-01-17 18:15 - 2009-04-11 08:11 - 02204672 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2014-01-17 18:15 - 2009-04-11 08:11 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\FunctionDiscoveryFolder.dll
2014-01-17 18:15 - 2009-04-11 08:11 - 01146880 _____ (Microsoft Corporation) C:\Windows\system32\imapi2fs.dll
2014-01-17 18:15 - 2009-04-11 08:11 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\wcnwiz2.dll
2014-01-17 18:15 - 2009-04-11 08:11 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2014-01-17 18:15 - 2009-04-11 08:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\SLCExt.dll
2014-01-17 18:15 - 2009-04-11 08:11 - 00397312 _____ (Microsoft Corporation) C:\Windows\system32\WscEapPr.dll
2014-01-17 18:15 - 2009-04-11 08:11 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\msstrc.dll
2014-01-17 18:15 - 2009-04-11 08:11 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2014-01-17 18:15 - 2009-04-11 08:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\xmlfilter.dll
2014-01-17 18:15 - 2009-04-11 08:11 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2014-01-17 18:15 - 2009-04-11 08:10 - 02582016 _____ (Microsoft Corporation) C:\Windows\system32\SLsvc.exe
2014-01-17 18:15 - 2009-04-11 07:28 - 02134528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FunctionDiscoveryFolder.dll
2014-01-17 18:15 - 2009-04-11 07:28 - 01576960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2014-01-17 18:15 - 2009-04-11 07:28 - 01480704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2014-01-17 18:15 - 2009-04-11 07:28 - 01081344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SLCExt.dll
2014-01-17 18:15 - 2009-04-11 07:28 - 00968192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcnwiz2.dll
2014-01-17 18:15 - 2009-04-11 07:28 - 00291328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WscEapPr.dll
2014-01-17 18:15 - 2009-04-11 07:12 - 12240896 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0007.dll
2014-01-17 18:15 - 2009-04-11 07:12 - 02644480 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0009.dll
2014-01-17 18:15 - 2009-04-11 06:39 - 00948736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-01-17 18:15 - 2009-04-11 06:03 - 12240896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NlsLexicons0007.dll
2014-01-17 18:15 - 2009-04-11 06:03 - 02644480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NlsLexicons0009.dll
2014-01-17 18:15 - 2009-02-18 19:40 - 01165664 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2014-01-17 18:15 - 2009-02-18 19:39 - 01381720 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-01-17 18:15 - 2009-02-18 19:39 - 00779136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2014-01-17 18:15 - 2009-02-18 19:39 - 00046944 _____ (Microsoft Corporation) C:\Windows\system32\infocardcpl.cpl
2014-01-17 18:14 - 2009-04-11 08:15 - 00738264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-01-17 18:14 - 2009-04-11 08:15 - 00380392 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-01-17 18:14 - 2009-04-11 08:15 - 00347112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-17 18:14 - 2009-04-11 08:15 - 00275432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2014-01-17 18:14 - 2009-04-11 08:15 - 00223720 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2014-01-17 18:14 - 2009-04-11 08:15 - 00164840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-01-17 18:14 - 2009-04-11 08:15 - 00164328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Storport.sys
2014-01-17 18:14 - 2009-04-11 08:11 - 03894272 _____ (Microsoft Corporation) C:\Windows\system32\WinSAT.exe
2014-01-17 18:14 - 2009-04-11 08:11 - 03263488 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 02506752 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 02484224 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 02272256 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 02112000 _____ (Microsoft Corporation) C:\Windows\system32\apds.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 02028032 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 01930240 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 01925120 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 01748992 _____ (Microsoft Corporation) C:\Windows\system32\certmgr.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 01686528 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 01681920 _____ (Microsoft Corporation) C:\Windows\system32\wcnwiz.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 01673216 _____ (Microsoft Corporation) C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 01658368 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 01650688 _____ (Microsoft Corporation) C:\Windows\system32\browseui.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 01584128 _____ (Microsoft Corporation) C:\Windows\system32\diagperf.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2014-01-17 18:14 - 2009-04-11 08:11 - 01499136 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 01495040 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 01491968 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 01433600 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2014-01-17 18:14 - 2009-04-11 08:11 - 01418752 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayCpl.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\wercon.exe
2014-01-17 18:14 - 2009-04-11 08:11 - 01245696 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 01244672 _____ (Microsoft Corporation) C:\Windows\system32\RacEngn.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 01185280 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 01114112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2014-01-17 18:14 - 2009-04-11 08:11 - 01098240 _____ (Microsoft Corporation) C:\Windows\system32\NetProjW.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 01081856 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 01065472 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 01040896 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 01013248 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00946688 _____ (Microsoft Corporation) C:\Windows\system32\scavenge.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00935424 _____ (Microsoft Corporation) C:\Windows\system32\ipsecsnp.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00922624 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-01-17 18:14 - 2009-04-11 08:11 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\comuid.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00836608 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00820224 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00796672 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2VDEC.DLL
2014-01-17 18:14 - 2009-04-11 08:11 - 00727552 _____ (Microsoft Corporation) C:\Windows\system32\msdtcprx.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00719872 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00717312 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00671744 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00631296 _____ (Microsoft Corporation) C:\Windows\system32\SLCommDlg.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00620544 _____ (Microsoft Corporation) C:\Windows\system32\ipsmsnap.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\msvcp60.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00581632 _____ (Microsoft) C:\Windows\system32\IasMigPlugin.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00581632 _____ (Microsoft Corporation) C:\Windows\system32\sqlsrv32.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00581120 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00549888 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\imapi2.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\sdohlp.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\devmgr.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00483328 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00480768 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00409600 _____ (Microsoft Corporation) C:\Windows\system32\QAGENTRT.DLL
2014-01-17 18:14 - 2009-04-11 08:11 - 00402944 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\P2PGraph.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\wevtapi.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\w32time.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\es.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\srchadmin.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\iassdo.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00289768 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00264704 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00238592 _____ (Microsoft Corporation) C:\Windows\system32\WcnNetsh.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00238592 _____ (Microsoft Corporation) C:\Windows\system32\sperror.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00238080 _____ (Microsoft Corporation) C:\Windows\system32\spoolss.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\msctfp.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\iasrecst.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\nlhtml.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\korwbrkr.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\spwizui.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\SLC.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\EhStorAPI.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayDriverLib.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayServices.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\EhStorShell.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00121856 _____ () C:\Windows\system32\EhStorAuthn.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\fdBth.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\slwmi.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\propdefs.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairingProxy.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\EhStorPwdMgr.dll
2014-01-17 18:14 - 2009-04-11 08:11 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\fdBthProxy.dll
2014-01-17 18:14 - 2009-04-11 08:10 - 03433472 _____ (Microsoft Corporation) C:\Windows\system32\dfsr.exe
2014-01-17 18:14 - 2009-04-11 08:10 - 03079168 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-01-17 18:14 - 2009-04-11 08:10 - 02715136 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe
2014-01-17 18:14 - 2009-04-11 08:10 - 00967168 _____ (Microsoft Corporation) C:\Windows\system32\mblctr.exe
2014-01-17 18:14 - 2009-04-11 08:10 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\Magnify.exe
2014-01-17 18:14 - 2009-04-11 08:10 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2014-01-17 18:14 - 2009-04-11 08:10 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\dpapimig.exe
2014-01-17 18:14 - 2009-04-11 08:10 - 00435712 _____ (Microsoft Corporation) C:\Windows\system32\spinstall.exe
2014-01-17 18:14 - 2009-04-11 08:10 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\SLUI.exe
2014-01-17 18:14 - 2009-04-11 08:10 - 00384512 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2014-01-17 18:14 - 2009-04-11 08:10 - 00280064 _____ (Microsoft Corporation) C:\Windows\system32\eudcedit.exe
2014-01-17 18:14 - 2009-04-11 08:10 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2014-01-17 18:14 - 2009-04-11 08:10 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\PresentationSettings.exe
2014-01-17 18:14 - 2009-04-11 08:10 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\spreview.exe
2014-01-17 18:14 - 2009-04-11 08:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2014-01-17 18:14 - 2009-04-11 08:10 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairingWizard.exe
2014-01-17 18:14 - 2009-04-11 08:10 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\compcln.exe
2014-01-17 18:14 - 2009-04-11 08:09 - 00840704 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2014-01-17 18:14 - 2009-04-11 08:09 - 00668160 _____ (Microsoft Corporation) C:\Windows\system32\bthprops.cpl
2014-01-17 18:14 - 2009-04-11 08:05 - 01019904 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2014-01-17 18:14 - 2009-04-11 07:28 - 03174400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netshell.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 02241536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 02012160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\milcore.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 01985024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 01788416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 01730560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apds.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 01591296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 01589248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 01459200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 01381376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 01324032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browseui.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 01216000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuxiliaryDisplayCpl.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 01209856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 01112064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 01077248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00978432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00950784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RacEngn.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00807424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NaturalLanguage6.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00754688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00729600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-01-17 18:14 - 2009-04-11 07:28 - 00677376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imapi2fs.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00670720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00644608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\p2psvc.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00643072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl40.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00618496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00613888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2VDEC.DLL
2014-01-17 18:14 - 2009-04-11 07:28 - 00582144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SLCommDlg.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00469504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\newdev.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00466944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\riched20.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00454144 _____ (Microsoft) C:\Windows\SysWOW64\IasMigPlugin.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00409600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexch40.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00406528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp60.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00378368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imapi2.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2PGraph.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00324608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdohlp.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srchadmin.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00289792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spinstall.exe
2014-01-17 18:14 - 2009-04-11 07:28 - 00282624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\es.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00250368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtapi.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00241664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00228352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SLC.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00203264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sperror.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00165376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnNetsh.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwizui.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spoolss.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\korwbrkr.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00136192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlhtml.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EhStorAPI.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00119296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasrecst.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00117248 _____ () C:\Windows\SysWOW64\EhStorAuthn.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EhStorShell.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00112640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spreview.exe
2014-01-17 18:14 - 2009-04-11 07:28 - 00088064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdBth.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwmi.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmlfilter.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Storprop.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00054784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairingProxy.dll
2014-01-17 18:14 - 2009-04-11 07:28 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EhStorPwdMgr.dll
2014-01-17 18:14 - 2009-04-11 07:27 - 02926592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-01-17 18:14 - 2009-04-11 07:27 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe
2014-01-17 18:14 - 2009-04-11 07:27 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Magnify.exe
2014-01-17 18:14 - 2009-04-11 07:27 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bthprops.cpl
2014-01-17 18:14 - 2009-04-11 07:27 - 00463872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IasMigReader.exe
2014-01-17 18:14 - 2009-04-11 07:27 - 00441344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2014-01-17 18:14 - 2009-04-11 07:27 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eudcedit.exe
2014-01-17 18:14 - 2009-04-11 07:27 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2014-01-17 18:14 - 2009-04-11 07:27 - 00087552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2014-01-17 18:14 - 2009-04-11 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairingWizard.exe
2014-01-17 18:14 - 2009-04-11 07:26 - 00648704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-01-17 18:14 - 2009-04-11 07:26 - 00275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2014-01-17 18:14 - 2009-04-11 07:22 - 00883712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2014-01-17 18:14 - 2009-04-11 06:45 - 00700507 _____ () C:\Windows\system32\eaphost.tmf
2014-01-17 18:14 - 2009-04-11 06:42 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2014-01-17 18:14 - 2009-04-11 06:40 - 00471992 _____ () C:\Windows\system32\dot3.tmf
2014-01-17 18:14 - 2009-04-11 06:40 - 00395723 _____ () C:\Windows\system32\onex.tmf
2014-01-17 18:14 - 2009-04-11 06:39 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-01-17 18:14 - 2009-04-11 05:55 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2014-01-17 18:14 - 2009-04-11 05:55 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-01-17 18:14 - 2009-04-11 03:07 - 00107612 _____ () C:\Windows\system32\StructuredQuerySchema.bin
2014-01-17 18:14 - 2009-04-11 03:01 - 03662128 _____ () C:\Windows\system32\locale.nls
2014-01-17 18:14 - 2009-04-11 02:59 - 00107612 _____ () C:\Windows\SysWOW64\StructuredQuerySchema.bin
2014-01-17 18:14 - 2009-04-11 02:54 - 03662128 _____ () C:\Windows\SysWOW64\locale.nls
2014-01-17 18:14 - 2009-03-14 01:48 - 00594432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spsys.sys
2014-01-17 18:14 - 2009-03-07 02:11 - 00262552 _____ () C:\Windows\system32\systemsf.ebd
2014-01-17 18:14 - 2009-02-18 19:39 - 00171360 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-01-17 18:14 - 2009-02-18 19:38 - 00619864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-01-17 18:14 - 2009-02-18 19:38 - 00099680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-01-17 18:14 - 2009-02-18 19:38 - 00035168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardcpl.cpl
2014-01-17 18:13 - 2014-01-17 18:13 - 00000973 _____ () C:\Users\Public\Desktop\LibreOffice 4.1.lnk
2014-01-17 18:13 - 2009-04-11 08:15 - 00361448 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2014-01-17 18:13 - 2009-04-11 08:15 - 00215528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-01-17 18:13 - 2009-04-11 08:15 - 00178664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2014-01-17 18:13 - 2009-04-11 08:15 - 00166888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-01-17 18:13 - 2009-04-11 08:15 - 00123368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-01-17 18:13 - 2009-04-11 08:15 - 00029656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys
2014-01-17 18:13 - 2009-04-11 08:11 - 02570240 _____ (Microsoft Corporation) C:\Windows\system32\milcore.dll
2014-01-17 18:13 - 2009-04-11 08:11 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wlanpref.dll
2014-01-17 18:13 - 2009-04-11 08:11 - 01538560 _____ (Microsoft Corporation) C:\Windows\system32\brcpl.dll
2014-01-17 18:13 - 2009-04-11 08:11 - 01234432 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2014-01-17 18:13 - 2009-04-11 08:11 - 01074176 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2014-01-17 18:13 - 2009-04-11 08:11 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-01-17 18:13 - 2009-04-11 08:11 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\azroles.dll
2014-01-17 18:13 - 2009-04-11 08:11 - 00810496 _____ (Microsoft Corporation) C:\Windows\system32\CertEnrollUI.dll
2014-01-17 18:13 - 2009-04-11 08:11 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\wiaservc.dll
2014-01-17 18:13 - 2009-04-11 08:11 - 00539136 _____ (Microsoft Corporation) C:\Windows\system32\RelMon.dll
2014-01-17 18:13 - 2009-04-11 08:11 - 00533504 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2014-01-17 18:13 - 2009-04-11 08:11 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2014-01-17 18:13 - 2009-04-11 08:11 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2014-01-17 18:13 - 2009-04-11 08:11 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-01-17 18:13 - 2009-04-11 08:11 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\mtxclu.dll
2014-01-17 18:13 - 2009-04-11 08:11 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2014-01-17 18:13 - 2009-04-11 08:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2014-01-17 18:13 - 2009-04-11 08:11 - 00307712 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2014-01-17 18:13 - 2009-04-11 08:11 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
2014-01-17 18:13 - 2009-04-11 08:11 - 00280064 _____ (Microsoft Corporation) C:\Windows\system32\offfilt.dll
2014-01-17 18:13 - 2009-04-11 08:11 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\wevtutil.exe
2014-01-17 18:13 - 2009-04-11 08:11 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\iassam.dll
2014-01-17 18:13 - 2009-04-11 08:11 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\adsldpc.dll
2014-01-17 18:13 - 2009-04-11 08:11 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2014-01-17 18:13 - 2009-04-11 08:11 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\newdev.dll
2014-01-17 18:13 - 2009-04-11 08:11 - 00213504 _____ (Microsoft Corporation) C:\Windows\system32\iasnap.dll
2014-01-17 18:13 - 2009-04-11 08:11 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\pnpsetup.dll
2014-01-17 18:13 - 2009-04-11 08:11 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\MMDevAPI.dll
2014-01-17 18:13 - 2009-04-11 08:11 - 00198144 _____ (Microsoft Corporation) C:\Windows\system32\iasrad.dll
2014-01-17 18:13 - 2009-04-11 08:11 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2014-01-17 18:13 - 2009-04-11 08:11 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\fundisc.dll
2014-01-17 18:13 - 2009-04-11 08:11 - 00163328 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-01-17 18:13 - 2009-04-11 08:11 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2014-01-17 18:13 - 2009-04-11 08:11 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\imapi.dll
2014-01-17 18:13 - 2009-04-11 08:11 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\sysclass.dll
2014-01-17 18:13 - 2009-04-11 08:11 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2014-01-17 18:13 - 2009-04-11 08:11 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2014-01-17 18:13 - 2009-04-11 08:11 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\fdProxy.dll
2014-01-17 18:13 - 2009-04-11 08:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\bthserv.dll
2014-01-17 18:13 - 2009-04-11 08:11 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\msscb.dll
2014-01-17 18:13 - 2009-04-11 08:11 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\rtffilt.dll
2014-01-17 18:13 - 2009-04-11 08:11 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\mimefilt.dll
2014-01-17 18:13 - 2009-04-11 08:10 - 00776192 _____ (Microsoft Corporation) C:\Windows\system32\sethc.exe
2014-01-17 18:13 - 2009-04-11 08:10 - 00488960 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2014-01-17 18:13 - 2009-04-11 08:10 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2014-01-17 18:13 - 2009-04-11 08:10 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\reg.exe
2014-01-17 18:13 - 2009-04-11 08:09 - 01321472 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
2014-01-17 18:13 - 2009-04-11 08:09 - 00475648 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2014-01-17 18:13 - 2009-04-11 07:28 - 02167808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll
2014-01-17 18:13 - 2009-04-11 07:28 - 01856512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2014-01-17 18:13 - 2009-04-11 07:28 - 01533440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcnwiz.dll
2014-01-17 18:13 - 2009-04-11 07:28 - 01382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2014-01-17 18:13 - 2009-04-11 07:28 - 00996352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMNetMgr.dll
2014-01-17 18:13 - 2009-04-11 07:28 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswdat10.dll
2014-01-17 18:13 - 2009-04-11 07:28 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2014-01-17 18:13 - 2009-04-11 07:28 - 00560640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdtcprx.dll
2014-01-17 18:13 - 2009-04-11 07:28 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqlsrv32.dll
2014-01-17 18:13 - 2009-04-11 07:28 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-01-17 18:13 - 2009-04-11 07:28 - 00450560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2014-01-17 18:13 - 2009-04-11 07:28 - 00413696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
2014-01-17 18:13 - 2009-04-11 07:28 - 00396288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ipsmsnap.dll
2014-01-17 18:13 - 2009-04-11 07:28 - 00378368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devmgr.dll
2014-01-17 18:13 - 2009-04-11 07:28 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-01-17 18:13 - 2009-04-11 07:28 - 00323584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-01-17 18:13 - 2009-04-11 07:28 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2014-01-17 18:13 - 2009-04-11 07:28 - 00310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxclu.dll
2014-01-17 18:13 - 2009-04-11 07:28 - 00287744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2014-01-17 18:13 - 2009-04-11 07:28 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsldpc.dll
2014-01-17 18:13 - 2009-04-11 07:28 - 00183808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2014-01-17 18:13 - 2009-04-11 07:28 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtutil.exe
2014-01-17 18:13 - 2009-04-11 07:28 - 00153088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fundisc.dll
2014-01-17 18:13 - 2009-04-11 07:28 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MMDevAPI.dll
2014-01-17 18:13 - 2009-04-11 07:28 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2014-01-17 18:13 - 2009-04-11 07:28 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2014-01-17 18:13 - 2009-04-11 07:28 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctfp.dll
2014-01-17 18:13 - 2009-04-11 07:28 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propdefs.dll
2014-01-17 18:13 - 2009-04-11 07:28 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter40.dll
2014-01-17 18:13 - 2009-04-11 07:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2014-01-17 18:13 - 2009-04-11 07:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msstrc.dll
2014-01-17 18:13 - 2009-04-11 07:28 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mimefilt.dll
2014-01-17 18:13 - 2009-04-11 07:28 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtffilt.dll
2014-01-17 18:13 - 2009-04-11 07:28 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscb.dll
2014-01-17 18:13 - 2009-04-11 07:28 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hidserv.dll
2014-01-17 18:13 - 2009-04-11 07:28 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2014-01-17 18:13 - 2009-04-11 07:28 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdBthProxy.dll
2014-01-17 18:13 - 2009-04-11 07:27 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
2014-01-17 18:13 - 2009-04-11 07:27 - 00279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\services.exe
2014-01-17 18:13 - 2009-04-11 07:27 - 00241128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2014-01-17 18:13 - 2009-04-11 07:27 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2014-01-17 18:13 - 2009-04-11 07:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\reg.exe
2014-01-17 18:13 - 2009-04-11 07:23 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2014-01-17 18:13 - 2009-04-11 07:23 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2014-01-17 18:13 - 2009-04-11 07:23 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2014-01-17 18:13 - 2009-04-11 07:22 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2014-01-17 18:13 - 2009-04-11 07:22 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2014-01-17 18:13 - 2009-04-11 06:43 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys
2014-01-17 18:13 - 2009-04-11 06:43 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2014-01-17 18:13 - 2009-04-11 06:43 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys
2014-01-17 18:13 - 2009-04-11 05:52 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-01-17 18:13 - 2009-04-11 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-01-17 18:13 - 2009-03-30 05:42 - 00080720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-01-17 18:13 - 2009-02-18 19:40 - 00034624 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-01-17 18:13 - 2009-02-18 19:39 - 00035680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-01-17 18:12 - 2009-04-11 08:15 - 00408024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
2014-01-17 18:12 - 2009-04-11 08:15 - 00325608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2014-01-17 18:12 - 2009-04-11 08:15 - 00310760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2014-01-17 18:12 - 2009-04-11 08:15 - 00155112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
2014-01-17 18:12 - 2009-04-11 08:15 - 00067048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2014-01-17 18:12 - 2009-04-11 08:15 - 00067032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-01-17 18:12 - 2009-04-11 08:15 - 00062440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
2014-01-17 18:12 - 2009-04-11 08:15 - 00059880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys
2014-01-17 18:12 - 2009-04-11 08:15 - 00055272 _____ (Microsoft Corporation) C:\Windows\system32\PSHED.DLL
2014-01-17 18:12 - 2009-04-11 08:15 - 00049640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciidex.sys
2014-01-17 18:12 - 2009-04-11 08:15 - 00039400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2014-01-17 18:12 - 2009-04-11 08:15 - 00029656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys
2014-01-17 18:12 - 2009-04-11 08:15 - 00020952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys
2014-01-17 18:12 - 2009-04-11 08:15 - 00019432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spldr.sys
2014-01-17 18:12 - 2009-04-11 08:11 - 06100480 _____ (Microsoft Corporation) C:\Windows\system32\chtbrkr.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 03235328 _____ (Microsoft Corporation) C:\Windows\system32\networkmap.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 02680832 _____ (Microsoft Corporation) C:\Windows\system32\accessibilitycpl.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 02420224 _____ (Microsoft Corporation) C:\Windows\system32\netcenter.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 02024960 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 01891840 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2014-01-17 18:12 - 2009-04-11 08:11 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\wpccpl.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 01740288 _____ (Microsoft Corporation) C:\Windows\system32\onex.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 01691648 _____ (Microsoft Corporation) C:\Windows\system32\connect.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 01676800 _____ (Microsoft Corporation) C:\Windows\system32\chsbrkr.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 01444352 _____ (Microsoft Corporation) C:\Windows\system32\PerfCenterCPL.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 01382912 _____ (Microsoft Corporation) C:\Windows\system32\sud.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 01301504 _____ (Microsoft Corporation) C:\Windows\system32\themecpl.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 01279488 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 01110528 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 01093120 _____ (Microsoft Corporation) C:\Windows\system32\pidgenx.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 01035776 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00995328 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00980480 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00911872 _____ (Microsoft Corporation) C:\Windows\system32\rasdlg.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00898560 _____ (Microsoft Corporation) C:\Windows\system32\powercpl.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00810496 _____ (Microsoft Corporation) C:\Windows\system32\slcc.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00785920 _____ (Microsoft Corporation) C:\Windows\system32\Utilman.exe
2014-01-17 18:12 - 2009-04-11 08:11 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00691712 _____ (Microsoft Corporation) C:\Windows\system32\pnpui.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\wpcao.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\autoplay.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\pcaui.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00589312 _____ (Microsoft Corporation) C:\Windows\system32\ncryptui.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vdsdyn.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\dsound.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00387072 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\tapisrv.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\modemui.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00302080 _____ (Microsoft Corporation) C:\Windows\system32\scansetting.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2014-01-17 18:12 - 2009-04-11 08:11 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00238080 _____ (Microsoft Corporation) C:\Windows\system32\tcpipcfg.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\dskquoui.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\scecli.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\dot3svc.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\regsvc.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00200704 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\spp.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00178176 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\imm32.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00161280 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll

Twentyflux · 13.02.2014, 19:03

FRST Teil II

Code:

ATTFilter

2014-01-17 18:12 - 2009-04-11 08:11 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\ntmarta.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00153064 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-01-17 18:12 - 2009-04-11 08:11 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\SCardSvr.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\mstlsapi.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\ulib.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\IPHLPAPI.DLL
2014-01-17 18:12 - 2009-04-11 08:11 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\powrprof.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\console.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\wshext.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\regapi.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\iassvcs.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iashlpr.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mpr.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\iasads.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\SLUINotify.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\iasacct.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\feclient.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\iasdatastore.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\wshbth.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\perfdisk.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\wsepno.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\msisip.dll
2014-01-17 18:12 - 2009-04-11 08:11 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\spcmsg.dll
2014-01-17 18:12 - 2009-04-11 08:10 - 00593408 _____ (Microsoft Corporation) C:\Windows\system32\mspaint.exe
2014-01-17 18:12 - 2009-04-11 08:10 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\diskraid.exe
2014-01-17 18:12 - 2009-04-11 08:10 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-01-17 18:12 - 2009-04-11 08:10 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\diskpart.exe
2014-01-17 18:12 - 2009-04-11 08:10 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\dwm.exe
2014-01-17 18:12 - 2009-04-11 08:10 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\hdwwiz.exe
2014-01-17 18:12 - 2009-04-11 08:10 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\newdev.exe
2014-01-17 18:12 - 2009-04-11 08:10 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2014-01-17 18:12 - 2009-04-11 08:10 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\drvinst.exe
2014-01-17 18:12 - 2009-04-11 08:10 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\TSTheme.exe
2014-01-17 18:12 - 2009-04-11 08:10 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\DeviceEject.exe
2014-01-17 18:12 - 2009-04-11 08:09 - 01060352 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
2014-01-17 18:12 - 2009-04-11 08:09 - 00750592 _____ (Microsoft Corporation) C:\Windows\system32\autoconv.exe
2014-01-17 18:12 - 2009-04-11 08:09 - 00734720 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe
2014-01-17 18:12 - 2009-04-11 08:09 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\autofmt.exe
2014-01-17 18:12 - 2009-04-11 08:09 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Kswdmcap.ax
2014-01-17 18:12 - 2009-04-11 08:05 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2014-01-17 18:12 - 2009-04-11 07:28 - 02225664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcenter.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 02205184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncCenter.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 01823744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pnidui.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 01671680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chsbrkr.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 01575936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2014-01-17 18:12 - 2009-04-11 07:28 - 01541120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\onex.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 01502720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certmgr.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 01107968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pidgenx.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 01020928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00971264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00876032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00869888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00860160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2014-01-17 18:12 - 2009-04-11 07:28 - 00825856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdlg.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00759296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ipsecsnp.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00757248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\azroles.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00638976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Utilman.exe
2014-01-17 18:12 - 2009-04-11 07:28 - 00633856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnrollUI.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00593408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comuid.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00551936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnntfy.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00507904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vdsdyn.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00444416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsound.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00399360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlangpui.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00396800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00368640 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RelMon.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00314368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winlogon.exe
2014-01-17 18:12 - 2009-04-11 07:28 - 00286720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iassdo.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00242176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscntfy.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00217088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2014-01-17 18:12 - 2009-04-11 07:28 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00197632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVol.exe
2014-01-17 18:12 - 2009-04-11 07:28 - 00194560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offfilt.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iassam.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00181760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pnpsetup.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00171008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasrad.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasnap.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spp.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00140800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-01-17 18:12 - 2009-04-11 07:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00114688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00108544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imapi.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ulib.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IPHLPAPI.DLL
2014-01-17 18:12 - 2009-04-11 07:28 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshext.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iassvcs.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iashlpr.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasdatastore.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdProxy.dll
2014-01-17 18:12 - 2009-04-11 07:28 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spcmsg.dll
2014-01-17 18:12 - 2009-04-11 07:27 - 01122304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
2014-01-17 18:12 - 2009-04-11 07:27 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoconv.exe
2014-01-17 18:12 - 2009-04-11 07:27 - 00643072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe
2014-01-17 18:12 - 2009-04-11 07:27 - 00636416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autofmt.exe
2014-01-17 18:12 - 2009-04-11 07:27 - 00627200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sethc.exe
2014-01-17 18:12 - 2009-04-11 07:27 - 00389632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2014-01-17 18:12 - 2009-04-11 07:27 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskraid.exe
2014-01-17 18:12 - 2009-04-11 07:27 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-01-17 18:12 - 2009-04-11 07:27 - 00130024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2014-01-17 18:12 - 2009-04-11 07:27 - 00119808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskpart.exe
2014-01-17 18:12 - 2009-04-11 07:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Kswdmcap.ax
2014-01-17 18:12 - 2009-04-11 07:27 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\audiodg.exe
2014-01-17 18:12 - 2009-04-11 07:27 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2014-01-17 18:12 - 2009-04-11 07:27 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\findstr.exe
2014-01-17 18:12 - 2009-04-11 07:27 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2014-01-17 18:12 - 2009-04-11 07:26 - 00116224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imm32.dll
2014-01-17 18:12 - 2009-04-11 07:22 - 00413696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2014-01-17 18:12 - 2009-04-11 06:43 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-01-17 18:12 - 2009-04-11 06:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys
2014-01-17 18:12 - 2009-04-11 06:42 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2014-01-17 18:12 - 2009-04-11 06:39 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2014-01-17 18:12 - 2009-04-11 06:33 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2014-01-17 18:12 - 2009-04-11 05:54 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2014-01-17 18:12 - 2009-03-30 05:42 - 00155456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-01-17 18:12 - 2009-03-30 05:39 - 00154960 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-01-17 18:12 - 2009-03-30 05:39 - 00073024 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-01-17 18:12 - 2009-02-18 19:41 - 00092918 _____ () C:\Windows\system32\slmgr.vbs
2014-01-17 18:12 - 2009-02-18 19:39 - 00092918 _____ () C:\Windows\SysWOW64\slmgr.vbs
2014-01-17 18:11 - 2014-01-17 18:13 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-01-17 18:11 - 2009-04-11 08:11 - 03341312 _____ (Microsoft Corporation) C:\Windows\system32\netshell.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 02575360 _____ (Microsoft Corporation) C:\Windows\system32\SyncCenter.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 02535424 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 02438656 _____ (Microsoft Corporation) C:\Windows\system32\oobefldr.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 02247168 _____ (Microsoft Corporation) C:\Windows\system32\networkexplorer.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\WMPEncEn.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00946176 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2014-01-17 18:11 - 2009-04-11 08:11 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00688128 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00669184 _____ (Microsoft Corporation) C:\Windows\system32\wiaaut.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00644608 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2014-01-17 18:11 - 2009-04-11 08:11 - 00622592 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2014-01-17 18:11 - 2009-04-11 08:11 - 00616448 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00606208 _____ (Microsoft Corporation) C:\Windows\system32\riched20.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00557056 _____ (Microsoft Corporation) C:\Windows\system32\wmpeffects.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00539136 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmdev.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00521216 _____ (Microsoft Corporation) C:\Windows\system32\cmdial32.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\wlangpui.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00474624 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00458240 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2014-01-17 18:11 - 2009-04-11 08:11 - 00434176 _____ (Microsoft Corporation) C:\Windows\system32\wmpps.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmnet.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00403456 _____ (Microsoft Corporation) C:\Windows\system32\MediaMetadataHandler.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\rasplap.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00365568 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\thawbrkr.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\rasppp.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\raschap.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00291840 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\mscandui.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\mstask.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\wscntfy.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\msutb.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\wpdwcn.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00221696 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\wlanui.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\rasmontr.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\mdminst.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\netplwiz.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\MSAC3ENC.DLL
2014-01-17 18:11 - 2009-04-11 08:11 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\tcpmon.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\dsprop.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00163328 _____ (Microsoft Corporation) C:\Windows\system32\fontext.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\softkbd.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\mydocs.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\mprapi.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00116736 _____ (Microsoft) C:\Windows\system32\SMBHelperClass.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\oleprn.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\msctfui.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\btpanui.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\wlgpclnt.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\dot3msm.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\fdWCN.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\fdSSDP.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\fdWSD.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\PNPXAssoc.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\Storprop.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\dot3cfg.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\vss_ps.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\l2nacp.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\rshx32.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\networkitemfactory.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\hbaapi.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\deskadp.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\dataclen.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\slcinst.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\deskmon.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\bthci.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\bitsigd.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\odbcconf.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msimtf.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\cscapi.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\iaspolcy.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\ifmon.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\whealogr.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\uxsms.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\cscdll.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\version.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\MsCtfMonitor.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\wsdchngr.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\NcdProp.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\hidserv.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\wscisvif.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\midimap.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\spwinsat.dll
2014-01-17 18:11 - 2009-04-11 08:11 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\CHxReadingStringIME.dll
2014-01-17 18:11 - 2009-04-11 08:10 - 00339968 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-01-17 18:11 - 2009-04-11 08:10 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\certreq.exe
2014-01-17 18:11 - 2009-04-11 08:10 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SLLUA.exe
2014-01-17 18:11 - 2009-04-11 08:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\SndVol.exe
2014-01-17 18:11 - 2009-04-11 08:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\logagent.exe
2014-01-17 18:11 - 2009-04-11 08:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\conime.exe
2014-01-17 18:11 - 2009-04-11 08:10 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\cipher.exe
2014-01-17 18:11 - 2009-04-11 08:10 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\PnPUnattend.exe
2014-01-17 18:11 - 2009-04-11 08:10 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\cmmon32.exe
2014-01-17 18:11 - 2009-04-11 08:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\rekeywiz.exe
2014-01-17 18:11 - 2009-04-11 08:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ftp.exe
2014-01-17 18:11 - 2009-04-11 08:10 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cbsra.exe
2014-01-17 18:11 - 2009-04-11 08:10 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\ocsetup.exe
2014-01-17 18:11 - 2009-04-11 08:10 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\PnPutil.exe
2014-01-17 18:11 - 2009-04-11 08:10 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\bthudtask.exe
2014-01-17 18:11 - 2009-04-11 08:10 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\findstr.exe
2014-01-17 18:11 - 2009-04-11 08:10 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\fc.exe
2014-01-17 18:11 - 2009-04-11 08:10 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\rasdial.exe
2014-01-17 18:11 - 2009-04-11 08:09 - 01738752 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
2014-01-17 18:11 - 2009-04-11 08:09 - 00320000 _____ (Microsoft Corporation) C:\Windows\system32\unimdm.tsp
2014-01-17 18:11 - 2009-04-11 08:09 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\wdmaud.drv
2014-01-17 18:11 - 2009-04-11 08:09 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax
2014-01-17 18:11 - 2009-04-11 08:09 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\msacm32.drv
2014-01-17 18:11 - 2009-04-11 07:28 - 06103040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chtbrkr.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 03072000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\networkmap.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 02515968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\accessibilitycpl.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 02226688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\networkexplorer.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 02153472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oobefldr.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 01671680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanpref.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 01645568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\connect.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 01642496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPEncEn.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 01544704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PerfCenterCPL.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 01224192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sud.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 01152000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themecpl.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 01123840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00842240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\systemcpl.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00777216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slcc.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00758784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2014-01-17 18:11 - 2009-04-11 07:28 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powercpl.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00657408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2014-01-17 18:11 - 2009-04-11 07:28 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasgcw.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00547840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiaaut.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00542720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00533504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00532992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpcao.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00516608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoplay.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2014-01-17 18:11 - 2009-04-11 07:28 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmdial32.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00464384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pcaui.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00445952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptui.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00425472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shwebsvc.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmdev.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasplap.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00356864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MediaMetadataHandler.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00347648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmnet.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\thawbrkr.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpeffects.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00288256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\modemui.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00284672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00281088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\raschap.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasppp.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scansetting.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tapisrv.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00218624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscandui.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00217600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdwcn.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00202752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanui.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00187904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00180736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netplwiz.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00178176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00177664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDMon.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00177152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scecli.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00170496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tcpipcfg.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00166400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00163328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msutb.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSAC3ENC.DLL
2014-01-17 18:11 - 2009-04-11 07:28 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmontr.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontext.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpcsvc.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsprop.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00135680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tcpmon.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00134656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00131072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpps.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vdsutil.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\softkbd.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00121344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntmarta.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00105472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmsynth.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmusic.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00101376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsetup.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powrprof.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00097792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleprn.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00097792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprapi.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SCardSvr.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00085504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctfui.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstlsapi.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00083456 _____ (Microsoft) C:\Windows\SysWOW64\SMBHelperClass.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlgpclnt.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3msm.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sendmail.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWCN.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpr.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdSSDP.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\regapi.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWSD.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasacct.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasads.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00054784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\feclient.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00053760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdeploy.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmci.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsnmp32.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3cfg.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\l2nacp.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dataclen.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slcinst.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hbaapi.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcconf.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\networkitemfactory.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSTheme.exe
2014-01-17 18:11 - 2009-04-11 07:28 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshbth.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iaspolcy.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfdisk.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscapi.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\whealogr.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimtf.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ifmon.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscdll.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsdchngr.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\version.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrnr.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NcdProp.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00019456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsCtfMonitor.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscisvif.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vdmdbg.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\midimap.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msisip.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcico.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwinsat.dll
2014-01-17 18:11 - 2009-04-11 07:28 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CHxReadingStringIME.dll
2014-01-17 18:11 - 2009-04-11 07:27 - 01689600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
2014-01-17 18:11 - 2009-04-11 07:27 - 01102848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl
2014-01-17 18:11 - 2009-04-11 07:27 - 00408064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2014-01-17 18:11 - 2009-04-11 07:27 - 00407040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapimig.exe
2014-01-17 18:11 - 2009-04-11 07:27 - 00280064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unimdm.tsp
2014-01-17 18:11 - 2009-04-11 07:27 - 00215552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certreq.exe
2014-01-17 18:11 - 2009-04-11 07:27 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdmaud.drv
2014-01-17 18:11 - 2009-04-11 07:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpresult.exe
2014-01-17 18:11 - 2009-04-11 07:27 - 00094720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logagent.exe
2014-01-17 18:11 - 2009-04-11 07:27 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nslookup.exe
2014-01-17 18:11 - 2009-04-11 07:27 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSNP.ax
2014-01-17 18:11 - 2009-04-11 07:27 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hdwwiz.exe
2014-01-17 18:11 - 2009-04-11 07:27 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\newdev.exe
2014-01-17 18:11 - 2009-04-11 07:27 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
2014-01-17 18:11 - 2009-04-11 07:27 - 00058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cipher.exe
2014-01-17 18:11 - 2009-04-11 07:27 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmmon32.exe
2014-01-17 18:11 - 2009-04-11 07:27 - 00043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rekeywiz.exe
2014-01-17 18:11 - 2009-04-11 07:27 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ftp.exe
2014-01-17 18:11 - 2009-04-11 07:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ocsetup.exe
2014-01-17 18:11 - 2009-04-11 07:27 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bthudtask.exe
2014-01-17 18:11 - 2009-04-11 07:27 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ipconfig.exe
2014-01-17 18:11 - 2009-04-11 07:27 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msacm32.drv
2014-01-17 18:11 - 2009-04-11 07:27 - 00019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fc.exe
2014-01-17 18:11 - 2009-04-11 07:27 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdial.exe
2014-01-17 18:11 - 2009-04-11 07:27 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpupdate.exe
2014-01-17 18:11 - 2009-04-11 07:23 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2014-01-17 18:11 - 2009-04-11 07:23 - 00089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2014-01-17 18:11 - 2009-04-11 06:44 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys
2014-01-17 18:11 - 2009-04-11 06:43 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2014-01-17 18:11 - 2009-04-11 06:43 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rassstp.sys
2014-01-17 18:11 - 2009-04-11 06:43 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2014-01-17 18:11 - 2009-04-11 06:42 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2014-01-17 18:11 - 2009-04-11 06:42 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smb.sys
2014-01-17 18:11 - 2009-04-11 06:40 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2014-01-17 18:11 - 2009-04-11 06:39 - 00068224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2014-01-17 18:11 - 2009-04-11 06:39 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-01-17 18:11 - 2009-04-11 06:39 - 00032640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys
2014-01-17 18:11 - 2009-04-11 06:39 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2014-01-17 18:11 - 2009-04-11 06:36 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\iscsilog.dll
2014-01-17 18:11 - 2009-04-11 06:34 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys
2014-01-17 18:11 - 2009-04-11 06:34 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-01-17 18:11 - 2009-04-11 06:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxg.sys
2014-01-17 18:11 - 2009-04-11 06:09 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys
2014-01-17 18:11 - 2009-04-11 05:54 - 00299008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2014-01-17 18:11 - 2009-04-11 05:54 - 00198144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-01-17 18:11 - 2009-04-11 05:54 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2014-01-17 18:11 - 2009-02-20 01:20 - 00009239 _____ () C:\Windows\SysWOW64\spcinstrumentation.man
2014-01-17 18:11 - 2009-02-20 01:20 - 00009239 _____ () C:\Windows\system32\spcinstrumentation.man
2014-01-17 18:11 - 2009-02-20 01:20 - 00009212 _____ () C:\Windows\SysWOW64\RacUR.xml
2014-01-17 18:11 - 2009-02-20 01:20 - 00009212 _____ () C:\Windows\system32\RacUR.xml
2014-01-17 18:11 - 2009-02-18 19:39 - 00009048 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-01-17 18:11 - 2009-02-18 19:38 - 00009048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-01-17 18:10 - 2009-04-11 08:11 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-01-17 18:10 - 2009-04-11 08:04 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\f3ahvoas.dll
2014-01-17 18:10 - 2009-04-11 07:28 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvstore.dll
2014-01-17 18:10 - 2009-04-11 07:28 - 00218624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdscore.dll
2014-01-17 18:10 - 2009-04-11 07:26 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\f3ahvoas.dll
2014-01-17 18:10 - 2009-04-11 06:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspppoe.sys
2014-01-17 18:10 - 2009-04-11 06:15 - 00002560 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2014-01-17 18:10 - 2009-04-11 05:27 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2014-01-17 18:10 - 2009-02-18 19:45 - 00000153 _____ () C:\Windows\system32\RacUREx.xml
2014-01-17 18:10 - 2009-02-18 19:43 - 00000153 _____ () C:\Windows\SysWOW64\RacUREx.xml
2014-01-17 18:08 - 2009-04-11 08:11 - 00936448 _____ (Microsoft Corporation) C:\Windows\system32\SmiEngine.dll
2014-01-17 18:08 - 2009-04-11 08:11 - 00315904 _____ (Microsoft Corporation) C:\Windows\system32\drvstore.dll
2014-01-17 18:08 - 2009-04-11 08:11 - 00293888 _____ (Microsoft Corporation) C:\Windows\system32\wdscore.dll
2014-01-17 18:08 - 2009-04-11 08:10 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\PkgMgr.exe
2014-01-17 18:07 - 2014-01-17 18:07 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\AVAST Software
2014-01-17 17:43 - 2014-02-12 10:09 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-17 17:43 - 2014-01-24 01:24 - 00001829 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-17 17:42 - 2014-01-24 01:23 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-17 17:42 - 2014-01-24 01:23 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-17 17:42 - 2014-01-24 01:23 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-17 17:42 - 2014-01-24 01:23 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-17 17:42 - 2014-01-24 01:23 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-01-17 17:42 - 2014-01-24 01:23 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-01-17 17:42 - 2014-01-24 01:23 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-17 17:42 - 2014-01-17 18:07 - 215965696 _____ () C:\Users\Regina\Downloads\LibreOffice_4.1.4_Win_x86.msi
2014-01-17 17:42 - 2014-01-17 17:42 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-01-17 17:42 - 2014-01-17 17:42 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-17 17:41 - 2014-01-17 17:41 - 00000000 ____D () C:\Program Files\AVAST Software
2014-01-17 17:40 - 2014-01-17 17:41 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-01-17 17:35 - 2014-01-17 17:39 - 91412976 _____ (AVAST Software) C:\Users\Regina\Downloads\avast_free_antivirus_setup.exe
2014-01-17 17:16 - 2014-01-17 17:16 - 00812628 _____ () C:\Windows\dd_NET_Framework35_LangPack_MSI489E.txt
2014-01-17 17:15 - 2014-01-17 17:16 - 00076342 _____ () C:\Windows\dd_dotnetfx35install_lp.txt
2014-01-17 17:15 - 2014-01-17 17:16 - 00036116 _____ () C:\Windows\dd_depcheck_NETFX_EXP_35.txt
2014-01-17 17:15 - 2014-01-17 17:15 - 00000002 _____ () C:\Windows\dd_dotnetfx35error_lp.txt
2014-01-17 17:15 - 2009-11-08 10:55 - 01942856 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-01-17 17:15 - 2009-11-08 10:55 - 01130824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-01-17 17:15 - 2009-11-08 10:55 - 00444752 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2014-01-17 17:15 - 2009-11-08 10:55 - 00320352 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2014-01-17 17:15 - 2009-11-08 10:55 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2014-01-17 17:15 - 2009-11-08 10:55 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2014-01-17 17:15 - 2009-11-08 10:55 - 00109912 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2014-01-17 17:15 - 2009-11-08 10:55 - 00099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2014-01-17 17:15 - 2009-11-08 10:55 - 00049472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2014-01-17 17:15 - 2009-11-08 10:55 - 00048960 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2014-01-17 16:25 - 2010-09-06 19:28 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2014-01-17 16:25 - 2010-09-06 19:28 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2014-01-17 16:25 - 2010-09-06 19:27 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2014-01-17 16:25 - 2010-09-06 17:20 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2014-01-17 16:25 - 2010-09-06 17:19 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2014-01-17 16:24 - 2008-02-29 07:42 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\kbd106n.dll
2014-01-17 16:24 - 2008-02-29 07:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbd106n.dll
2014-01-17 15:52 - 2014-01-17 15:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-17 15:29 - 2014-01-17 15:29 - 00003164 _____ () C:\Windows\System32\Tasks\CreateChoiceProcessTask
2014-01-17 15:29 - 2014-01-17 15:29 - 00001589 _____ () C:\Users\Public\Desktop\Browserwahl.lnk
2014-01-17 15:24 - 2014-01-17 15:24 - 00000000 ____D () C:\Windows\SysWOW64\WindowsPowerShell
2014-01-17 15:24 - 2014-01-17 15:24 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell
2014-01-17 15:02 - 2008-05-27 05:59 - 00018904 _____ () C:\Windows\SysWOW64\StructuredQuerySchemaTrivial.bin
2014-01-17 15:02 - 2008-05-27 05:59 - 00018904 _____ () C:\Windows\system32\StructuredQuerySchemaTrivial.bin
2014-01-17 15:02 - 2007-11-08 10:04 - 11967524 _____ () C:\Windows\SysWOW64\korwbrkr.lex
2014-01-17 15:02 - 2007-11-08 10:04 - 11967524 _____ () C:\Windows\system32\korwbrkr.lex
2014-01-17 14:18 - 2013-12-18 06:13 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-17 13:29 - 2010-02-24 10:28 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2014-01-17 13:22 - 2010-02-21 00:15 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\nshhttp.dll
2014-01-17 13:22 - 2010-02-21 00:14 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\httpapi.dll
2014-01-17 13:22 - 2010-02-21 00:06 - 00024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshhttp.dll
2014-01-17 13:22 - 2010-02-21 00:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\httpapi.dll
2014-01-17 13:22 - 2010-02-20 22:30 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2014-01-17 13:11 - 2009-10-09 22:56 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-01-17 13:11 - 2009-10-09 22:56 - 00246272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-01-17 13:11 - 2009-10-09 22:56 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrscmd.dll
2014-01-17 13:11 - 2009-10-09 22:56 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-01-17 13:11 - 2009-10-09 22:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-01-17 13:11 - 2009-10-09 22:56 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pwrshplugin.dll
2014-01-17 13:11 - 2009-10-09 22:56 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrs.exe
2014-01-17 13:11 - 2009-10-09 22:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrshost.exe
2014-01-17 13:11 - 2009-10-09 22:56 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2014-01-17 13:11 - 2009-10-09 22:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2014-01-17 13:11 - 2009-10-09 22:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrssrv.dll
2014-01-17 13:11 - 2009-10-09 22:56 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrsmgr.dll
2014-01-17 13:11 - 2009-10-09 22:55 - 00252416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-01-17 13:11 - 2009-10-09 22:55 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtfwd.dll
2014-01-17 13:11 - 2009-10-09 22:55 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wecutil.exe
2014-01-17 13:11 - 2009-10-09 22:55 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wecapi.dll
2014-01-17 13:11 - 2009-10-09 22:55 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2014-01-17 13:11 - 2009-10-09 22:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-01-17 13:11 - 2009-10-09 22:36 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\pwrshplugin.dll
2014-01-17 13:11 - 2009-10-09 22:35 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-01-17 13:11 - 2009-10-09 22:35 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\winrs.exe
2014-01-17 13:11 - 2009-10-09 22:35 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\winrshost.exe
2014-01-17 13:11 - 2009-10-09 22:35 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2014-01-17 13:11 - 2009-10-09 22:35 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2014-01-17 13:11 - 2009-10-09 22:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\winrsmgr.dll
2014-01-17 13:11 - 2009-10-09 22:34 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\winrscmd.dll
2014-01-17 13:11 - 2009-10-09 22:34 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-01-17 13:11 - 2009-10-09 22:34 - 00348672 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-01-17 13:11 - 2009-10-09 22:34 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\wecsvc.dll
2014-01-17 13:11 - 2009-10-09 22:34 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-01-17 13:11 - 2009-10-09 22:34 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\wevtfwd.dll
2014-01-17 13:11 - 2009-10-09 22:34 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\wecutil.exe
2014-01-17 13:11 - 2009-10-09 22:34 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\wecapi.dll
2014-01-17 13:11 - 2009-10-09 22:34 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2014-01-17 13:11 - 2009-10-09 22:34 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\winrssrv.dll
2014-01-17 13:11 - 2009-08-01 07:27 - 00201184 _____ () C:\Windows\SysWOW64\winrm.vbs
2014-01-17 13:11 - 2009-08-01 07:27 - 00201184 _____ () C:\Windows\system32\winrm.vbs
2014-01-17 13:11 - 2009-07-16 18:30 - 00004675 _____ () C:\Windows\SysWOW64\wsmanconfig_schema.xml
2014-01-17 13:11 - 2009-07-16 18:30 - 00004675 _____ () C:\Windows\system32\wsmanconfig_schema.xml
2014-01-17 13:11 - 2009-07-16 18:30 - 00002426 _____ () C:\Windows\SysWOW64\WsmTxt.xsl
2014-01-17 13:11 - 2009-07-16 18:30 - 00002426 _____ () C:\Windows\system32\WsmTxt.xsl
2014-01-17 12:53 - 2009-08-14 17:04 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\netiohlp.dll
2014-01-17 12:53 - 2009-08-14 15:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\NETSTAT.EXE
2014-01-17 12:53 - 2009-08-14 15:10 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\ARP.EXE
2014-01-17 12:53 - 2009-08-14 15:10 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\ROUTE.EXE
2014-01-17 12:53 - 2009-08-14 15:10 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\MRINFO.EXE
2014-01-17 12:53 - 2009-08-14 15:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\finger.exe
2014-01-17 12:53 - 2009-08-14 15:10 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\TCPSVCS.EXE
2014-01-17 12:53 - 2009-08-14 15:10 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\HOSTNAME.EXE
2014-01-17 12:53 - 2009-08-14 14:49 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NETSTAT.EXE
2014-01-17 12:53 - 2009-08-14 14:49 - 00019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ARP.EXE
2014-01-17 12:53 - 2009-08-14 14:49 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ROUTE.EXE
2014-01-17 12:53 - 2009-08-14 14:49 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MRINFO.EXE
2014-01-17 12:53 - 2009-08-14 14:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\finger.exe
2014-01-17 12:53 - 2009-08-14 14:49 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TCPSVCS.EXE
2014-01-17 12:53 - 2009-08-14 14:49 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\HOSTNAME.EXE
2014-01-17 12:53 - 2009-08-14 14:48 - 00105984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netiohlp.dll
2014-01-17 12:53 - 2009-05-08 13:59 - 00818688 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2014-01-17 12:53 - 2009-05-08 13:53 - 00604672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2014-01-17 12:52 - 2010-09-13 17:13 - 13426688 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-01-17 12:52 - 2010-09-13 16:46 - 10627072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-01-17 12:52 - 2010-09-13 15:32 - 08147968 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-01-17 12:52 - 2010-09-13 14:56 - 08147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-01-17 12:52 - 2009-09-10 16:27 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\unregmp2.exe
2014-01-17 12:52 - 2009-09-10 15:58 - 00310784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unregmp2.exe
2014-01-17 12:52 - 2009-07-15 15:46 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-01-17 12:52 - 2009-07-15 15:46 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-01-17 12:52 - 2009-07-15 15:46 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-01-17 12:52 - 2009-07-15 13:39 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-01-17 12:52 - 2009-07-15 13:39 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-01-17 12:52 - 2009-07-15 13:39 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-01-17 12:51 - 2010-08-26 18:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2014-01-17 12:51 - 2010-08-26 17:37 - 00157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2014-01-17 12:51 - 2010-06-16 17:30 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-01-17 12:51 - 2010-06-16 16:30 - 00072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2014-01-17 12:51 - 2009-08-10 13:47 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-01-17 12:51 - 2009-08-10 13:35 - 00355328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-01-17 12:51 - 2009-07-11 20:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2014-01-17 12:51 - 2009-07-11 20:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2014-01-17 12:51 - 2009-07-11 20:11 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2014-01-17 12:51 - 2009-07-11 20:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2014-01-17 12:51 - 2009-07-11 20:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2014-01-17 12:51 - 2009-07-11 20:08 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\L2SecHC.dll
2014-01-17 12:51 - 2009-07-11 20:01 - 00302592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll
2014-01-17 12:51 - 2009-07-11 20:01 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2014-01-17 12:51 - 2009-07-11 20:01 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2014-01-17 12:51 - 2009-07-11 18:24 - 02608861 _____ () C:\Windows\system32\wlan.tmf
2014-01-17 12:51 - 2009-07-11 18:03 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\L2SecHC.dll
2014-01-17 12:51 - 2009-07-10 12:51 - 00302080 _____ (Microsoft Corporation) C:\Windows\system32\shsvcs.dll
2014-01-17 12:51 - 2009-07-10 12:47 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsvcs.dll
2014-01-17 12:51 - 2009-06-15 16:10 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-01-17 12:51 - 2009-06-15 15:51 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2014-01-17 12:51 - 2009-04-11 07:28 - 00068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
2014-01-17 12:51 - 2009-04-11 07:26 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2014-01-17 12:49 - 2010-01-25 13:10 - 00539136 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-01-17 12:49 - 2010-01-25 13:10 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-01-17 12:49 - 2010-01-25 13:10 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-01-17 12:49 - 2010-01-25 13:10 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-01-17 12:49 - 2010-01-25 13:08 - 00460288 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-01-17 12:49 - 2010-01-25 13:00 - 00471552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-01-17 12:49 - 2010-01-25 13:00 - 00471552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-01-17 12:49 - 2010-01-25 13:00 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-01-17 12:49 - 2010-01-25 13:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-01-17 12:49 - 2010-01-25 12:58 - 00332288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-01-17 12:49 - 2010-01-25 09:29 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-01-17 12:49 - 2010-01-25 09:29 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-01-17 12:49 - 2010-01-25 09:29 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-01-17 12:49 - 2010-01-25 09:29 - 00409600 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-01-17 12:49 - 2010-01-25 09:21 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-01-17 12:49 - 2010-01-25 09:21 - 00518144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-01-17 12:49 - 2010-01-25 09:21 - 00347136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-01-17 12:49 - 2010-01-25 09:21 - 00346624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-01-17 12:48 - 2011-03-03 16:59 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Apphlpdm.dll
2014-01-17 12:48 - 2011-03-03 16:40 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Apphlpdm.dll
2014-01-17 12:48 - 2011-03-03 15:00 - 04240384 _____ (Microsoft) C:\Windows\system32\GameUXLegacyGDFs.dll
2014-01-17 12:48 - 2011-03-03 14:35 - 04240384 _____ (Microsoft) C:\Windows\SysWOW64\GameUXLegacyGDFs.dll
2014-01-17 12:48 - 2010-08-26 18:42 - 01927680 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2014-01-17 12:48 - 2010-08-26 17:34 - 01696256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2014-01-17 12:48 - 2010-06-28 18:21 - 01915904 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2014-01-17 12:48 - 2010-06-28 18:00 - 01316864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2014-01-17 12:48 - 2010-02-18 14:49 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-01-17 12:48 - 2010-02-18 12:59 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2014-01-17 12:48 - 2009-12-08 18:55 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-01-17 12:48 - 2009-07-15 15:47 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\wmpdxm.dll
2014-01-17 12:48 - 2009-07-15 13:39 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpdxm.dll
2014-01-17 12:48 - 2009-07-15 11:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.tlb
2014-01-17 12:48 - 2009-07-15 11:23 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\amcompat.tlb
2014-01-17 12:48 - 2009-07-15 11:21 - 00043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.tlb
2014-01-17 12:48 - 2009-07-15 11:21 - 00018432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\amcompat.tlb
2014-01-17 12:48 - 2009-06-15 16:11 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-01-17 12:48 - 2009-06-15 15:52 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-01-17 12:47 - 2011-03-10 18:18 - 01398784 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2014-01-17 12:47 - 2011-03-10 18:18 - 01360384 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2014-01-17 12:47 - 2011-03-10 18:03 - 01162240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2014-01-17 12:47 - 2011-03-10 18:03 - 01136640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2014-01-17 12:47 - 2011-02-24 17:38 - 00991104 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-01-17 12:47 - 2011-02-24 17:38 - 00979840 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-01-17 12:47 - 2011-02-24 17:37 - 01076608 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-01-17 12:47 - 2011-02-24 17:37 - 01063296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-01-17 12:47 - 2011-02-24 17:37 - 00020864 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll
2014-01-17 12:47 - 2011-02-24 17:37 - 00018816 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll
2014-01-17 12:47 - 2011-02-24 17:37 - 00017792 _____ (Microsoft Corporation) C:\Windows\system32\kdcom.dll
2014-01-17 12:47 - 2010-12-28 17:08 - 00466944 _____ (Microsoft Corporation) C:\Windows\system32\odbc32.dll
2014-01-17 12:47 - 2010-12-28 16:55 - 00413696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbc32.dll
2014-01-17 12:47 - 2010-12-17 16:41 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-01-17 12:47 - 2010-12-17 14:54 - 00677888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-01-17 12:47 - 2010-12-14 17:15 - 01251840 _____ (Microsoft Corporation) C:\Windows\system32\sdclt.exe
2014-01-17 12:47 - 2010-08-17 15:54 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2014-01-17 12:47 - 2009-12-04 19:52 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\tsbyuv.dll
2014-01-17 12:47 - 2009-12-04 19:50 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\msvidc32.dll
2014-01-17 12:47 - 2009-12-04 19:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\msyuv.dll
2014-01-17 12:47 - 2009-12-04 19:50 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\msrle32.dll
2014-01-17 12:47 - 2009-12-04 19:49 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\iyuv_32.dll
2014-01-17 12:47 - 2009-12-04 19:30 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsbyuv.dll
2014-01-17 12:47 - 2009-12-04 19:28 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvfw32.dll
2014-01-17 12:47 - 2009-12-04 19:28 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mciavi32.dll
2014-01-17 12:47 - 2009-12-04 19:28 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iyuv_32.dll
2014-01-17 12:47 - 2009-12-04 19:28 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvidc32.dll
2014-01-17 12:47 - 2009-12-04 19:28 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msyuv.dll
2014-01-17 12:47 - 2009-12-04 19:28 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrle32.dll
2014-01-17 12:47 - 2009-12-04 19:27 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\avifil32.dll
2014-01-17 12:47 - 2009-10-07 13:20 - 00280576 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-01-17 12:47 - 2009-10-07 12:36 - 00243712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-01-17 12:47 - 2009-09-10 18:09 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-01-17 12:47 - 2009-09-10 17:48 - 00218624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-01-17 12:47 - 2009-09-04 12:54 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\msasn1.dll
2014-01-17 12:47 - 2009-09-04 12:41 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msasn1.dll
2014-01-17 12:47 - 2009-06-15 16:13 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-01-17 12:47 - 2009-06-15 15:54 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-01-17 12:47 - 2009-06-10 12:52 - 02900480 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2014-01-17 12:47 - 2009-06-10 12:51 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\mciavi32.dll
2014-01-17 12:47 - 2009-06-10 12:49 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\avifil32.dll
2014-01-17 12:47 - 2009-06-10 12:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\avicap32.dll
2014-01-17 12:47 - 2009-06-10 12:41 - 02386944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVCORE.DLL
2014-01-17 12:47 - 2009-04-11 08:11 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-01-17 12:47 - 2009-04-11 08:11 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-01-17 12:47 - 2009-04-11 08:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tscupgrd.exe
2014-01-17 12:47 - 2009-04-11 08:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-01-17 12:47 - 2009-04-11 07:28 - 00136192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-01-17 12:47 - 2009-04-11 07:28 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tscupgrd.exe
2014-01-17 12:47 - 2009-04-11 07:28 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-01-17 12:47 - 2009-04-11 07:27 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-01-17 12:47 - 2009-04-11 07:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-01-17 12:47 - 2009-04-11 06:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-01-17 12:47 - 2009-04-11 05:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-01-17 12:46 - 2011-07-06 16:49 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-01-17 12:46 - 2011-05-02 18:16 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-01-17 12:46 - 2011-05-02 18:13 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-01-17 12:46 - 2011-04-29 14:41 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-01-17 12:46 - 2011-04-29 14:40 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-01-17 12:46 - 2011-04-29 14:39 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-01-17 12:46 - 2011-04-29 14:39 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-01-17 12:46 - 2011-04-14 16:14 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-01-17 12:46 - 2011-03-02 17:12 - 00221696 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-01-17 12:46 - 2011-03-02 17:12 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-01-17 12:46 - 2011-03-02 16:44 - 00168448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2014-01-17 12:46 - 2011-02-18 15:18 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-01-17 12:46 - 2010-12-29 20:01 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2014-01-17 12:46 - 2010-12-29 20:01 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\sbeio.dll
2014-01-17 12:46 - 2010-12-29 19:59 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2014-01-17 12:46 - 2010-12-29 19:28 - 00322560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2014-01-17 12:46 - 2010-12-29 19:28 - 00153088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbeio.dll
2014-01-17 12:46 - 2010-12-29 19:26 - 00177664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2014-01-17 12:46 - 2010-08-31 16:46 - 00954752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc40.dll
2014-01-17 12:46 - 2010-08-31 16:46 - 00954288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc40u.dll
2014-01-17 12:46 - 2010-06-18 18:48 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\rtutils.dll
2014-01-17 12:46 - 2010-06-18 18:31 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtutils.dll
2014-01-17 12:46 - 2010-04-16 18:07 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-01-17 12:46 - 2010-04-16 17:46 - 00502272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-01-17 12:46 - 2010-04-05 18:33 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2014-01-17 12:46 - 2010-04-05 18:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2014-01-17 12:46 - 2010-04-05 18:02 - 00317952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2014-01-17 12:46 - 2010-04-05 18:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2014-01-17 12:46 - 2010-01-21 16:37 - 00072192 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\system32\l3codeca.acm
2014-01-17 12:46 - 2010-01-21 16:05 - 00062464 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\SysWOW64\l3codeca.acm
2014-01-17 12:46 - 2009-10-23 18:30 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2014-01-17 12:46 - 2009-10-23 18:10 - 00714240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2014-01-17 12:46 - 2009-07-17 15:14 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\atl.dll
2014-01-17 12:46 - 2009-07-17 14:54 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atl.dll
2014-01-17 12:46 - 2009-06-10 12:53 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
2014-01-17 12:46 - 2009-05-04 11:21 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2014-01-17 12:46 - 2009-05-04 10:59 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2014-01-17 12:46 - 2009-04-11 08:09 - 00181760 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\system32\l3codecp.acm
2014-01-17 12:46 - 2009-04-11 07:27 - 00220672 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\SysWOW64\l3codecp.acm
2014-01-17 12:44 - 2011-02-18 15:16 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2014-01-17 12:44 - 2010-10-18 16:35 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-01-17 12:44 - 2010-08-20 17:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2014-01-17 12:44 - 2010-08-20 17:05 - 00867328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2014-01-17 12:44 - 2010-05-27 21:08 - 00081920 _____ (Radius Inc.) C:\Windows\SysWOW64\iccvid.dll
2014-01-17 12:44 - 2010-01-13 18:49 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\cabview.dll
2014-01-17 12:44 - 2010-01-13 18:34 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cabview.dll
2014-01-17 12:41 - 2010-11-06 12:18 - 00855040 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-01-17 12:41 - 2010-11-06 12:18 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll
2014-01-17 12:41 - 2010-11-06 12:18 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\wmicmiplugin.dll
2014-01-17 12:41 - 2010-11-06 12:18 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2014-01-17 12:41 - 2010-11-05 00:58 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2014-01-17 12:41 - 2010-11-04 19:55 - 00352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2014-01-17 12:41 - 2010-11-04 19:55 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2014-01-17 12:41 - 2010-11-04 17:34 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2014-01-17 12:13 - 2014-01-17 12:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-01-17 12:13 - 2014-01-17 12:13 - 00000000 ____D () C:\Windows\SysWOW64\Atheros_L1e
2014-01-17 12:10 - 2014-01-17 14:56 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-01-17 12:10 - 2014-01-17 12:10 - 00000000 ____D () C:\Intel
2014-01-17 12:10 - 2008-07-16 16:05 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2014-01-17 12:09 - 2014-01-17 12:10 - 00000000 ____D () C:\acer 5810t
2014-01-17 12:09 - 2014-01-17 12:09 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_00_00.Wdf
2014-01-17 11:10 - 2014-01-27 10:57 - 00000000 ___RD () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-17 11:10 - 2014-01-26 13:13 - 00001189 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-17 11:10 - 2014-01-26 13:13 - 00001183 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-01-17 11:10 - 2014-01-20 10:15 - 00062768 _____ () C:\Users\Regina\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-17 11:10 - 2014-01-17 11:10 - 00000974 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-01-17 11:10 - 2014-01-17 11:10 - 00000000 ___RD () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-17 11:09 - 2014-02-12 12:37 - 00000000 ____D () C:\Users\Regina
2014-01-17 11:09 - 2014-01-20 10:14 - 00000915 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-01-17 11:09 - 2014-01-17 11:27 - 00000732 _____ () C:\Users\Regina\AppData\Local\d3d9caps64.dat
2014-01-17 11:09 - 2014-01-17 11:09 - 00000020 ___SH () C:\Users\Regina\ntuser.ini
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\Vorlagen
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\Startmenü
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\Netzwerkumgebung
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\Lokale Einstellungen
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\Eigene Dateien
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\Druckumgebung
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\Documents\Eigene Musik
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\Documents\Eigene Bilder
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\AppData\Local\Verlauf
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\AppData\Local\Anwendungsdaten
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\Anwendungsdaten
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Programme
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\ProgramData\Favoriten
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 ____D () C:\Users\Regina\AppData\Local\VirtualStore
2014-01-17 11:09 - 2008-01-21 04:20 - 00000000 ___RD () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-17 11:09 - 2008-01-21 04:20 - 00000000 ___RD () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-17 11:04 - 2014-01-17 11:04 - 00001355 _____ () C:\Windows\TSSysprep.log
2014-01-17 10:59 - 2014-01-17 11:05 - 00000000 ____D () C:\Windows\Panther
2014-01-17 10:58 - 2014-01-17 10:58 - 00008192 ___RS () C:\BOOTSECT.BAK
2014-01-17 10:58 - 2009-04-11 07:36 - 00333257 __RSH () C:\bootmgr

==================== One Month Modified Files and Folders =======

2014-02-12 12:41 - 2014-02-12 12:41 - 00010906 _____ () C:\Users\Regina\Desktop\FRST.txt
2014-02-12 12:41 - 2014-02-12 12:41 - 00000000 ____D () C:\FRST
2014-02-12 12:40 - 2014-02-12 12:39 - 02151424 _____ (Farbar) C:\Users\Regina\Desktop\FRST64.exe
2014-02-12 12:38 - 2014-02-12 12:37 - 00000474 _____ () C:\Users\Regina\Desktop\defogger_disable.log
2014-02-12 12:38 - 2006-11-02 16:22 - 00004576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-12 12:38 - 2006-11-02 16:22 - 00004576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-12 12:37 - 2014-02-12 12:37 - 00000000 _____ () C:\Users\Regina\defogger_reenable
2014-02-12 12:37 - 2014-01-17 11:09 - 00000000 ____D () C:\Users\Regina
2014-02-12 12:33 - 2008-01-21 02:53 - 01465198 _____ () C:\Windows\WindowsUpdate.log
2014-02-12 12:28 - 2014-01-24 20:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-12 10:09 - 2014-01-17 17:43 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-11 23:03 - 2014-02-11 23:03 - 00010506 _____ () C:\Users\Regina\Desktop\prefs.js
2014-02-11 21:57 - 2008-01-21 12:10 - 01565124 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-11 21:57 - 2008-01-21 12:09 - 00673502 _____ () C:\Windows\system32\perfh007.dat
2014-02-11 21:57 - 2008-01-21 12:09 - 00145482 _____ () C:\Windows\system32\perfc007.dat
2014-02-11 21:52 - 2014-01-26 17:13 - 00000000 ___RD () C:\Users\Regina\Dropbox
2014-02-11 21:52 - 2014-01-26 17:08 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Dropbox
2014-02-11 21:51 - 2006-11-02 16:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-11 15:51 - 2006-11-02 16:42 - 00017100 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-11 15:29 - 2014-02-11 15:28 - 00277280 _____ () C:\Windows\Minidump\Mini021114-02.dmp
2014-02-11 15:28 - 2014-02-11 15:00 - 390989177 _____ () C:\Windows\MEMORY.DMP
2014-02-11 15:28 - 2014-02-11 15:00 - 00000000 ____D () C:\Windows\Minidump
2014-02-11 15:00 - 2014-02-11 15:00 - 00277256 _____ () C:\Windows\Minidump\Mini021114-01.dmp
2014-02-11 15:00 - 2014-01-20 11:33 - 00001576 _____ () C:\Windows\system32\spsys.log
2014-02-10 17:43 - 2014-02-10 17:43 - 00050477 _____ () C:\Users\Regina\Desktop\Defogger.exe
2014-02-06 14:29 - 2014-01-24 20:26 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-06 14:29 - 2014-01-24 20:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-06 14:29 - 2014-01-24 20:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-06 14:18 - 2014-02-06 14:18 - 00000000 ____D () C:\ProgramData\Mozilla
2014-02-06 14:18 - 2014-02-06 14:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-06 14:18 - 2014-01-23 20:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-04 18:32 - 2014-01-23 20:46 - 00000000 ____D () C:\Users\Regina\AppData\Local\Thunderbird
2014-02-02 19:41 - 2014-01-24 22:01 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\vlc
2014-02-02 19:40 - 2014-02-02 19:40 - 00000000 ____D () C:\Users\Regina\Desktop\Bilder 2014
2014-02-02 19:35 - 2006-11-02 16:27 - 00090574 _____ () C:\Windows\setupact.log
2014-02-02 14:37 - 2014-01-26 17:45 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Skype
2014-01-31 18:15 - 2014-01-28 21:33 - 00000000 ____D () C:\Users\Regina\Desktop\Jobs
2014-01-30 23:35 - 2014-01-24 20:08 - 00000000 ____D () C:\ProgramData\Adobe
2014-01-29 21:59 - 2014-01-28 22:45 - 00000000 ___RD () C:\Users\Regina\Desktop\Projekte
2014-01-29 21:59 - 2014-01-28 21:45 - 00000000 ___RD () C:\Users\Regina\Desktop\Freizeit
2014-01-29 12:25 - 2014-01-29 12:25 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-01-29 00:17 - 2014-01-28 23:04 - 00000000 ___RD () C:\Users\Regina\Desktop\Fotos_Videos_ReginaBerthold_2005-2014
2014-01-28 22:58 - 2014-01-28 22:57 - 00000000 ____D () C:\Users\Regina\Desktop\Uni BA MA
2014-01-28 22:56 - 2014-01-28 22:56 - 00003584 _____ () C:\Users\Regina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-28 22:56 - 2014-01-28 22:56 - 00000000 ____D () C:\Users\Regina\Desktop\Ungeordnete Dateien Regina
2014-01-28 22:53 - 2014-01-28 22:46 - 00000000 ____D () C:\Users\Regina\Desktop\Musik von Regina
2014-01-28 21:34 - 2014-01-28 21:34 - 00000000 ____D () C:\Users\Regina\Desktop\Bewerbung
2014-01-27 10:58 - 2014-01-26 13:12 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\systweak
2014-01-27 10:57 - 2014-01-26 13:14 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-01-27 10:57 - 2014-01-17 11:10 - 00000000 ___RD () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-26 17:45 - 2014-01-26 17:45 - 00000000 ____D () C:\Users\Regina\AppData\Local\Skype
2014-01-26 17:44 - 2014-01-26 17:44 - 00001892 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-01-26 17:44 - 2014-01-26 17:44 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-01-26 17:44 - 2014-01-26 17:44 - 00000000 ____D () C:\ProgramData\Skype
2014-01-26 17:43 - 2014-01-26 17:42 - 35671200 _____ (Skype Technologies S.A.) C:\Users\Regina\Downloads\SkypeSetupFull.exe
2014-01-26 17:17 - 2014-01-24 20:10 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Adobe
2014-01-26 17:17 - 2014-01-24 20:00 - 00000000 ____D () C:\Users\Regina\AppData\Local\Adobe
2014-01-26 17:13 - 2014-01-26 17:13 - 00000942 _____ () C:\Users\Regina\Desktop\Dropbox.lnk
2014-01-26 17:13 - 2014-01-26 17:11 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\DropboxMaster
2014-01-26 17:11 - 2014-01-26 17:11 - 00000000 ____D () C:\Program Files (x86)\Dropbox
2014-01-26 17:10 - 2014-01-26 17:10 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-26 17:06 - 2014-01-26 17:05 - 37660568 _____ (Dropbox, Inc.) C:\Users\Regina\Downloads\Dropbox 2.6.2.exe
2014-01-26 14:14 - 2014-01-26 13:13 - 00000000 ____D () C:\Program Files (x86)\RightSurf
2014-01-26 13:15 - 2014-01-26 13:15 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\0F1F1C2Y1H1P1C0I0T
2014-01-26 13:15 - 2014-01-26 13:15 - 00000000 ____D () C:\ProgramData\IePluginService
2014-01-26 13:15 - 2014-01-26 13:15 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-01-26 13:14 - 2014-01-26 13:14 - 00000000 ____D () C:\ProgramData\WPM
2014-01-26 13:14 - 2014-01-26 13:13 - 00437118 _____ () C:\Users\Regina\AppData\Local\dd_vcredistMSI4E0F.txt
2014-01-26 13:14 - 2014-01-26 13:13 - 00012072 _____ () C:\Users\Regina\AppData\Local\dd_vcredistUI4E0F.txt
2014-01-26 13:13 - 2014-01-23 20:16 - 00001098 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-26 13:13 - 2014-01-17 11:10 - 00001189 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-26 13:13 - 2014-01-17 11:10 - 00001183 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-01-26 13:13 - 2006-11-02 14:33 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-01-26 13:11 - 2014-01-26 13:12 - 00608840 _____ () C:\Users\Regina\Downloads\adblock-plus.xpi
2014-01-26 13:11 - 2014-01-26 13:11 - 00675736 _____ ( ) C:\Users\Regina\Downloads\adblock-plus.exe
2014-01-24 21:49 - 2014-01-24 21:49 - 00000901 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-01-24 21:49 - 2014-01-24 21:49 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-01-24 21:39 - 2014-01-24 21:38 - 24097311 _____ () C:\Users\Regina\Downloads\vlc-2.1.2-win32.exe
2014-01-24 20:10 - 2014-01-24 20:10 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Macromedia
2014-01-24 20:10 - 2014-01-24 20:10 - 00000000 ____D () C:\Users\Regina\AppData\Local\Macromedia
2014-01-24 20:09 - 2014-01-24 20:09 - 00001922 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-01-24 20:09 - 2014-01-24 20:09 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-01-24 20:02 - 2014-01-24 20:02 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-01-24 20:02 - 2014-01-24 20:02 - 00000000 ____D () C:\Windows\system32\Macromed
2014-01-24 01:24 - 2014-01-17 17:43 - 00001829 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-24 01:23 - 2014-01-17 17:42 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-24 01:23 - 2014-01-17 17:42 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-24 01:23 - 2014-01-17 17:42 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-24 01:23 - 2014-01-17 17:42 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-24 01:23 - 2014-01-17 17:42 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-01-24 01:23 - 2014-01-17 17:42 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-01-24 01:23 - 2014-01-17 17:42 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-23 21:02 - 2014-01-23 21:02 - 00001003 _____ () C:\Users\Regina\Documents\MailShield.der
2014-01-23 20:46 - 2014-01-23 20:46 - 00001844 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-01-23 20:46 - 2014-01-23 20:46 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Thunderbird
2014-01-23 20:18 - 2014-01-23 20:17 - 21981704 _____ (Mozilla) C:\Users\Regina\Downloads\Thunderbird Setup 24.2.0.exe
2014-01-23 20:16 - 2014-01-23 20:16 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Mozilla
2014-01-23 20:16 - 2014-01-23 20:16 - 00000000 ____D () C:\Users\Regina\AppData\Local\Mozilla
2014-01-23 20:16 - 2014-01-23 20:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-01-23 19:43 - 2008-01-21 04:26 - 00020702 _____ () C:\Windows\PFRO.log
2014-01-20 16:09 - 2014-01-20 16:09 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\LibreOffice
2014-01-20 15:06 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\rescache
2014-01-20 15:00 - 2014-01-20 14:46 - 01541636 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-20 14:04 - 2014-01-20 14:04 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-01-20 14:01 - 2006-11-02 16:21 - 00290832 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-20 13:58 - 2014-01-20 13:58 - 00000000 ____D () C:\Windows\SysWOW64\spool
2014-01-20 13:58 - 2014-01-20 13:58 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-01-20 13:58 - 2014-01-20 13:58 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2014-01-20 13:58 - 2006-11-02 16:07 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-01-20 13:58 - 2006-11-02 16:07 - 00000000 ____D () C:\Program Files\Windows Journal
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\uk-UA
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\th-TH
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\sr-Latn-CS
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\sl-SI
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\ro-RO
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\lv-LV
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\lt-LT
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\hr-HR
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\he-IL
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\et-EE
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\uk-UA
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\th-TH
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\sl-SI
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\sk-SK
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\ro-RO
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\lv-LV
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\lt-LT
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\hr-HR
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\he-IL
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\et-EE
2014-01-20 13:58 - 2006-11-02 14:33 - 00000000 ___RD () C:\Windows\Offline Web Pages
2014-01-20 13:58 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\system32\bg-BG
2014-01-20 13:58 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-01-20 13:58 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-01-20 13:58 - 2006-11-02 14:33 - 00000000 ____D () C:\Program Files\Common Files\System
2014-01-20 13:57 - 2014-01-20 13:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_07_00.Wdf

Twentyflux · 13.02.2014, 19:04

FRST Teil III

Code:

ATTFilter

2014-01-20 12:21 - 2014-01-20 12:16 - 00004287 _____ () C:\Windows\IE9_main.log
2014-01-20 12:20 - 2014-01-20 12:20 - 17847296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 12344320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-01-20 12:20 - 2014-01-20 12:20 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-01-20 12:20 - 2014-01-20 12:20 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-01-20 12:20 - 2014-01-20 12:20 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-20 12:20 - 2014-01-20 12:20 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-01-20 12:20 - 2014-01-20 12:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-01-20 12:20 - 2014-01-20 12:20 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-01-20 12:20 - 2014-01-20 12:20 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-01-20 12:20 - 2014-01-20 12:20 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\advpack.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-01-20 12:20 - 2014-01-20 12:20 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-01-20 12:20 - 2014-01-20 12:20 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-01-20 12:20 - 2006-11-02 13:16 - 00008798 _____ () C:\Windows\SysWOW64\icrav03.rat
2014-01-20 12:20 - 2006-11-02 13:16 - 00001988 _____ () C:\Windows\SysWOW64\ticrf.rat
2014-01-20 12:20 - 2006-11-02 07:36 - 00008798 _____ () C:\Windows\system32\icrav03.rat
2014-01-20 12:20 - 2006-11-02 07:36 - 00001988 _____ () C:\Windows\system32\ticrf.rat
2014-01-20 12:18 - 2014-01-20 12:18 - 03548672 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 03068416 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 01554432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsservices.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\MFH264Dec.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 01075712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 01032192 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe
2014-01-20 12:18 - 2014-01-20 12:18 - 00979456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFH264Dec.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00847360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00625152 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00586240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00428544 _____ (Microsoft Corporation) C:\Windows\system32\MFHEAACdec.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4src.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2014-01-20 12:18 - 2014-01-20 12:18 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFHEAACdec.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00345088 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00302592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4src.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00258048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2014-01-20 12:18 - 2014-01-20 12:18 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00135680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelineprxy.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-01-20 12:17 - 2014-01-20 12:17 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00449024 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00369664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\dxdiag.exe
2014-01-20 12:17 - 2014-01-20 12:17 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\dxdiagn.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiag.exe
2014-01-20 12:17 - 2014-01-20 12:17 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiagn.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00189440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-01-20 10:15 - 2014-01-17 11:10 - 00062768 _____ () C:\Users\Regina\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-20 10:14 - 2014-01-17 11:09 - 00000915 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-01-17 19:31 - 2014-01-17 19:31 - 00000000 ____D () C:\Windows\SysWOW64\vi-VN
2014-01-17 19:31 - 2014-01-17 19:31 - 00000000 ____D () C:\Windows\SysWOW64\eu-ES
2014-01-17 19:31 - 2014-01-17 19:31 - 00000000 ____D () C:\Windows\SysWOW64\ca-ES
2014-01-17 19:31 - 2014-01-17 19:31 - 00000000 ____D () C:\Windows\system32\vi-VN
2014-01-17 19:31 - 2014-01-17 19:31 - 00000000 ____D () C:\Windows\system32\eu-ES
2014-01-17 19:31 - 2014-01-17 19:31 - 00000000 ____D () C:\Windows\system32\ca-ES
2014-01-17 19:31 - 2006-11-02 16:07 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-01-17 19:31 - 2006-11-02 16:07 - 00000000 ____D () C:\Program Files\Windows Photo Gallery
2014-01-17 19:31 - 2006-11-02 16:07 - 00000000 ____D () C:\Program Files\Windows Defender
2014-01-17 19:31 - 2006-11-02 16:07 - 00000000 ____D () C:\Program Files\Windows Collaboration
2014-01-17 19:31 - 2006-11-02 16:07 - 00000000 ____D () C:\Program Files\Movie Maker
2014-01-17 19:31 - 2006-11-02 16:07 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-01-17 19:31 - 2006-11-02 16:07 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Gallery
2014-01-17 19:31 - 2006-11-02 16:07 - 00000000 ____D () C:\Program Files (x86)\Windows Calendar
2014-01-17 19:31 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\SLUI
2014-01-17 19:31 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\setup
2014-01-17 19:31 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2014-01-17 19:31 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2014-01-17 19:31 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\manifeststore
2014-01-17 19:31 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\AdvancedInstallers
2014-01-17 19:31 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\SLUI
2014-01-17 19:31 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\setup
2014-01-17 19:31 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\oobe
2014-01-17 19:31 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\migwiz
2014-01-17 19:31 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\manifeststore
2014-01-17 19:31 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2014-01-17 19:31 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\servicing
2014-01-17 19:31 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\IME
2014-01-17 18:16 - 2014-01-17 18:16 - 00000000 ____D () C:\Windows\system32\EventProviders
2014-01-17 18:13 - 2014-01-17 18:13 - 00000973 _____ () C:\Users\Public\Desktop\LibreOffice 4.1.lnk
2014-01-17 18:13 - 2014-01-17 18:11 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-01-17 18:07 - 2014-01-17 18:07 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\AVAST Software
2014-01-17 18:07 - 2014-01-17 17:42 - 215965696 _____ () C:\Users\Regina\Downloads\LibreOffice_4.1.4_Win_x86.msi
2014-01-17 17:42 - 2014-01-17 17:42 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-01-17 17:42 - 2014-01-17 17:42 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-17 17:41 - 2014-01-17 17:41 - 00000000 ____D () C:\Program Files\AVAST Software
2014-01-17 17:41 - 2014-01-17 17:40 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-01-17 17:39 - 2014-01-17 17:35 - 91412976 _____ (AVAST Software) C:\Users\Regina\Downloads\avast_free_antivirus_setup.exe
2014-01-17 17:16 - 2014-01-17 17:16 - 00812628 _____ () C:\Windows\dd_NET_Framework35_LangPack_MSI489E.txt
2014-01-17 17:16 - 2014-01-17 17:15 - 00076342 _____ () C:\Windows\dd_dotnetfx35install_lp.txt
2014-01-17 17:16 - 2014-01-17 17:15 - 00036116 _____ () C:\Windows\dd_depcheck_NETFX_EXP_35.txt
2014-01-17 17:15 - 2014-01-17 17:15 - 00000002 _____ () C:\Windows\dd_dotnetfx35error_lp.txt
2014-01-17 15:54 - 2014-01-17 15:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-17 15:29 - 2014-01-17 15:29 - 00003164 _____ () C:\Windows\System32\Tasks\CreateChoiceProcessTask
2014-01-17 15:29 - 2014-01-17 15:29 - 00001589 _____ () C:\Users\Public\Desktop\Browserwahl.lnk
2014-01-17 15:24 - 2014-01-17 15:24 - 00000000 ____D () C:\Windows\SysWOW64\WindowsPowerShell
2014-01-17 15:24 - 2014-01-17 15:24 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell
2014-01-17 14:56 - 2014-01-17 12:10 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-01-17 12:13 - 2014-01-17 12:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-01-17 12:13 - 2014-01-17 12:13 - 00000000 ____D () C:\Windows\SysWOW64\Atheros_L1e
2014-01-17 12:10 - 2014-01-17 12:10 - 00000000 ____D () C:\Intel
2014-01-17 12:10 - 2014-01-17 12:09 - 00000000 ____D () C:\acer 5810t
2014-01-17 12:10 - 2006-11-02 16:07 - 00000000 ____D () C:\Windows\system32\restore
2014-01-17 12:09 - 2014-01-17 12:09 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_00_00.Wdf
2014-01-17 11:27 - 2014-01-17 11:09 - 00000732 _____ () C:\Users\Regina\AppData\Local\d3d9caps64.dat
2014-01-17 11:10 - 2014-01-17 11:10 - 00000974 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-01-17 11:10 - 2014-01-17 11:10 - 00000000 ___RD () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-17 11:09 - 2014-01-17 11:09 - 00000020 ___SH () C:\Users\Regina\ntuser.ini
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\Vorlagen
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\Startmenü
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\Netzwerkumgebung
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\Lokale Einstellungen
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\Eigene Dateien
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\Druckumgebung
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\Documents\Eigene Musik
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\Documents\Eigene Bilder
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\AppData\Local\Verlauf
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\AppData\Local\Anwendungsdaten
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\Anwendungsdaten
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Programme
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\ProgramData\Favoriten
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 ____D () C:\Users\Regina\AppData\Local\VirtualStore
2014-01-17 11:09 - 2006-11-02 14:33 - 00000000 __RHD () C:\Users\Default
2014-01-17 11:09 - 2006-11-02 14:33 - 00000000 ____D () C:\Program Files\Windows NT
2014-01-17 11:05 - 2014-01-17 10:59 - 00000000 ____D () C:\Windows\Panther
2014-01-17 11:04 - 2014-01-17 11:04 - 00001355 _____ () C:\Windows\TSSysprep.log
2014-01-17 11:04 - 2006-11-02 16:22 - 00003257 _____ () C:\Windows\DtcInstall.log
2014-01-17 10:58 - 2014-01-17 10:58 - 00008192 ___RS () C:\BOOTSECT.BAK
2014-01-17 10:58 - 2006-11-02 16:17 - 00041984 ____H () C:\Windows\system32\config\BCD-Template.LOG
2014-01-17 10:58 - 2006-11-02 16:07 - 00262144 _____ () C:\Windows\system32\config\BCD-Template

Some content of TEMP:
====================
C:\Users\Regina\AppData\Local\Temp\BackupSetup.exe
C:\Users\Regina\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzwg_xn.dll
C:\Users\Regina\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-11 21:58

==================== End Of Log ============================

Addition:

FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-02-2014 01
Ran by Regina at 2014-02-12 12:43:19
Running from C:\Users\Regina\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adblock Plus Packages (HKCU Version:  - ) <==== ATTENTION
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (x32 Version: 10.1.9 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.18 - Atheros Communications Inc.)
avast! Free Antivirus (x32 Version: 9.0.2013 - Avast Software)
Dropbox (HKCU Version: 2.6.2 - Dropbox, Inc.)
IePluginService12.27.0.3326 (x32 Version: 12.27.0.3326 - Cherished Technololgy LIMITED) <==== ATTENTION
LibreOffice 4.1.4.2 (x32 Version: 4.1.4.2 - The Document Foundation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 24.3.0 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 de) (x32 Version: 24.3.0 - Mozilla)
RightSurf (Version: 2014.01.25.024532 - RightSurf) <==== ATTENTION
Skype™ 6.13 (x32 Version: 6.13.104 - Skype Technologies S.A.)
SupTab (x32 Version: 1.1.1.0 - ) <==== ATTENTION
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1 - Microsoft Corporation)
VLC media player 2.1.2 (x32 Version: 2.1.2 - VideoLAN)
WPM17.8.0.3325 (x32 Version: 17.8.0.3325 - Cherished Technololgy LIMITED) <==== ATTENTION

==================== Restore Points  =========================

28-01-2014 11:55:45 Windows Update
31-01-2014 17:43:41 Windows Update
04-02-2014 16:50:05 Windows Update
06-02-2014 20:23:17 Geplanter Prüfpunkt
08-02-2014 10:38:12 Windows Update
10-02-2014 10:04:45 Geplanter Prüfpunkt
11-02-2014 11:04:25 Windows Update

==================== Hosts content: ==========================

2006-11-02 13:34 - 2006-09-18 22:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0973451A-EEB5-4F31-8485-FC44851D4338} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {80941BA5-64EA-4774-AB52-BD833D856D0B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-06] (Adobe Systems Incorporated)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F30A1974-276C-43BE-A31E-1E80BD5E79F0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-24] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-02-12 10:09 - 2014-02-12 08:49 - 02172928 _____ () C:\Program Files\AVAST Software\Avast\defs\14021200\algo.dll
2014-02-11 21:52 - 2014-02-11 21:52 - 00041984 _____ () c:\users\regina\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzwg_xn.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\libcef.dll
2014-01-17 17:42 - 2014-01-17 17:42 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-25 04:09 - 2014-02-11 11:17 - 00080160 _____ () C:\Program Files (x86)\RightSurf\updateRightSurf.exe
2014-01-26 14:14 - 2014-02-11 10:44 - 00080160 _____ () C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe
2014-01-23 20:16 - 2013-12-05 20:36 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/11/2014 11:17:26 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung firefox.exe, Version 26.0.0.5087, Zeitstempel 0x52a0d273, fehlerhaftes Modul xul.dll, Version 26.0.0.5087, Zeitstempel 0x52a0d20a, Ausnahmecode 0xc0000005, Fehleroffset 0x0014e1a8,
Prozess-ID 0x73c, Anwendungsstartzeit firefox.exe0.

Error: (02/11/2014 10:47:40 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung firefox.exe, Version 26.0.0.5087, Zeitstempel 0x52a0d273, fehlerhaftes Modul xul.dll, Version 26.0.0.5087, Zeitstempel 0x52a0d20a, Ausnahmecode 0xc0000005, Fehleroffset 0x0014e1a8,
Prozess-ID 0xb0c, Anwendungsstartzeit firefox.exe0.

Error: (02/11/2014 09:53:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2014 03:29:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2014 10:41:47 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/10/2014 03:27:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/10/2014 10:18:09 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/09/2014 03:22:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2014 11:26:57 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung firefox.exe, Version 26.0.0.5087, Zeitstempel 0x52a0d273, fehlerhaftes Modul xul.dll, Version 26.0.0.5087, Zeitstempel 0x52a0d20a, Ausnahmecode 0xc0000005, Fehleroffset 0x0014e1a8,
Prozess-ID 0xd5c, Anwendungsstartzeit firefox.exe0.

Error: (02/08/2014 09:23:54 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung firefox.exe, Version 26.0.0.5087, Zeitstempel 0x52a0d273, fehlerhaftes Modul xul.dll, Version 26.0.0.5087, Zeitstempel 0x52a0d20a, Ausnahmecode 0xc0000005, Fehleroffset 0x0014e1a8,
Prozess-ID 0xb14, Anwendungsstartzeit firefox.exe0.


System errors:
=============
Error: (02/11/2014 03:28:45 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 11.02.2014 um 15:01:06 unerwartet heruntergefahren.

Error: (02/11/2014 03:00:16 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 11.02.2014 um 14:55:01 unerwartet heruntergefahren.

Error: (02/06/2014 08:13:38 PM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053

Error: (02/06/2014 08:13:38 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search

Error: (02/06/2014 08:13:38 PM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/28/2014 00:56:21 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden aufgrund von einem fehlgeschlagenen Rechenvorgang bezüglich verfügbarem Speicher abgebrochen.

Error: (01/27/2014 10:51:47 AM) (Source: Service Control Manager) (User: )
Description: Computer Backup (MyPC Backup)%%1053

Error: (01/27/2014 10:51:47 AM) (Source: Service Control Manager) (User: )
Description: 30000Computer Backup (MyPC Backup)

Error: (01/24/2014 08:09:10 PM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053

Error: (01/24/2014 08:09:10 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search


Microsoft Office Sessions:
=========================
Error: (02/11/2014 11:17:26 PM) (Source: Application Error)(User: )
Description: firefox.exe26.0.0.508752a0d273xul.dll26.0.0.508752a0d20ac00000050014e1a873c01cf2776a78b79d8

Error: (02/11/2014 10:47:40 PM) (Source: Application Error)(User: )
Description: firefox.exe26.0.0.508752a0d273xul.dll26.0.0.508752a0d20ac00000050014e1a8b0c01cf276d3e045d58

Error: (02/11/2014 09:53:02 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2014 03:29:54 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2014 10:41:47 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/10/2014 03:27:16 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/10/2014 10:18:09 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/09/2014 03:22:39 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2014 11:26:57 PM) (Source: Application Error)(User: )
Description: firefox.exe26.0.0.508752a0d273xul.dll26.0.0.508752a0d20ac00000050014e1a8d5c01cf250dcb408ed0

Error: (02/08/2014 09:23:54 PM) (Source: Application Error)(User: )
Description: firefox.exe26.0.0.508752a0d273xul.dll26.0.0.508752a0d20ac00000050014e1a8b1401cf24ea1744a5fe


CodeIntegrity Errors:
===================================
  Date: 2014-01-17 18:24:04.570
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-17 18:24:04.477
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-17 18:24:04.383
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-17 18:24:04.290
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-17 18:24:04.180
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 45%
Total physical RAM: 4024.86 MB
Available physical RAM: 2187.31 MB
Total Pagefile: 8273.02 MB
Available Pagefile: 6392.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:455.99 GB) (Free:216.17 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: DD1DBD6C)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=456 GB) - (Type=07 NTFS)

==================== End Of Log ============================

--- --- ---

Twentyflux · 13.02.2014, 19:08

GMER Teil I

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-12 14:42:56
Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD5000BEVT-22ZAT0 rev.01.01A01 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Regina\AppData\Local\Temp\awdiqpod.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                                                                                                                                                                suspicious modification
.text     C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                                                                                                                                                 fffff9600018fa00 3 bytes [80, 82, 02]
.text     C:\Windows\System32\win32k.sys!W32pServiceTable + 4                                                                                                                                                                                                             fffff9600018fa04 3 bytes [C1, B0, FA]
.text     ...                                                                                                                                                                                                                                                             * 129
.text     C:\Windows\System32\win32k.sys!EngGetProcessHandle + 300                                                                                                                                                                                                        fffff96000238c6c 6 bytes {JMP QWORD [RIP-0xf7dca]}

---- User code sections - GMER 2.1 ----

.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                                         0000000077796f20 5 bytes JMP 0000000149a90460
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtQueryObject                                                                                                                                                                                  0000000077796f70 5 bytes JMP 0000000149a90450
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtOpenProcess                                                                                                                                                                                  00000000777970d0 5 bytes JMP 0000000149a90370
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                                       0000000077797120 5 bytes JMP 0000000149a90470
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                                                                                                                             0000000077797130 5 bytes JMP 0000000149a903e0
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtOpenSection                                                                                                                                                                                  00000000777971e0 5 bytes JMP 0000000149a90320
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                           0000000077797210 5 bytes JMP 0000000149a903b0
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtDuplicateObject                                                                                                                                                                              0000000077797230 5 bytes JMP 0000000149a90390
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtOpenEvent                                                                                                                                                                                    0000000077797270 5 bytes JMP 0000000149a902e0
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtQueueApcThread                                                                                                                                                                               00000000777972c0 5 bytes JMP 0000000149a90440
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtCreateEvent                                                                                                                                                                                  00000000777972f0 5 bytes JMP 0000000149a902d0
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtCreateSection                                                                                                                                                                                0000000077797310 5 bytes JMP 0000000149a90310
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtCreateThread                                                                                                                                                                                 0000000077797350 5 bytes JMP 0000000149a903c0
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtTerminateThread                                                                                                                                                                              00000000777973a0 5 bytes JMP 0000000149a903f0
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtAddBootEntry                                                                                                                                                                                 0000000077797510 5 bytes JMP 0000000149a90230
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                                      00000000777976c0 5 bytes JMP 0000000149a90480
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                                     00000000777976f0 5 bytes JMP 0000000149a903a0
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtCreateEventPair                                                                                                                                                                              00000000777977e0 5 bytes JMP 0000000149a902f0
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                           00000000777977f0 5 bytes JMP 0000000149a90350
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtCreateMutant                                                                                                                                                                                 0000000077797850 5 bytes JMP 0000000149a90290
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                              00000000777978d0 5 bytes JMP 0000000149a902b0
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                               00000000777978f0 5 bytes JMP 0000000149a903d0
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtCreateTimer                                                                                                                                                                                  0000000077797900 5 bytes JMP 0000000149a90330
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                           0000000077797970 5 bytes JMP 0000000149a90410
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                              00000000777979a0 5 bytes JMP 0000000149a90240
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtLoadDriver                                                                                                                                                                                   0000000077797c30 5 bytes JMP 0000000149a901e0
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                              0000000077797cf0 5 bytes JMP 0000000149a90250
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                              0000000077797d20 5 bytes JMP 0000000149a90490
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                                     0000000077797d30 5 bytes JMP 0000000149a904a0
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtOpenEventPair                                                                                                                                                                                0000000077797d50 5 bytes JMP 0000000149a90300
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                             0000000077797d60 5 bytes JMP 0000000149a90360
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtOpenMutant                                                                                                                                                                                   0000000077797da0 5 bytes JMP 0000000149a902a0
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                                0000000077797df0 5 bytes JMP 0000000149a902c0
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtOpenThread                                                                                                                                                                                   0000000077797e20 5 bytes JMP 0000000149a90380
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtOpenTimer                                                                                                                                                                                    0000000077797e30 5 bytes JMP 0000000149a90340
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                            0000000077798310 5 bytes JMP 0000000149a90260
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtSetBootOptions                                                                                                                                                                               0000000077798320 5 bytes JMP 0000000149a90270
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                                                                                                                             0000000077798330 5 bytes JMP 0000000149a90400
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                         00000000777984e0 5 bytes JMP 0000000149a901f0
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                                          00000000777984f0 5 bytes JMP 0000000149a90210
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtShutdownSystem                                                                                                                                                                               0000000077798550 5 bytes JMP 0000000149a90200
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtSuspendProcess                                                                                                                                                                               00000000777985b0 5 bytes JMP 0000000149a90420
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtSuspendThread                                                                                                                                                                                00000000777985c0 5 bytes JMP 0000000149a90430
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                           00000000777985d0 5 bytes JMP 0000000149a90220
.text     C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtVdmControl                                                                                                                                                                                   00000000777986a0 5 bytes JMP 0000000149a90280
.text     C:\Windows\system32\wininit.exe[532] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194                                                                                                                                                                      0000000077542c52 1 byte [62]
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                                         0000000077796f20 5 bytes JMP 0000000149a90460
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtQueryObject                                                                                                                                                                                  0000000077796f70 5 bytes JMP 0000000149a90450
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtOpenProcess                                                                                                                                                                                  00000000777970d0 5 bytes JMP 0000000149a90370
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                                       0000000077797120 5 bytes JMP 0000000149a90470
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                                                                                                                             0000000077797130 5 bytes JMP 0000000149a903e0
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtOpenSection                                                                                                                                                                                  00000000777971e0 5 bytes JMP 0000000149a90320
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                           0000000077797210 5 bytes JMP 0000000149a903b0
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtDuplicateObject                                                                                                                                                                              0000000077797230 5 bytes JMP 0000000149a90390
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtOpenEvent                                                                                                                                                                                    0000000077797270 5 bytes JMP 0000000149a902e0
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtQueueApcThread                                                                                                                                                                               00000000777972c0 5 bytes JMP 0000000149a90440
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtCreateEvent                                                                                                                                                                                  00000000777972f0 5 bytes JMP 0000000149a902d0
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtCreateSection                                                                                                                                                                                0000000077797310 5 bytes JMP 0000000149a90310
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtCreateThread                                                                                                                                                                                 0000000077797350 5 bytes JMP 0000000149a903c0
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtTerminateThread                                                                                                                                                                              00000000777973a0 5 bytes JMP 0000000149a903f0
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtAddBootEntry                                                                                                                                                                                 0000000077797510 5 bytes JMP 0000000149a90230
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                                      00000000777976c0 5 bytes JMP 0000000149a90480
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                                     00000000777976f0 5 bytes JMP 0000000149a903a0
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtCreateEventPair                                                                                                                                                                              00000000777977e0 5 bytes JMP 0000000149a902f0
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                           00000000777977f0 5 bytes JMP 0000000149a90350
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtCreateMutant                                                                                                                                                                                 0000000077797850 5 bytes JMP 0000000149a90290
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                              00000000777978d0 5 bytes JMP 0000000149a902b0
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                               00000000777978f0 5 bytes JMP 0000000149a903d0
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtCreateTimer                                                                                                                                                                                  0000000077797900 5 bytes JMP 0000000149a90330
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                           0000000077797970 5 bytes JMP 0000000149a90410
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                              00000000777979a0 5 bytes JMP 0000000149a90240
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtLoadDriver                                                                                                                                                                                   0000000077797c30 5 bytes JMP 0000000149a901e0
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                              0000000077797cf0 5 bytes JMP 0000000149a90250
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                              0000000077797d20 5 bytes JMP 0000000149a90490
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                                     0000000077797d30 5 bytes JMP 0000000149a904a0
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtOpenEventPair                                                                                                                                                                                0000000077797d50 5 bytes JMP 0000000149a90300
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                             0000000077797d60 5 bytes JMP 0000000149a90360
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtOpenMutant                                                                                                                                                                                   0000000077797da0 5 bytes JMP 0000000149a902a0
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                                0000000077797df0 5 bytes JMP 0000000149a902c0
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtOpenThread                                                                                                                                                                                   0000000077797e20 5 bytes JMP 0000000149a90380
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtOpenTimer                                                                                                                                                                                    0000000077797e30 5 bytes JMP 0000000149a90340
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                            0000000077798310 5 bytes JMP 0000000149a90260
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtSetBootOptions                                                                                                                                                                               0000000077798320 5 bytes JMP 0000000149a90270
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                                                                                                                             0000000077798330 5 bytes JMP 0000000149a90400
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                         00000000777984e0 5 bytes JMP 0000000149a901f0
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                                          00000000777984f0 5 bytes JMP 0000000149a90210
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtShutdownSystem                                                                                                                                                                               0000000077798550 5 bytes JMP 0000000149a90200
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtSuspendProcess                                                                                                                                                                               00000000777985b0 5 bytes JMP 0000000149a90420
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtSuspendThread                                                                                                                                                                                00000000777985c0 5 bytes JMP 0000000149a90430
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                           00000000777985d0 5 bytes JMP 0000000149a90220
.text     C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtVdmControl                                                                                                                                                                                   00000000777986a0 5 bytes JMP 0000000149a90280
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                                      0000000077796f20 5 bytes JMP 00000000778e0460
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtQueryObject                                                                                                                                                                               0000000077796f70 5 bytes JMP 00000000778e0450
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtOpenProcess                                                                                                                                                                               00000000777970d0 5 bytes JMP 00000000778e0370
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                                    0000000077797120 5 bytes JMP 00000000778e0470
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                                                                                                                          0000000077797130 5 bytes JMP 00000000778e03e0
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtOpenSection                                                                                                                                                                               00000000777971e0 5 bytes JMP 00000000778e0320
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                        0000000077797210 5 bytes JMP 00000000778e03b0
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtDuplicateObject                                                                                                                                                                           0000000077797230 5 bytes JMP 00000000778e0390
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtOpenEvent                                                                                                                                                                                 0000000077797270 5 bytes JMP 00000000778e02e0
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtQueueApcThread                                                                                                                                                                            00000000777972c0 5 bytes JMP 00000000778e0440
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtCreateEvent                                                                                                                                                                               00000000777972f0 5 bytes JMP 00000000778e02d0
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtCreateSection                                                                                                                                                                             0000000077797310 5 bytes JMP 00000000778e0310
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtCreateThread                                                                                                                                                                              0000000077797350 5 bytes JMP 00000000778e03c0
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtTerminateThread                                                                                                                                                                           00000000777973a0 5 bytes JMP 00000000778e03f0
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtAddBootEntry                                                                                                                                                                              0000000077797510 5 bytes JMP 00000000778e0230
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                                   00000000777976c0 5 bytes JMP 00000000778e0480
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                                  00000000777976f0 5 bytes JMP 00000000778e03a0
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtCreateEventPair                                                                                                                                                                           00000000777977e0 5 bytes JMP 00000000778e02f0
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                        00000000777977f0 5 bytes JMP 00000000778e0350
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtCreateMutant                                                                                                                                                                              0000000077797850 5 bytes JMP 00000000778e0290
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                           00000000777978d0 5 bytes JMP 00000000778e02b0
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                            00000000777978f0 5 bytes JMP 00000000778e03d0
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtCreateTimer                                                                                                                                                                               0000000077797900 5 bytes JMP 00000000778e0330
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                        0000000077797970 5 bytes JMP 00000000778e0410
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                           00000000777979a0 5 bytes JMP 00000000778e0240
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtLoadDriver                                                                                                                                                                                0000000077797c30 5 bytes JMP 00000000778e01e0
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                           0000000077797cf0 5 bytes JMP 00000000778e0250
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                           0000000077797d20 5 bytes JMP 00000000778e0490
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                                  0000000077797d30 5 bytes JMP 00000000778e04a0
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtOpenEventPair                                                                                                                                                                             0000000077797d50 5 bytes JMP 00000000778e0300
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                          0000000077797d60 5 bytes JMP 00000000778e0360
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtOpenMutant                                                                                                                                                                                0000000077797da0 5 bytes JMP 00000000778e02a0
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                             0000000077797df0 5 bytes JMP 00000000778e02c0
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtOpenThread                                                                                                                                                                                0000000077797e20 5 bytes JMP 00000000778e0380
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtOpenTimer                                                                                                                                                                                 0000000077797e30 5 bytes JMP 00000000778e0340
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                         0000000077798310 5 bytes JMP 00000000778e0260
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtSetBootOptions                                                                                                                                                                            0000000077798320 5 bytes JMP 00000000778e0270
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                                                                                                                          0000000077798330 5 bytes JMP 00000000778e0400
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                      00000000777984e0 5 bytes JMP 00000000778e01f0
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                                       00000000777984f0 5 bytes JMP 00000000778e0210
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtShutdownSystem                                                                                                                                                                            0000000077798550 5 bytes JMP 00000000778e0200
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtSuspendProcess                                                                                                                                                                            00000000777985b0 5 bytes JMP 00000000778e0420
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtSuspendThread                                                                                                                                                                             00000000777985c0 5 bytes JMP 00000000778e0430
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                        00000000777985d0 5 bytes JMP 00000000778e0220
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtVdmControl                                                                                                                                                                                00000000777986a0 5 bytes JMP 00000000778e0280
.text     C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194                                                                                                                                                                     0000000077542c52 1 byte [62]
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                                           0000000077796f20 5 bytes JMP 00000000778e0460
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtQueryObject                                                                                                                                                                                    0000000077796f70 5 bytes JMP 00000000778e0450
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtOpenProcess                                                                                                                                                                                    00000000777970d0 5 bytes JMP 00000000778e0370
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                                         0000000077797120 5 bytes JMP 00000000778e0470
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                                                                                                                               0000000077797130 5 bytes JMP 00000000778e03e0
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtOpenSection                                                                                                                                                                                    00000000777971e0 5 bytes JMP 00000000778e0320
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                             0000000077797210 5 bytes JMP 00000000778e03b0
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtDuplicateObject                                                                                                                                                                                0000000077797230 5 bytes JMP 00000000778e0390
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtOpenEvent                                                                                                                                                                                      0000000077797270 5 bytes JMP 00000000778e02e0
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtQueueApcThread                                                                                                                                                                                 00000000777972c0 5 bytes JMP 00000000778e0440
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtCreateEvent                                                                                                                                                                                    00000000777972f0 5 bytes JMP 00000000778e02d0
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtCreateSection                                                                                                                                                                                  0000000077797310 5 bytes JMP 00000000778e0310
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtCreateThread                                                                                                                                                                                   0000000077797350 5 bytes JMP 00000000778e03c0
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtTerminateThread                                                                                                                                                                                00000000777973a0 5 bytes JMP 00000000778e03f0
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtAddBootEntry                                                                                                                                                                                   0000000077797510 5 bytes JMP 00000000778e0230
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                                        00000000777976c0 5 bytes JMP 00000000778e0480
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                                       00000000777976f0 5 bytes JMP 00000000778e03a0
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtCreateEventPair                                                                                                                                                                                00000000777977e0 5 bytes JMP 00000000778e02f0
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                             00000000777977f0 5 bytes JMP 00000000778e0350
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtCreateMutant                                                                                                                                                                                   0000000077797850 5 bytes JMP 00000000778e0290
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                                00000000777978d0 5 bytes JMP 00000000778e02b0
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                                 00000000777978f0 5 bytes JMP 00000000778e03d0
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtCreateTimer                                                                                                                                                                                    0000000077797900 5 bytes JMP 00000000778e0330
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                             0000000077797970 5 bytes JMP 00000000778e0410
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                                00000000777979a0 5 bytes JMP 00000000778e0240
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtLoadDriver                                                                                                                                                                                     0000000077797c30 5 bytes JMP 00000000778e01e0
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                                0000000077797cf0 5 bytes JMP 00000000778e0250
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                                0000000077797d20 5 bytes JMP 00000000778e0490
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                                       0000000077797d30 5 bytes JMP 00000000778e04a0
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtOpenEventPair                                                                                                                                                                                  0000000077797d50 5 bytes JMP 00000000778e0300
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                               0000000077797d60 5 bytes JMP 00000000778e0360
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtOpenMutant                                                                                                                                                                                     0000000077797da0 5 bytes JMP 00000000778e02a0
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                                  0000000077797df0 5 bytes JMP 00000000778e02c0
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtOpenThread                                                                                                                                                                                     0000000077797e20 5 bytes JMP 00000000778e0380
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtOpenTimer                                                                                                                                                                                      0000000077797e30 5 bytes JMP 00000000778e0340
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                              0000000077798310 5 bytes JMP 00000000778e0260
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtSetBootOptions                                                                                                                                                                                 0000000077798320 5 bytes JMP 00000000778e0270
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                                                                                                                               0000000077798330 5 bytes JMP 00000000778e0400
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                           00000000777984e0 5 bytes JMP 00000000778e01f0
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                                            00000000777984f0 5 bytes JMP 00000000778e0210
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtShutdownSystem                                                                                                                                                                                 0000000077798550 5 bytes JMP 00000000778e0200
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtSuspendProcess                                                                                                                                                                                 00000000777985b0 5 bytes JMP 00000000778e0420
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtSuspendThread                                                                                                                                                                                  00000000777985c0 5 bytes JMP 00000000778e0430
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                             00000000777985d0 5 bytes JMP 00000000778e0220
.text     C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtVdmControl                                                                                                                                                                                     00000000777986a0 5 bytes JMP 00000000778e0280
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                                       0000000077796f20 5 bytes JMP 00000000778e0460
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtQueryObject                                                                                                                                                                                0000000077796f70 5 bytes JMP 00000000778e0450
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtOpenProcess                                                                                                                                                                                00000000777970d0 5 bytes JMP 00000000778e0370
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                                     0000000077797120 5 bytes JMP 00000000778e0470
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                                                                                                                           0000000077797130 5 bytes JMP 00000000778e03e0
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtOpenSection                                                                                                                                                                                00000000777971e0 5 bytes JMP 00000000778e0320
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                         0000000077797210 5 bytes JMP 00000000778e03b0
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtDuplicateObject                                                                                                                                                                            0000000077797230 5 bytes JMP 00000000778e0390
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtOpenEvent                                                                                                                                                                                  0000000077797270 5 bytes JMP 00000000778e02e0
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtQueueApcThread                                                                                                                                                                             00000000777972c0 5 bytes JMP 00000000778e0440
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtCreateEvent                                                                                                                                                                                00000000777972f0 5 bytes JMP 00000000778e02d0
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtCreateSection                                                                                                                                                                              0000000077797310 5 bytes JMP 00000000778e0310
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtCreateThread                                                                                                                                                                               0000000077797350 5 bytes JMP 00000000778e03c0
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtTerminateThread                                                                                                                                                                            00000000777973a0 5 bytes JMP 00000000778e03f0
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtAddBootEntry                                                                                                                                                                               0000000077797510 5 bytes JMP 00000000778e0230
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                                    00000000777976c0 5 bytes JMP 00000000778e0480
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                                   00000000777976f0 5 bytes JMP 00000000778e03a0
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtCreateEventPair                                                                                                                                                                            00000000777977e0 5 bytes JMP 00000000778e02f0
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                         00000000777977f0 5 bytes JMP 00000000778e0350
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtCreateMutant                                                                                                                                                                               0000000077797850 5 bytes JMP 00000000778e0290
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                            00000000777978d0 5 bytes JMP 00000000778e02b0
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                             00000000777978f0 5 bytes JMP 00000000778e03d0
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtCreateTimer                                                                                                                                                                                0000000077797900 5 bytes JMP 00000000778e0330
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                         0000000077797970 5 bytes JMP 00000000778e0410
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                            00000000777979a0 5 bytes JMP 00000000778e0240
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtLoadDriver                                                                                                                                                                                 0000000077797c30 5 bytes JMP 00000000778e01e0
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                            0000000077797cf0 5 bytes JMP 00000000778e0250
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                            0000000077797d20 5 bytes JMP 00000000778e0490
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                                   0000000077797d30 5 bytes JMP 00000000778e04a0
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtOpenEventPair                                                                                                                                                                              0000000077797d50 5 bytes JMP 00000000778e0300
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                           0000000077797d60 5 bytes JMP 00000000778e0360
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtOpenMutant                                                                                                                                                                                 0000000077797da0 5 bytes JMP 00000000778e02a0
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                              0000000077797df0 5 bytes JMP 00000000778e02c0
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtOpenThread                                                                                                                                                                                 0000000077797e20 5 bytes JMP 00000000778e0380
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtOpenTimer                                                                                                                                                                                  0000000077797e30 5 bytes JMP 00000000778e0340
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                          0000000077798310 5 bytes JMP 00000000778e0260
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtSetBootOptions                                                                                                                                                                             0000000077798320 5 bytes JMP 00000000778e0270
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                                                                                                                           0000000077798330 5 bytes JMP 00000000778e0400
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                       00000000777984e0 5 bytes JMP 00000000778e01f0
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                                        00000000777984f0 5 bytes JMP 00000000778e0210
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtShutdownSystem                                                                                                                                                                             0000000077798550 5 bytes JMP 00000000778e0200
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtSuspendProcess                                                                                                                                                                             00000000777985b0 5 bytes JMP 00000000778e0420
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtSuspendThread                                                                                                                                                                              00000000777985c0 5 bytes JMP 00000000778e0430
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                         00000000777985d0 5 bytes JMP 00000000778e0220
.text     C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtVdmControl                                                                                                                                                                                 00000000777986a0 5 bytes JMP 00000000778e0280
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                                       0000000077796f20 5 bytes JMP 00000000778e0460
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtQueryObject                                                                                                                                                                                0000000077796f70 5 bytes JMP 00000000778e0450
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtOpenProcess                                                                                                                                                                                00000000777970d0 5 bytes JMP 00000000778e0370
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                                     0000000077797120 5 bytes JMP 00000000778e0470
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                                                                                                                           0000000077797130 5 bytes JMP 00000000778e03e0
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtOpenSection                                                                                                                                                                                00000000777971e0 5 bytes JMP 00000000778e0320
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                         0000000077797210 5 bytes JMP 00000000778e03b0
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtDuplicateObject                                                                                                                                                                            0000000077797230 5 bytes JMP 00000000778e0390
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtOpenEvent                                                                                                                                                                                  0000000077797270 5 bytes JMP 00000000778e02e0
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtQueueApcThread                                                                                                                                                                             00000000777972c0 5 bytes JMP 00000000778e0440
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtCreateEvent                                                                                                                                                                                00000000777972f0 5 bytes JMP 00000000778e02d0
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtCreateSection                                                                                                                                                                              0000000077797310 5 bytes JMP 00000000778e0310
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtCreateThread                                                                                                                                                                               0000000077797350 5 bytes JMP 00000000778e03c0
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtTerminateThread                                                                                                                                                                            00000000777973a0 5 bytes JMP 00000000778e03f0
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtAddBootEntry                                                                                                                                                                               0000000077797510 5 bytes JMP 00000000778e0230
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                                    00000000777976c0 5 bytes JMP 00000000778e0480
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                                   00000000777976f0 5 bytes JMP 00000000778e03a0
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtCreateEventPair                                                                                                                                                                            00000000777977e0 5 bytes JMP 00000000778e02f0
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                         00000000777977f0 5 bytes JMP 00000000778e0350
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtCreateMutant                                                                                                                                                                               0000000077797850 5 bytes JMP 00000000778e0290
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                            00000000777978d0 5 bytes JMP 00000000778e02b0
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                             00000000777978f0 5 bytes JMP 00000000778e03d0
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtCreateTimer                                                                                                                                                                                0000000077797900 5 bytes JMP 00000000778e0330
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                         0000000077797970 5 bytes JMP 00000000778e0410
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                            00000000777979a0 5 bytes JMP 00000000778e0240
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtLoadDriver                                                                                                                                                                                 0000000077797c30 5 bytes JMP 00000000778e01e0
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                            0000000077797cf0 5 bytes JMP 00000000778e0250
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                            0000000077797d20 5 bytes JMP 00000000778e0490
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                                   0000000077797d30 5 bytes JMP 00000000778e04a0
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtOpenEventPair                                                                                                                                                                              0000000077797d50 5 bytes JMP 00000000778e0300
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                           0000000077797d60 5 bytes JMP 00000000778e0360
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtOpenMutant                                                                                                                                                                                 0000000077797da0 5 bytes JMP 00000000778e02a0
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                              0000000077797df0 5 bytes JMP 00000000778e02c0
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtOpenThread                                                                                                                                                                                 0000000077797e20 5 bytes JMP 00000000778e0380
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtOpenTimer                                                                                                                                                                                  0000000077797e30 5 bytes JMP 00000000778e0340
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                          0000000077798310 5 bytes JMP 00000000778e0260
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtSetBootOptions                                                                                                                                                                             0000000077798320 5 bytes JMP 00000000778e0270
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                                                                                                                           0000000077798330 5 bytes JMP 00000000778e0400
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                       00000000777984e0 5 bytes JMP 00000000778e01f0
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                                        00000000777984f0 5 bytes JMP 00000000778e0210
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtShutdownSystem                                                                                                                                                                             0000000077798550 5 bytes JMP 00000000778e0200
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtSuspendProcess                                                                                                                                                                             00000000777985b0 5 bytes JMP 00000000778e0420
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtSuspendThread                                                                                                                                                                              00000000777985c0 5 bytes JMP 00000000778e0430
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                         00000000777985d0 5 bytes JMP 00000000778e0220
.text     C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtVdmControl                                                                                                                                                                                 00000000777986a0 5 bytes JMP 00000000778e0280
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                                       0000000077796f20 5 bytes JMP 0000000100060460
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtQueryObject                                                                                                                                                                                0000000077796f70 5 bytes JMP 0000000100060450
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtOpenProcess                                                                                                                                                                                00000000777970d0 5 bytes JMP 0000000100060370
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                                     0000000077797120 5 bytes JMP 0000000100060470
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                                                                                                                           0000000077797130 5 bytes JMP 00000001000603e0
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtOpenSection                                                                                                                                                                                00000000777971e0 5 bytes JMP 0000000100060320
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                         0000000077797210 5 bytes JMP 00000001000603b0
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtDuplicateObject                                                                                                                                                                            0000000077797230 5 bytes JMP 0000000100060390
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtOpenEvent                                                                                                                                                                                  0000000077797270 5 bytes JMP 00000001000602e0
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtQueueApcThread                                                                                                                                                                             00000000777972c0 5 bytes JMP 0000000100060440
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtCreateEvent                                                                                                                                                                                00000000777972f0 5 bytes JMP 00000001000602d0
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtCreateSection                                                                                                                                                                              0000000077797310 5 bytes JMP 0000000100060310
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtCreateThread                                                                                                                                                                               0000000077797350 5 bytes JMP 00000001000603c0
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtTerminateThread                                                                                                                                                                            00000000777973a0 5 bytes JMP 00000001000603f0
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtAddBootEntry                                                                                                                                                                               0000000077797510 5 bytes JMP 0000000100060230
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                                    00000000777976c0 5 bytes JMP 0000000100060480
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                                   00000000777976f0 5 bytes JMP 00000001000603a0
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtCreateEventPair                                                                                                                                                                            00000000777977e0 5 bytes JMP 00000001000602f0
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                         00000000777977f0 5 bytes JMP 0000000100060350
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtCreateMutant                                                                                                                                                                               0000000077797850 5 bytes JMP 0000000100060290
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                            00000000777978d0 5 bytes JMP 00000001000602b0
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                             00000000777978f0 5 bytes JMP 00000001000603d0
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtCreateTimer                                                                                                                                                                                0000000077797900 5 bytes JMP 0000000100060330
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                         0000000077797970 5 bytes JMP 0000000100060410
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                            00000000777979a0 5 bytes JMP 0000000100060240
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtLoadDriver                                                                                                                                                                                 0000000077797c30 5 bytes JMP 00000001000601e0
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                            0000000077797cf0 5 bytes JMP 0000000100060250
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                            0000000077797d20 5 bytes JMP 0000000100060490
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                                   0000000077797d30 5 bytes JMP 00000001000604a0
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtOpenEventPair                                                                                                                                                                              0000000077797d50 5 bytes JMP 0000000100060300
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                           0000000077797d60 5 bytes JMP 0000000100060360
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtOpenMutant                                                                                                                                                                                 0000000077797da0 5 bytes JMP 00000001000602a0
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                              0000000077797df0 5 bytes JMP 00000001000602c0
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtOpenThread                                                                                                                                                                                 0000000077797e20 5 bytes JMP 0000000100060380
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtOpenTimer                                                                                                                                                                                  0000000077797e30 5 bytes JMP 0000000100060340
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                          0000000077798310 5 bytes JMP 0000000100060260
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtSetBootOptions                                                                                                                                                                             0000000077798320 5 bytes JMP 0000000100060270
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                                                                                                                           0000000077798330 5 bytes JMP 0000000100060400
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                       00000000777984e0 5 bytes JMP 00000001000601f0
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                                        00000000777984f0 5 bytes JMP 0000000100060210
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtShutdownSystem                                                                                                                                                                             0000000077798550 5 bytes JMP 0000000100060200
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtSuspendProcess                                                                                                                                                                             00000000777985b0 5 bytes JMP 0000000100060420
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtSuspendThread                                                                                                                                                                              00000000777985c0 5 bytes JMP 0000000100060430
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                         00000000777985d0 5 bytes JMP 0000000100060220
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtVdmControl                                                                                                                                                                                 00000000777986a0 5 bytes JMP 0000000100060280
.text     C:\Windows\System32\svchost.exe[916] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194                                                                                                                                                                      0000000077542c52 1 byte [62]
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                                       0000000077796f20 5 bytes JMP 0000000100060460
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtQueryObject                                                                                                                                                                                0000000077796f70 5 bytes JMP 0000000100060450
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtOpenProcess                                                                                                                                                                                00000000777970d0 5 bytes JMP 0000000100060370
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                                     0000000077797120 5 bytes JMP 0000000100060470
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                                                                                                                           0000000077797130 5 bytes JMP 00000001000603e0
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtOpenSection                                                                                                                                                                                00000000777971e0 5 bytes JMP 0000000100060320
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                         0000000077797210 5 bytes JMP 00000001000603b0
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtDuplicateObject                                                                                                                                                                            0000000077797230 5 bytes JMP 0000000100060390
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtOpenEvent                                                                                                                                                                                  0000000077797270 5 bytes JMP 00000001000602e0
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtQueueApcThread                                                                                                                                                                             00000000777972c0 5 bytes JMP 0000000100060440
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtCreateEvent                                                                                                                                                                                00000000777972f0 5 bytes JMP 00000001000602d0
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtCreateSection                                                                                                                                                                              0000000077797310 5 bytes JMP 0000000100060310
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtCreateThread                                                                                                                                                                               0000000077797350 5 bytes JMP 00000001000603c0
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtTerminateThread                                                                                                                                                                            00000000777973a0 5 bytes JMP 00000001000603f0
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtAddBootEntry                                                                                                                                                                               0000000077797510 5 bytes JMP 0000000100060230
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                                    00000000777976c0 5 bytes JMP 0000000100060480
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                                   00000000777976f0 5 bytes JMP 00000001000603a0
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtCreateEventPair                                                                                                                                                                            00000000777977e0 5 bytes JMP 00000001000602f0
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                         00000000777977f0 5 bytes JMP 0000000100060350
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtCreateMutant                                                                                                                                                                               0000000077797850 5 bytes JMP 0000000100060290
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                            00000000777978d0 5 bytes JMP 00000001000602b0
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                             00000000777978f0 5 bytes JMP 00000001000603d0
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtCreateTimer                                                                                                                                                                                0000000077797900 5 bytes JMP 0000000100060330
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                         0000000077797970 5 bytes JMP 0000000100060410
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                            00000000777979a0 5 bytes JMP 0000000100060240
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtLoadDriver                                                                                                                                                                                 0000000077797c30 5 bytes JMP 00000001000601e0
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                            0000000077797cf0 5 bytes JMP 0000000100060250
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                            0000000077797d20 5 bytes JMP 0000000100060490
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                                   0000000077797d30 5 bytes JMP 00000001000604a0
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtOpenEventPair                                                                                                                                                                              0000000077797d50 5 bytes JMP 0000000100060300
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                           0000000077797d60 5 bytes JMP 0000000100060360
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtOpenMutant                                                                                                                                                                                 0000000077797da0 5 bytes JMP 00000001000602a0
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                              0000000077797df0 5 bytes JMP 00000001000602c0
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtOpenThread                                                                                                                                                                                 0000000077797e20 5 bytes JMP 0000000100060380
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtOpenTimer                                                                                                                                                                                  0000000077797e30 5 bytes JMP 0000000100060340
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                          0000000077798310 5 bytes JMP 0000000100060260
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtSetBootOptions                                                                                                                                                                             0000000077798320 5 bytes JMP 0000000100060270
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                                                                                                                           0000000077798330 5 bytes JMP 0000000100060400
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                       00000000777984e0 5 bytes JMP 00000001000601f0
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                                        00000000777984f0 5 bytes JMP 0000000100060210
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtShutdownSystem                                                                                                                                                                             0000000077798550 5 bytes JMP 0000000100060200
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtSuspendProcess                                                                                                                                                                             00000000777985b0 5 bytes JMP 0000000100060420
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtSuspendThread                                                                                                                                                                              00000000777985c0 5 bytes JMP 0000000100060430
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                         00000000777985d0 5 bytes JMP 0000000100060220
.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtVdmControl

Twentyflux · 13.02.2014, 19:14

GMER Teil II

Code:

ATTFilter

.text     C:\Windows\System32\svchost.exe[240] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194                                                                                                                                                                      0000000077542c52 1 byte [62]
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                                       0000000077796f20 5 bytes JMP 00000000778e0460
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtQueryObject                                                                                                                                                                                0000000077796f70 5 bytes JMP 00000000778e0450
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtOpenProcess                                                                                                                                                                                00000000777970d0 5 bytes JMP 00000000778e0370
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                                     0000000077797120 5 bytes JMP 00000000778e0470
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                                                                                                                           0000000077797130 5 bytes JMP 00000000778e03e0
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtOpenSection                                                                                                                                                                                00000000777971e0 5 bytes JMP 00000000778e0320
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                         0000000077797210 5 bytes JMP 00000000778e03b0
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtDuplicateObject                                                                                                                                                                            0000000077797230 5 bytes JMP 00000000778e0390
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtOpenEvent                                                                                                                                                                                  0000000077797270 5 bytes JMP 00000000778e02e0
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtQueueApcThread                                                                                                                                                                             00000000777972c0 5 bytes JMP 00000000778e0440
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtCreateEvent                                                                                                                                                                                00000000777972f0 5 bytes JMP 00000000778e02d0
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtCreateSection                                                                                                                                                                              0000000077797310 5 bytes JMP 00000000778e0310
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtCreateThread                                                                                                                                                                               0000000077797350 5 bytes JMP 00000000778e03c0
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtTerminateThread                                                                                                                                                                            00000000777973a0 5 bytes JMP 00000000778e03f0
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtAddBootEntry                                                                                                                                                                               0000000077797510 5 bytes JMP 00000000778e0230
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                                    00000000777976c0 5 bytes JMP 00000000778e0480
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                                   00000000777976f0 5 bytes JMP 00000000778e03a0
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtCreateEventPair                                                                                                                                                                            00000000777977e0 5 bytes JMP 00000000778e02f0
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                         00000000777977f0 5 bytes JMP 00000000778e0350
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtCreateMutant                                                                                                                                                                               0000000077797850 5 bytes JMP 00000000778e0290
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                            00000000777978d0 5 bytes JMP 00000000778e02b0
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                             00000000777978f0 5 bytes JMP 00000000778e03d0
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtCreateTimer                                                                                                                                                                                0000000077797900 5 bytes JMP 00000000778e0330
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                         0000000077797970 5 bytes JMP 00000000778e0410
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                            00000000777979a0 5 bytes JMP 00000000778e0240
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtLoadDriver                                                                                                                                                                                 0000000077797c30 5 bytes JMP 00000000778e01e0
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                            0000000077797cf0 5 bytes JMP 00000000778e0250
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                            0000000077797d20 5 bytes JMP 00000000778e0490
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                                   0000000077797d30 5 bytes JMP 00000000778e04a0
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtOpenEventPair                                                                                                                                                                              0000000077797d50 5 bytes JMP 00000000778e0300
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                           0000000077797d60 5 bytes JMP 00000000778e0360
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtOpenMutant                                                                                                                                                                                 0000000077797da0 5 bytes JMP 00000000778e02a0
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                              0000000077797df0 5 bytes JMP 00000000778e02c0
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtOpenThread                                                                                                                                                                                 0000000077797e20 5 bytes JMP 00000000778e0380
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtOpenTimer                                                                                                                                                                                  0000000077797e30 5 bytes JMP 00000000778e0340
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                          0000000077798310 5 bytes JMP 00000000778e0260
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtSetBootOptions                                                                                                                                                                             0000000077798320 5 bytes JMP 00000000778e0270
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                                                                                                                           0000000077798330 5 bytes JMP 00000000778e0400
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                       00000000777984e0 5 bytes JMP 00000000778e01f0
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                                        00000000777984f0 5 bytes JMP 00000000778e0210
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtShutdownSystem                                                                                                                                                                             0000000077798550 5 bytes JMP 00000000778e0200
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtSuspendProcess                                                                                                                                                                             00000000777985b0 5 bytes JMP 00000000778e0420
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtSuspendThread                                                                                                                                                                              00000000777985c0 5 bytes JMP 00000000778e0430
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                         00000000777985d0 5 bytes JMP 00000000778e0220
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtVdmControl                                                                                                                                                                                 00000000777986a0 5 bytes JMP 00000000778e0280
.text     C:\Windows\System32\svchost.exe[292] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194                                                                                                                                                                      0000000077542c52 1 byte [62]
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                                       0000000077796f20 5 bytes JMP 00000000778e0460
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtQueryObject                                                                                                                                                                                0000000077796f70 5 bytes JMP 00000000778e0450
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtOpenProcess                                                                                                                                                                                00000000777970d0 5 bytes JMP 00000000778e0370
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                                     0000000077797120 5 bytes JMP 00000000778e0470
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                                                                                                                           0000000077797130 5 bytes JMP 00000000778e03e0
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtOpenSection                                                                                                                                                                                00000000777971e0 5 bytes JMP 00000000778e0320
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                         0000000077797210 5 bytes JMP 00000000778e03b0
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtDuplicateObject                                                                                                                                                                            0000000077797230 5 bytes JMP 00000000778e0390
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtOpenEvent                                                                                                                                                                                  0000000077797270 5 bytes JMP 00000000778e02e0
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtQueueApcThread                                                                                                                                                                             00000000777972c0 5 bytes JMP 00000000778e0440
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtCreateEvent                                                                                                                                                                                00000000777972f0 5 bytes JMP 00000000778e02d0
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtCreateSection                                                                                                                                                                              0000000077797310 5 bytes JMP 00000000778e0310
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtCreateThread                                                                                                                                                                               0000000077797350 5 bytes JMP 00000000778e03c0
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtTerminateThread                                                                                                                                                                            00000000777973a0 5 bytes JMP 00000000778e03f0
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtAddBootEntry                                                                                                                                                                               0000000077797510 5 bytes JMP 00000000778e0230
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                                    00000000777976c0 5 bytes JMP 00000000778e0480
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                                   00000000777976f0 5 bytes JMP 00000000778e03a0
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtCreateEventPair                                                                                                                                                                            00000000777977e0 5 bytes JMP 00000000778e02f0
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                         00000000777977f0 5 bytes JMP 00000000778e0350
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtCreateMutant                                                                                                                                                                               0000000077797850 5 bytes JMP 00000000778e0290
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                            00000000777978d0 5 bytes JMP 00000000778e02b0
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                             00000000777978f0 5 bytes JMP 00000000778e03d0
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtCreateTimer                                                                                                                                                                                0000000077797900 5 bytes JMP 00000000778e0330
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                         0000000077797970 5 bytes JMP 00000000778e0410
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                            00000000777979a0 5 bytes JMP 00000000778e0240
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtLoadDriver                                                                                                                                                                                 0000000077797c30 5 bytes JMP 00000000778e01e0
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                            0000000077797cf0 5 bytes JMP 00000000778e0250
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                            0000000077797d20 5 bytes JMP 00000000778e0490
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                                   0000000077797d30 5 bytes JMP 00000000778e04a0
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtOpenEventPair                                                                                                                                                                              0000000077797d50 5 bytes JMP 00000000778e0300
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                           0000000077797d60 5 bytes JMP 00000000778e0360
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtOpenMutant                                                                                                                                                                                 0000000077797da0 5 bytes JMP 00000000778e02a0
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                              0000000077797df0 5 bytes JMP 00000000778e02c0
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtOpenThread                                                                                                                                                                                 0000000077797e20 5 bytes JMP 00000000778e0380
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtOpenTimer                                                                                                                                                                                  0000000077797e30 5 bytes JMP 00000000778e0340
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                          0000000077798310 5 bytes JMP 00000000778e0260
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtSetBootOptions                                                                                                                                                                             0000000077798320 5 bytes JMP 00000000778e0270
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                                                                                                                           0000000077798330 5 bytes JMP 00000000778e0400
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                       00000000777984e0 5 bytes JMP 00000000778e01f0
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                                        00000000777984f0 5 bytes JMP 00000000778e0210
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtShutdownSystem                                                                                                                                                                             0000000077798550 5 bytes JMP 00000000778e0200
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtSuspendProcess                                                                                                                                                                             00000000777985b0 5 bytes JMP 00000000778e0420
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtSuspendThread                                                                                                                                                                              00000000777985c0 5 bytes JMP 00000000778e0430
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                         00000000777985d0 5 bytes JMP 00000000778e0220
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtVdmControl                                                                                                                                                                                 00000000777986a0 5 bytes JMP 00000000778e0280
.text     C:\Windows\system32\svchost.exe[308] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194                                                                                                                                                                      0000000077542c52 1 byte [62]
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                                       0000000077796f20 5 bytes JMP 00000000778e0460
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtQueryObject                                                                                                                                                                                0000000077796f70 5 bytes JMP 00000000778e0450
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtOpenProcess                                                                                                                                                                                00000000777970d0 5 bytes JMP 00000000778e0370
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                                     0000000077797120 5 bytes JMP 00000000778e0470
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                                                                                                                           0000000077797130 5 bytes JMP 00000000778e03e0
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtOpenSection                                                                                                                                                                                00000000777971e0 5 bytes JMP 00000000778e0320
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                         0000000077797210 5 bytes JMP 00000000778e03b0
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtDuplicateObject                                                                                                                                                                            0000000077797230 5 bytes JMP 00000000778e0390
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtOpenEvent                                                                                                                                                                                  0000000077797270 5 bytes JMP 00000000778e02e0
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtQueueApcThread                                                                                                                                                                             00000000777972c0 5 bytes JMP 00000000778e0440
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtCreateEvent                                                                                                                                                                                00000000777972f0 5 bytes JMP 00000000778e02d0
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtCreateSection                                                                                                                                                                              0000000077797310 5 bytes JMP 00000000778e0310
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtCreateThread                                                                                                                                                                               0000000077797350 5 bytes JMP 00000000778e03c0
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtTerminateThread                                                                                                                                                                            00000000777973a0 5 bytes JMP 00000000778e03f0
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtAddBootEntry                                                                                                                                                                               0000000077797510 5 bytes JMP 00000000778e0230
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                                    00000000777976c0 5 bytes JMP 00000000778e0480
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                                   00000000777976f0 5 bytes JMP 00000000778e03a0
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtCreateEventPair                                                                                                                                                                            00000000777977e0 5 bytes JMP 00000000778e02f0
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                         00000000777977f0 5 bytes JMP 00000000778e0350
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtCreateMutant                                                                                                                                                                               0000000077797850 5 bytes JMP 00000000778e0290
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                            00000000777978d0 5 bytes JMP 00000000778e02b0
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                             00000000777978f0 5 bytes JMP 00000000778e03d0
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtCreateTimer                                                                                                                                                                                0000000077797900 5 bytes JMP 00000000778e0330
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                         0000000077797970 5 bytes JMP 00000000778e0410
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                            00000000777979a0 5 bytes JMP 00000000778e0240
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtLoadDriver                                                                                                                                                                                 0000000077797c30 5 bytes JMP 00000000778e01e0
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                            0000000077797cf0 5 bytes JMP 00000000778e0250
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                            0000000077797d20 5 bytes JMP 00000000778e0490
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                                   0000000077797d30 5 bytes JMP 00000000778e04a0
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtOpenEventPair                                                                                                                                                                              0000000077797d50 5 bytes JMP 00000000778e0300
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                           0000000077797d60 5 bytes JMP 00000000778e0360
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtOpenMutant                                                                                                                                                                                 0000000077797da0 5 bytes JMP 00000000778e02a0
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                              0000000077797df0 5 bytes JMP 00000000778e02c0
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtOpenThread                                                                                                                                                                                 0000000077797e20 5 bytes JMP 00000000778e0380
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtOpenTimer                                                                                                                                                                                  0000000077797e30 5 bytes JMP 00000000778e0340
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                          0000000077798310 5 bytes JMP 00000000778e0260
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtSetBootOptions                                                                                                                                                                             0000000077798320 5 bytes JMP 00000000778e0270
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                                                                                                                           0000000077798330 5 bytes JMP 00000000778e0400
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                       00000000777984e0 5 bytes JMP 00000000778e01f0
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                                        00000000777984f0 5 bytes JMP 00000000778e0210
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtShutdownSystem                                                                                                                                                                             0000000077798550 5 bytes JMP 00000000778e0200
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtSuspendProcess                                                                                                                                                                             00000000777985b0 5 bytes JMP 00000000778e0420
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtSuspendThread                                                                                                                                                                              00000000777985c0 5 bytes JMP 00000000778e0430
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                         00000000777985d0 5 bytes JMP 00000000778e0220
.text     C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtVdmControl                                                                                                                                                                                 00000000777986a0 5 bytes JMP 00000000778e0280
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                                         0000000077796f20 5 bytes JMP 00000000778e0460
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtQueryObject                                                                                                                                                                                  0000000077796f70 5 bytes JMP 00000000778e0450
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtOpenProcess                                                                                                                                                                                  00000000777970d0 5 bytes JMP 00000000778e0370
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                                       0000000077797120 5 bytes JMP 00000000778e0470
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                                                                                                                             0000000077797130 5 bytes JMP 00000000778e03e0
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtOpenSection                                                                                                                                                                                  00000000777971e0 5 bytes JMP 00000000778e0320
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                           0000000077797210 5 bytes JMP 00000000778e03b0
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtDuplicateObject                                                                                                                                                                              0000000077797230 5 bytes JMP 00000000778e0390
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtOpenEvent                                                                                                                                                                                    0000000077797270 5 bytes JMP 00000000778e02e0
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtQueueApcThread                                                                                                                                                                               00000000777972c0 5 bytes JMP 00000000778e0440
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtCreateEvent                                                                                                                                                                                  00000000777972f0 5 bytes JMP 00000000778e02d0
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtCreateSection                                                                                                                                                                                0000000077797310 5 bytes JMP 00000000778e0310
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtCreateThread                                                                                                                                                                                 0000000077797350 5 bytes JMP 00000000778e03c0
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtTerminateThread                                                                                                                                                                              00000000777973a0 5 bytes JMP 00000000778e03f0
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtAddBootEntry                                                                                                                                                                                 0000000077797510 5 bytes JMP 00000000778e0230
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                                      00000000777976c0 5 bytes JMP 00000000778e0480
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                                     00000000777976f0 5 bytes JMP 00000000778e03a0
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtCreateEventPair                                                                                                                                                                              00000000777977e0 5 bytes JMP 00000000778e02f0
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                           00000000777977f0 5 bytes JMP 00000000778e0350
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtCreateMutant                                                                                                                                                                                 0000000077797850 5 bytes JMP 00000000778e0290
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                              00000000777978d0 5 bytes JMP 00000000778e02b0
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                               00000000777978f0 5 bytes JMP 00000000778e03d0
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtCreateTimer                                                                                                                                                                                  0000000077797900 5 bytes JMP 00000000778e0330
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                           0000000077797970 5 bytes JMP 00000000778e0410
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                              00000000777979a0 5 bytes JMP 00000000778e0240
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtLoadDriver                                                                                                                                                                                   0000000077797c30 5 bytes JMP 00000000778e01e0
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                              0000000077797cf0 5 bytes JMP 00000000778e0250
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                              0000000077797d20 5 bytes JMP 00000000778e0490
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                                     0000000077797d30 5 bytes JMP 00000000778e04a0
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtOpenEventPair                                                                                                                                                                                0000000077797d50 5 bytes JMP 00000000778e0300
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                             0000000077797d60 5 bytes JMP 00000000778e0360
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtOpenMutant                                                                                                                                                                                   0000000077797da0 5 bytes JMP 00000000778e02a0
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                                0000000077797df0 5 bytes JMP 00000000778e02c0
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtOpenThread                                                                                                                                                                                   0000000077797e20 5 bytes JMP 00000000778e0380
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtOpenTimer                                                                                                                                                                                    0000000077797e30 5 bytes JMP 00000000778e0340
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                            0000000077798310 5 bytes JMP 00000000778e0260
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtSetBootOptions                                                                                                                                                                               0000000077798320 5 bytes JMP 00000000778e0270
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                                                                                                                             0000000077798330 5 bytes JMP 00000000778e0400
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                         00000000777984e0 5 bytes JMP 00000000778e01f0
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                                          00000000777984f0 5 bytes JMP 00000000778e0210
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtShutdownSystem                                                                                                                                                                               0000000077798550 5 bytes JMP 00000000778e0200
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtSuspendProcess                                                                                                                                                                               00000000777985b0 5 bytes JMP 00000000778e0420
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtSuspendThread                                                                                                                                                                                00000000777985c0 5 bytes JMP 00000000778e0430
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                           00000000777985d0 5 bytes JMP 00000000778e0220
.text     C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtVdmControl                                                                                                                                                                                   00000000777986a0 5 bytes JMP 00000000778e0280
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                                       0000000077796f20 5 bytes JMP 00000000778e0460
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtQueryObject                                                                                                                                                                                0000000077796f70 5 bytes JMP 00000000778e0450
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtOpenProcess                                                                                                                                                                                00000000777970d0 5 bytes JMP 00000000778e0370
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                                     0000000077797120 5 bytes JMP 00000000778e0470
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                                                                                                                           0000000077797130 5 bytes JMP 00000000778e03e0
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtOpenSection                                                                                                                                                                                00000000777971e0 5 bytes JMP 00000000778e0320
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                         0000000077797210 5 bytes JMP 00000000778e03b0
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtDuplicateObject                                                                                                                                                                            0000000077797230 5 bytes JMP 00000000778e0390
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtOpenEvent                                                                                                                                                                                  0000000077797270 5 bytes JMP 00000000778e02e0
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtQueueApcThread                                                                                                                                                                             00000000777972c0 5 bytes JMP 00000000778e0440
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtCreateEvent                                                                                                                                                                                00000000777972f0 5 bytes JMP 00000000778e02d0
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtCreateSection                                                                                                                                                                              0000000077797310 5 bytes JMP 00000000778e0310
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtCreateThread                                                                                                                                                                               0000000077797350 5 bytes JMP 00000000778e03c0
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtTerminateThread                                                                                                                                                                            00000000777973a0 5 bytes JMP 00000000778e03f0
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtAddBootEntry                                                                                                                                                                               0000000077797510 5 bytes JMP 00000000778e0230
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                                    00000000777976c0 5 bytes JMP 00000000778e0480
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                                   00000000777976f0 5 bytes JMP 00000000778e03a0
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtCreateEventPair                                                                                                                                                                            00000000777977e0 5 bytes JMP 00000000778e02f0
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                         00000000777977f0 5 bytes JMP 00000000778e0350
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtCreateMutant                                                                                                                                                                               0000000077797850 5 bytes JMP 00000000778e0290
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                            00000000777978d0 5 bytes JMP 00000000778e02b0
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                             00000000777978f0 5 bytes JMP 00000000778e03d0
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtCreateTimer                                                                                                                                                                                0000000077797900 5 bytes JMP 00000000778e0330
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                         0000000077797970 5 bytes JMP 00000000778e0410
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                            00000000777979a0 5 bytes JMP 00000000778e0240
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtLoadDriver                                                                                                                                                                                 0000000077797c30 5 bytes JMP 00000000778e01e0
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                            0000000077797cf0 5 bytes JMP 00000000778e0250
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                            0000000077797d20 5 bytes JMP 00000000778e0490
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                                   0000000077797d30 5 bytes JMP 00000000778e04a0
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtOpenEventPair                                                                                                                                                                              0000000077797d50 5 bytes JMP 00000000778e0300
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                           0000000077797d60 5 bytes JMP 00000000778e0360
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtOpenMutant                                                                                                                                                                                 0000000077797da0 5 bytes JMP 00000000778e02a0
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                              0000000077797df0 5 bytes JMP 00000000778e02c0
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtOpenThread                                                                                                                                                                                 0000000077797e20 5 bytes JMP 00000000778e0380
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtOpenTimer                                                                                                                                                                                  0000000077797e30 5 bytes JMP 00000000778e0340
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                          0000000077798310 5 bytes JMP 00000000778e0260
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtSetBootOptions                                                                                                                                                                             0000000077798320 5 bytes JMP 00000000778e0270
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                                                                                                                           0000000077798330 5 bytes JMP 00000000778e0400
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                       00000000777984e0 5 bytes JMP 00000000778e01f0
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                                        00000000777984f0 5 bytes JMP 00000000778e0210
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtShutdownSystem                                                                                                                                                                             0000000077798550 5 bytes JMP 00000000778e0200
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtSuspendProcess                                                                                                                                                                             00000000777985b0 5 bytes JMP 00000000778e0420
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtSuspendThread                                                                                                                                                                              00000000777985c0 5 bytes JMP 00000000778e0430
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                         00000000777985d0 5 bytes JMP 00000000778e0220
.text     C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtVdmControl                                                                                                                                                                                 00000000777986a0 5 bytes JMP 00000000778e0280
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                                      0000000077796f20 5 bytes JMP 00000000778e0460
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtQueryObject                                                                                                                                                                               0000000077796f70 5 bytes JMP 00000000778e0450
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtOpenProcess                                                                                                                                                                               00000000777970d0 5 bytes JMP 00000000778e0370
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                                    0000000077797120 5 bytes JMP 00000000778e0470
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                                                                                                                          0000000077797130 5 bytes JMP 00000000778e03e0
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtOpenSection                                                                                                                                                                               00000000777971e0 5 bytes JMP 00000000778e0320
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                        0000000077797210 5 bytes JMP 00000000778e03b0
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtDuplicateObject                                                                                                                                                                           0000000077797230 5 bytes JMP 00000000778e0390
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtOpenEvent                                                                                                                                                                                 0000000077797270 5 bytes JMP 00000000778e02e0
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtQueueApcThread                                                                                                                                                                            00000000777972c0 5 bytes JMP 00000000778e0440
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtCreateEvent                                                                                                                                                                               00000000777972f0 5 bytes JMP 00000000778e02d0
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtCreateSection                                                                                                                                                                             0000000077797310 5 bytes JMP 00000000778e0310
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtCreateThread                                                                                                                                                                              0000000077797350 5 bytes JMP 00000000778e03c0
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtTerminateThread                                                                                                                                                                           00000000777973a0 5 bytes JMP 00000000778e03f0
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtAddBootEntry                                                                                                                                                                              0000000077797510 5 bytes JMP 00000000778e0230
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                                   00000000777976c0 5 bytes JMP 00000000778e0480
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                                  00000000777976f0 5 bytes JMP 00000000778e03a0
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtCreateEventPair                                                                                                                                                                           00000000777977e0 5 bytes JMP 00000000778e02f0
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                        00000000777977f0 5 bytes JMP 00000000778e0350
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtCreateMutant                                                                                                                                                                              0000000077797850 5 bytes JMP 00000000778e0290
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                           00000000777978d0 5 bytes JMP 00000000778e02b0
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                            00000000777978f0 5 bytes JMP 00000000778e03d0
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtCreateTimer                                                                                                                                                                               0000000077797900 5 bytes JMP 00000000778e0330
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                        0000000077797970 5 bytes JMP 00000000778e0410
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                           00000000777979a0 5 bytes JMP 00000000778e0240
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtLoadDriver                                                                                                                                                                                0000000077797c30 5 bytes JMP 00000000778e01e0
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                           0000000077797cf0 5 bytes JMP 00000000778e0250
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                           0000000077797d20 5 bytes JMP 00000000778e0490
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                                  0000000077797d30 5 bytes JMP 00000000778e04a0
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtOpenEventPair                                                                                                                                                                             0000000077797d50 5 bytes JMP 00000000778e0300
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                          0000000077797d60 5 bytes JMP 00000000778e0360
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtOpenMutant                                                                                                                                                                                0000000077797da0 5 bytes JMP 00000000778e02a0
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                             0000000077797df0 5 bytes JMP 00000000778e02c0
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtOpenThread                                                                                                                                                                                0000000077797e20 5 bytes JMP 00000000778e0380
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtOpenTimer                                                                                                                                                                                 0000000077797e30 5 bytes JMP 00000000778e0340
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                         0000000077798310 5 bytes JMP 00000000778e0260
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtSetBootOptions                                                                                                                                                                            0000000077798320 5 bytes JMP 00000000778e0270
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                                                                                                                          0000000077798330 5 bytes JMP 00000000778e0400
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                      00000000777984e0 5 bytes JMP 00000000778e01f0
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                                       00000000777984f0 5 bytes JMP 00000000778e0210
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtShutdownSystem                                                                                                                                                                            0000000077798550 5 bytes JMP 00000000778e0200
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtSuspendProcess                                                                                                                                                                            00000000777985b0 5 bytes JMP 00000000778e0420
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtSuspendThread                                                                                                                                                                             00000000777985c0 5 bytes JMP 00000000778e0430
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                        00000000777985d0 5 bytes JMP 00000000778e0220
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtVdmControl                                                                                                                                                                                00000000777986a0 5 bytes JMP 00000000778e0280
.text     C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194                                                                                                                                                                     0000000077542c52 1 byte [62]
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                                              0000000077796f20 5 bytes JMP 00000000778e0460
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtQueryObject                                                                                                                                                                                       0000000077796f70 5 bytes JMP 00000000778e0450
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtOpenProcess                                                                                                                                                                                       00000000777970d0 5 bytes JMP 00000000778e0370
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                                            0000000077797120 5 bytes JMP 00000000778e0470
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                                                                                                                                  0000000077797130 5 bytes JMP 00000000778e03e0
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtOpenSection                                                                                                                                                                                       00000000777971e0 5 bytes JMP 00000000778e0320
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                                0000000077797210 5 bytes JMP 00000000778e03b0
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtDuplicateObject                                                                                                                                                                                   0000000077797230 5 bytes JMP 00000000778e0390
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtOpenEvent                                                                                                                                                                                         0000000077797270 5 bytes JMP 00000000778e02e0
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtQueueApcThread                                                                                                                                                                                    00000000777972c0 5 bytes JMP 00000000778e0440
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtCreateEvent                                                                                                                                                                                       00000000777972f0 5 bytes JMP 00000000778e02d0
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtCreateSection                                                                                                                                                                                     0000000077797310 5 bytes JMP 00000000778e0310
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtCreateThread                                                                                                                                                                                      0000000077797350 5 bytes JMP 00000000778e03c0
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtTerminateThread                                                                                                                                                                                   00000000777973a0 5 bytes JMP 00000000778e03f0
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtAddBootEntry                                                                                                                                                                                      0000000077797510 5 bytes JMP 00000000778e0230
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                                           00000000777976c0 5 bytes JMP 00000000778e0480
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                                          00000000777976f0 5 bytes JMP 00000000778e03a0
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtCreateEventPair                                                                                                                                                                                   00000000777977e0 5 bytes JMP 00000000778e02f0
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                                00000000777977f0 5 bytes JMP 00000000778e0350
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtCreateMutant                                                                                                                                                                                      0000000077797850 5 bytes JMP 00000000778e0290
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                                   00000000777978d0 5 bytes JMP 00000000778e02b0
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                                    00000000777978f0 5 bytes JMP 00000000778e03d0
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtCreateTimer                                                                                                                                                                                       0000000077797900 5 bytes JMP 00000000778e0330
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                                0000000077797970 5 bytes JMP 00000000778e0410
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                                   00000000777979a0 5 bytes JMP 00000000778e0240
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtLoadDriver                                                                                                                                                                                        0000000077797c30 5 bytes JMP 00000000778e01e0
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                                   0000000077797cf0 5 bytes JMP 00000000778e0250
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                                   0000000077797d20 5 bytes JMP 00000000778e0490
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                                          0000000077797d30 5 bytes JMP 00000000778e04a0
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtOpenEventPair                                                                                                                                                                                     0000000077797d50 5 bytes JMP 00000000778e0300
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                                  0000000077797d60 5 bytes JMP 00000000778e0360
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtOpenMutant                                                                                                                                                                                        0000000077797da0 5 bytes JMP 00000000778e02a0
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                                     0000000077797df0 5 bytes JMP 00000000778e02c0
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtOpenThread                                                                                                                                                                                        0000000077797e20 5 bytes JMP 00000000778e0380
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtOpenTimer                                                                                                                                                                                         0000000077797e30 5 bytes JMP 00000000778e0340
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                                 0000000077798310 5 bytes JMP 00000000778e0260
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtSetBootOptions                                                                                                                                                                                    0000000077798320 5 bytes JMP 00000000778e0270
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                                                                                                                                  0000000077798330 5 bytes JMP 00000000778e0400
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                              00000000777984e0 5 bytes JMP 00000000778e01f0
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                                               00000000777984f0 5 bytes JMP 00000000778e0210
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtShutdownSystem                                                                                                                                                                                    0000000077798550 5 bytes JMP 00000000778e0200
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtSuspendProcess                                                                                                                                                                                    00000000777985b0 5 bytes JMP 00000000778e0420
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtSuspendThread                                                                                                                                                                                     00000000777985c0 5 bytes JMP 00000000778e0430
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                                00000000777985d0 5 bytes JMP 00000000778e0220
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtVdmControl                                                                                                                                                                                        00000000777986a0 5 bytes JMP 00000000778e0280
.text     C:\Windows\Explorer.EXE[1392] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194                                                                                                                                                                             0000000077542c52 1 byte [62]
.text     C:\ProgramData\IePluginService\PluginService.exe[1444] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130                                                                                                                                                    0000000076a14228 1 byte [62]
.text     C:\ProgramData\WPM\wprotectmanager.exe[1484] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130                                                                                                                                                              0000000076a14228 1 byte [62]
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                        0000000077796f20 5 bytes JMP 00000000778e0460
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtQueryObject                                                                                                                                                                 0000000077796f70 5 bytes JMP 00000000778e0450
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtOpenProcess                                                                                                                                                                 00000000777970d0 5 bytes JMP 00000000778e0370
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                      0000000077797120 5 bytes JMP 00000000778e0470
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                                                                                                            0000000077797130 5 bytes JMP 00000000778e03e0
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtOpenSection                                                                                                                                                                 00000000777971e0 5 bytes JMP 00000000778e0320
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                          0000000077797210 5 bytes JMP 00000000778e03b0
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtDuplicateObject                                                                                                                                                             0000000077797230 5 bytes JMP 00000000778e0390
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtOpenEvent                                                                                                                                                                   0000000077797270 5 bytes JMP 00000000778e02e0
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtQueueApcThread                                                                                                                                                              00000000777972c0 5 bytes JMP 00000000778e0440
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtCreateEvent                                                                                                                                                                 00000000777972f0 5 bytes JMP 00000000778e02d0
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtCreateSection                                                                                                                                                               0000000077797310 5 bytes JMP 00000000778e0310
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtCreateThread                                                                                                                                                                0000000077797350 5 bytes JMP 00000000778e03c0
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtTerminateThread                                                                                                                                                             00000000777973a0 5 bytes JMP 00000000778e03f0
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtAddBootEntry                                                                                                                                                                0000000077797510 5 bytes JMP 00000000778e0230
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                     00000000777976c0 5 bytes JMP 00000000778e0480
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                    00000000777976f0 5 bytes JMP 00000000778e03a0
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtCreateEventPair                                                                                                                                                             00000000777977e0 5 bytes JMP 00000000778e02f0
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                          00000000777977f0 5 bytes JMP 00000000778e0350
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtCreateMutant                                                                                                                                                                0000000077797850 5 bytes JMP 00000000778e0290
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtCreateSemaphore                                                                                                                                                             00000000777978d0 5 bytes JMP 00000000778e02b0
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtCreateThreadEx                                                                                                                                                              00000000777978f0 5 bytes JMP 00000000778e03d0
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtCreateTimer                                                                                                                                                                 0000000077797900 5 bytes JMP 00000000778e0330
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                          0000000077797970 5 bytes JMP 00000000778e0410
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                             00000000777979a0 5 bytes JMP 00000000778e0240
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtLoadDriver                                                                                                                                                                  0000000077797c30 5 bytes JMP 00000000778e01e0
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtModifyBootEntry                                                                                                                                                             0000000077797cf0 5 bytes JMP 00000000778e0250
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                             0000000077797d20 5 bytes JMP 00000000778e0490
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                    0000000077797d30 5 bytes JMP 00000000778e04a0
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtOpenEventPair                                                                                                                                                               0000000077797d50 5 bytes JMP 00000000778e0300
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                            0000000077797d60 5 bytes JMP 00000000778e0360
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtOpenMutant                                                                                                                                                                  0000000077797da0 5 bytes JMP 00000000778e02a0
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtOpenSemaphore                                                                                                                                                               0000000077797df0 5 bytes JMP 00000000778e02c0
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtOpenThread                                                                                                                                                                  0000000077797e20 5 bytes JMP 00000000778e0380
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtOpenTimer                                                                                                                                                                   0000000077797e30 5 bytes JMP 00000000778e0340
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                           0000000077798310 5 bytes JMP 00000000778e0260
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtSetBootOptions                                                                                                                                                              0000000077798320 5 bytes JMP 00000000778e0270
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                                                                                                            0000000077798330 5 bytes JMP 00000000778e0400
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtSetSystemInformation                                                                                                                                                        00000000777984e0 5 bytes JMP 00000000778e01f0
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                         00000000777984f0 5 bytes JMP 00000000778e0210
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtShutdownSystem                                                                                                                                                              0000000077798550 5 bytes JMP 00000000778e0200
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtSuspendProcess                                                                                                                                                              00000000777985b0 5 bytes JMP 00000000778e0420
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtSuspendThread                                                                                                                                                               00000000777985c0 5 bytes JMP 00000000778e0430
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtSystemDebugControl                                                                                                                                                          00000000777985d0 5 bytes JMP 00000000778e0220
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtVdmControl                                                                                                                                                                  00000000777986a0 5 bytes JMP 00000000778e0280
.text     C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194

Twentyflux · 13.02.2014, 19:14

GMER Teil III

Code:

ATTFilter

.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                                     0000000077796f20 5 bytes JMP 00000000778e0460
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtQueryObject                                                                                                                                                                              0000000077796f70 5 bytes JMP 00000000778e0450
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtOpenProcess                                                                                                                                                                              00000000777970d0 5 bytes JMP 00000000778e0370
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                                   0000000077797120 5 bytes JMP 00000000778e0470
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                                                                                                                         0000000077797130 5 bytes JMP 00000000778e03e0
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtOpenSection                                                                                                                                                                              00000000777971e0 5 bytes JMP 00000000778e0320
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                       0000000077797210 5 bytes JMP 00000000778e03b0
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtDuplicateObject                                                                                                                                                                          0000000077797230 5 bytes JMP 00000000778e0390
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtOpenEvent                                                                                                                                                                                0000000077797270 5 bytes JMP 00000000778e02e0
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtQueueApcThread                                                                                                                                                                           00000000777972c0 5 bytes JMP 00000000778e0440
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtCreateEvent                                                                                                                                                                              00000000777972f0 5 bytes JMP 00000000778e02d0
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtCreateSection                                                                                                                                                                            0000000077797310 5 bytes JMP 00000000778e0310
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtCreateThread                                                                                                                                                                             0000000077797350 5 bytes JMP 00000000778e03c0
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtTerminateThread                                                                                                                                                                          00000000777973a0 5 bytes JMP 00000000778e03f0
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtAddBootEntry                                                                                                                                                                             0000000077797510 5 bytes JMP 00000000778e0230
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                                  00000000777976c0 5 bytes JMP 00000000778e0480
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                                 00000000777976f0 5 bytes JMP 00000000778e03a0
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtCreateEventPair                                                                                                                                                                          00000000777977e0 5 bytes JMP 00000000778e02f0
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                       00000000777977f0 5 bytes JMP 00000000778e0350
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtCreateMutant                                                                                                                                                                             0000000077797850 5 bytes JMP 00000000778e0290
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                          00000000777978d0 5 bytes JMP 00000000778e02b0
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                           00000000777978f0 5 bytes JMP 00000000778e03d0
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtCreateTimer                                                                                                                                                                              0000000077797900 5 bytes JMP 00000000778e0330
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                       0000000077797970 5 bytes JMP 00000000778e0410
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                          00000000777979a0 5 bytes JMP 00000000778e0240
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtLoadDriver                                                                                                                                                                               0000000077797c30 5 bytes JMP 00000000778e01e0
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                          0000000077797cf0 5 bytes JMP 00000000778e0250
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                          0000000077797d20 5 bytes JMP 00000000778e0490
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                                 0000000077797d30 5 bytes JMP 00000000778e04a0
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtOpenEventPair                                                                                                                                                                            0000000077797d50 5 bytes JMP 00000000778e0300
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                         0000000077797d60 5 bytes JMP 00000000778e0360
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtOpenMutant                                                                                                                                                                               0000000077797da0 5 bytes JMP 00000000778e02a0
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                            0000000077797df0 5 bytes JMP 00000000778e02c0
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtOpenThread                                                                                                                                                                               0000000077797e20 5 bytes JMP 00000000778e0380
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtOpenTimer                                                                                                                                                                                0000000077797e30 5 bytes JMP 00000000778e0340
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                        0000000077798310 5 bytes JMP 00000000778e0260
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtSetBootOptions                                                                                                                                                                           0000000077798320 5 bytes JMP 00000000778e0270
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                                                                                                                         0000000077798330 5 bytes JMP 00000000778e0400
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                     00000000777984e0 5 bytes JMP 00000000778e01f0
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                                      00000000777984f0 5 bytes JMP 00000000778e0210
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtShutdownSystem                                                                                                                                                                           0000000077798550 5 bytes JMP 00000000778e0200
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtSuspendProcess                                                                                                                                                                           00000000777985b0 5 bytes JMP 00000000778e0420
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtSuspendThread                                                                                                                                                                            00000000777985c0 5 bytes JMP 00000000778e0430
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                       00000000777985d0 5 bytes JMP 00000000778e0220
.text     C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtVdmControl                                                                                                                                                                               00000000777986a0 5 bytes JMP 00000000778e0280
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                                        0000000077796f20 5 bytes JMP 00000000778e0460
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtQueryObject                                                                                                                                                                                 0000000077796f70 5 bytes JMP 00000000778e0450
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtOpenProcess                                                                                                                                                                                 00000000777970d0 5 bytes JMP 00000000778e0370
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                                      0000000077797120 5 bytes JMP 00000000778e0470
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                                                                                                                            0000000077797130 5 bytes JMP 00000000778e03e0
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtOpenSection                                                                                                                                                                                 00000000777971e0 5 bytes JMP 00000000778e0320
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                          0000000077797210 5 bytes JMP 00000000778e03b0
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtDuplicateObject                                                                                                                                                                             0000000077797230 5 bytes JMP 00000000778e0390
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtOpenEvent                                                                                                                                                                                   0000000077797270 5 bytes JMP 00000000778e02e0
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtQueueApcThread                                                                                                                                                                              00000000777972c0 5 bytes JMP 00000000778e0440
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtCreateEvent                                                                                                                                                                                 00000000777972f0 5 bytes JMP 00000000778e02d0
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtCreateSection                                                                                                                                                                               0000000077797310 5 bytes JMP 00000000778e0310
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtCreateThread                                                                                                                                                                                0000000077797350 5 bytes JMP 00000000778e03c0
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtTerminateThread                                                                                                                                                                             00000000777973a0 5 bytes JMP 00000000778e03f0
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtAddBootEntry                                                                                                                                                                                0000000077797510 5 bytes JMP 00000000778e0230
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                                     00000000777976c0 5 bytes JMP 00000000778e0480
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                                    00000000777976f0 5 bytes JMP 00000000778e03a0
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtCreateEventPair                                                                                                                                                                             00000000777977e0 5 bytes JMP 00000000778e02f0
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                          00000000777977f0 5 bytes JMP 00000000778e0350
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtCreateMutant                                                                                                                                                                                0000000077797850 5 bytes JMP 00000000778e0290
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                             00000000777978d0 5 bytes JMP 00000000778e02b0
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                              00000000777978f0 5 bytes JMP 00000000778e03d0
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtCreateTimer                                                                                                                                                                                 0000000077797900 5 bytes JMP 00000000778e0330
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                          0000000077797970 5 bytes JMP 00000000778e0410
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                             00000000777979a0 5 bytes JMP 00000000778e0240
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtLoadDriver                                                                                                                                                                                  0000000077797c30 5 bytes JMP 00000000778e01e0
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                             0000000077797cf0 5 bytes JMP 00000000778e0250
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                             0000000077797d20 5 bytes JMP 00000000778e0490
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                                    0000000077797d30 5 bytes JMP 00000000778e04a0
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtOpenEventPair                                                                                                                                                                               0000000077797d50 5 bytes JMP 00000000778e0300
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                            0000000077797d60 5 bytes JMP 00000000778e0360
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtOpenMutant                                                                                                                                                                                  0000000077797da0 5 bytes JMP 00000000778e02a0
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                               0000000077797df0 5 bytes JMP 00000000778e02c0
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtOpenThread                                                                                                                                                                                  0000000077797e20 5 bytes JMP 00000000778e0380
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtOpenTimer                                                                                                                                                                                   0000000077797e30 5 bytes JMP 00000000778e0340
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                           0000000077798310 5 bytes JMP 00000000778e0260
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtSetBootOptions                                                                                                                                                                              0000000077798320 5 bytes JMP 00000000778e0270
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                                                                                                                            0000000077798330 5 bytes JMP 00000000778e0400
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                        00000000777984e0 5 bytes JMP 00000000778e01f0
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                                         00000000777984f0 5 bytes JMP 00000000778e0210
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtShutdownSystem                                                                                                                                                                              0000000077798550 5 bytes JMP 00000000778e0200
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtSuspendProcess                                                                                                                                                                              00000000777985b0 5 bytes JMP 00000000778e0420
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtSuspendThread                                                                                                                                                                               00000000777985c0 5 bytes JMP 00000000778e0430
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                          00000000777985d0 5 bytes JMP 00000000778e0220
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtVdmControl                                                                                                                                                                                  00000000777986a0 5 bytes JMP 00000000778e0280
.text     C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194                                                                                                                                                                       0000000077542c52 1 byte [62]
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                                     0000000077796f20 5 bytes JMP 00000000778e0460
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtQueryObject                                                                                                                                                                              0000000077796f70 5 bytes JMP 00000000778e0450
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtOpenProcess                                                                                                                                                                              00000000777970d0 5 bytes JMP 00000000778e0370
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                                   0000000077797120 5 bytes JMP 00000000778e0470
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                                                                                                                         0000000077797130 5 bytes JMP 00000000778e03e0
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtOpenSection                                                                                                                                                                              00000000777971e0 5 bytes JMP 00000000778e0320
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                       0000000077797210 5 bytes JMP 00000000778e03b0
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtDuplicateObject                                                                                                                                                                          0000000077797230 5 bytes JMP 00000000778e0390
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtOpenEvent                                                                                                                                                                                0000000077797270 5 bytes JMP 00000000778e02e0
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtQueueApcThread                                                                                                                                                                           00000000777972c0 5 bytes JMP 00000000778e0440
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtCreateEvent                                                                                                                                                                              00000000777972f0 5 bytes JMP 00000000778e02d0
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtCreateSection                                                                                                                                                                            0000000077797310 5 bytes JMP 00000000778e0310
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtCreateThread                                                                                                                                                                             0000000077797350 5 bytes JMP 00000000778e03c0
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtTerminateThread                                                                                                                                                                          00000000777973a0 5 bytes JMP 00000000778e03f0
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtAddBootEntry                                                                                                                                                                             0000000077797510 5 bytes JMP 00000000778e0230
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                                  00000000777976c0 5 bytes JMP 00000000778e0480
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                                 00000000777976f0 5 bytes JMP 00000000778e03a0
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtCreateEventPair                                                                                                                                                                          00000000777977e0 5 bytes JMP 00000000778e02f0
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                       00000000777977f0 5 bytes JMP 00000000778e0350
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtCreateMutant                                                                                                                                                                             0000000077797850 5 bytes JMP 00000000778e0290
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                          00000000777978d0 5 bytes JMP 00000000778e02b0
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                           00000000777978f0 5 bytes JMP 00000000778e03d0
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtCreateTimer                                                                                                                                                                              0000000077797900 5 bytes JMP 00000000778e0330
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                       0000000077797970 5 bytes JMP 00000000778e0410
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                          00000000777979a0 5 bytes JMP 00000000778e0240
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtLoadDriver                                                                                                                                                                               0000000077797c30 5 bytes JMP 00000000778e01e0
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                          0000000077797cf0 5 bytes JMP 00000000778e0250
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                          0000000077797d20 5 bytes JMP 00000000778e0490
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                                 0000000077797d30 5 bytes JMP 00000000778e04a0
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtOpenEventPair                                                                                                                                                                            0000000077797d50 5 bytes JMP 00000000778e0300
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                         0000000077797d60 5 bytes JMP 00000000778e0360
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtOpenMutant                                                                                                                                                                               0000000077797da0 5 bytes JMP 00000000778e02a0
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                            0000000077797df0 5 bytes JMP 00000000778e02c0
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtOpenThread                                                                                                                                                                               0000000077797e20 5 bytes JMP 00000000778e0380
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtOpenTimer                                                                                                                                                                                0000000077797e30 5 bytes JMP 00000000778e0340
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                        0000000077798310 5 bytes JMP 00000000778e0260
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtSetBootOptions                                                                                                                                                                           0000000077798320 5 bytes JMP 00000000778e0270
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                                                                                                                         0000000077798330 5 bytes JMP 00000000778e0400
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                     00000000777984e0 5 bytes JMP 00000000778e01f0
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                                      00000000777984f0 5 bytes JMP 00000000778e0210
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtShutdownSystem                                                                                                                                                                           0000000077798550 5 bytes JMP 00000000778e0200
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtSuspendProcess                                                                                                                                                                           00000000777985b0 5 bytes JMP 00000000778e0420
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtSuspendThread                                                                                                                                                                            00000000777985c0 5 bytes JMP 00000000778e0430
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                       00000000777985d0 5 bytes JMP 00000000778e0220
.text     C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtVdmControl                                                                                                                                                                               00000000777986a0 5 bytes JMP 00000000778e0280
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                         0000000077796f20 5 bytes JMP 0000000100060460
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtQueryObject                                                                                                                                                                  0000000077796f70 5 bytes JMP 0000000100060450
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtOpenProcess                                                                                                                                                                  00000000777970d0 5 bytes JMP 0000000100060370
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                       0000000077797120 5 bytes JMP 0000000100060470
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                                                                                                             0000000077797130 5 bytes JMP 00000001000603e0
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtOpenSection                                                                                                                                                                  00000000777971e0 5 bytes JMP 0000000100060320
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                           0000000077797210 5 bytes JMP 00000001000603b0
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtDuplicateObject                                                                                                                                                              0000000077797230 5 bytes JMP 0000000100060390
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtOpenEvent                                                                                                                                                                    0000000077797270 5 bytes JMP 00000001000602e0
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtQueueApcThread                                                                                                                                                               00000000777972c0 5 bytes JMP 0000000100060440
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtCreateEvent                                                                                                                                                                  00000000777972f0 5 bytes JMP 00000001000602d0
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtCreateSection                                                                                                                                                                0000000077797310 5 bytes JMP 0000000100060310
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtCreateThread                                                                                                                                                                 0000000077797350 5 bytes JMP 00000001000603c0
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtTerminateThread                                                                                                                                                              00000000777973a0 5 bytes JMP 00000001000603f0
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtAddBootEntry                                                                                                                                                                 0000000077797510 5 bytes JMP 0000000100060230
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                      00000000777976c0 5 bytes JMP 0000000100060480
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                     00000000777976f0 5 bytes JMP 00000001000603a0
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtCreateEventPair                                                                                                                                                              00000000777977e0 5 bytes JMP 00000001000602f0
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                           00000000777977f0 5 bytes JMP 0000000100060350
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtCreateMutant                                                                                                                                                                 0000000077797850 5 bytes JMP 0000000100060290
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtCreateSemaphore                                                                                                                                                              00000000777978d0 5 bytes JMP 00000001000602b0
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtCreateThreadEx                                                                                                                                                               00000000777978f0 5 bytes JMP 00000001000603d0
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtCreateTimer                                                                                                                                                                  0000000077797900 5 bytes JMP 0000000100060330
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                           0000000077797970 5 bytes JMP 0000000100060410
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                              00000000777979a0 5 bytes JMP 0000000100060240
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtLoadDriver                                                                                                                                                                   0000000077797c30 5 bytes JMP 00000001000601e0
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtModifyBootEntry                                                                                                                                                              0000000077797cf0 5 bytes JMP 0000000100060250
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                              0000000077797d20 5 bytes JMP 0000000100060490
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                     0000000077797d30 5 bytes JMP 00000001000604a0
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtOpenEventPair                                                                                                                                                                0000000077797d50 5 bytes JMP 0000000100060300
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                             0000000077797d60 5 bytes JMP 0000000100060360
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtOpenMutant                                                                                                                                                                   0000000077797da0 5 bytes JMP 00000001000602a0
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                0000000077797df0 5 bytes JMP 00000001000602c0
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtOpenThread                                                                                                                                                                   0000000077797e20 5 bytes JMP 0000000100060380
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtOpenTimer                                                                                                                                                                    0000000077797e30 5 bytes JMP 0000000100060340
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                            0000000077798310 5 bytes JMP 0000000100060260
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtSetBootOptions                                                                                                                                                               0000000077798320 5 bytes JMP 0000000100060270
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                                                                                                             0000000077798330 5 bytes JMP 0000000100060400
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtSetSystemInformation                                                                                                                                                         00000000777984e0 5 bytes JMP 00000001000601f0
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                          00000000777984f0 5 bytes JMP 0000000100060210
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtShutdownSystem                                                                                                                                                               0000000077798550 5 bytes JMP 0000000100060200
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtSuspendProcess                                                                                                                                                               00000000777985b0 5 bytes JMP 0000000100060420
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtSuspendThread                                                                                                                                                                00000000777985c0 5 bytes JMP 0000000100060430
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtSystemDebugControl                                                                                                                                                           00000000777985d0 5 bytes JMP 0000000100060220
.text     C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtVdmControl                                                                                                                                                                   00000000777986a0 5 bytes JMP 0000000100060280
.text     C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe[1624] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130                                                                                                                                             0000000076a14228 1 byte [62]
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                                      0000000077796f20 5 bytes JMP 00000000778e0460
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtQueryObject                                                                                                                                                                               0000000077796f70 5 bytes JMP 00000000778e0450
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtOpenProcess                                                                                                                                                                               00000000777970d0 5 bytes JMP 00000000778e0370
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                                    0000000077797120 5 bytes JMP 00000000778e0470
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                                                                                                                          0000000077797130 5 bytes JMP 00000000778e03e0
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtOpenSection                                                                                                                                                                               00000000777971e0 5 bytes JMP 00000000778e0320
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                        0000000077797210 5 bytes JMP 00000000778e03b0
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtDuplicateObject                                                                                                                                                                           0000000077797230 5 bytes JMP 00000000778e0390
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtOpenEvent                                                                                                                                                                                 0000000077797270 5 bytes JMP 00000000778e02e0
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtQueueApcThread                                                                                                                                                                            00000000777972c0 5 bytes JMP 00000000778e0440
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtCreateEvent                                                                                                                                                                               00000000777972f0 5 bytes JMP 00000000778e02d0
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtCreateSection                                                                                                                                                                             0000000077797310 5 bytes JMP 00000000778e0310
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtCreateThread                                                                                                                                                                              0000000077797350 5 bytes JMP 00000000778e03c0
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtTerminateThread                                                                                                                                                                           00000000777973a0 5 bytes JMP 00000000778e03f0
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtAddBootEntry                                                                                                                                                                              0000000077797510 5 bytes JMP 00000000778e0230
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                                   00000000777976c0 5 bytes JMP 00000000778e0480
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                                  00000000777976f0 5 bytes JMP 00000000778e03a0
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtCreateEventPair                                                                                                                                                                           00000000777977e0 5 bytes JMP 00000000778e02f0
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                        00000000777977f0 5 bytes JMP 00000000778e0350
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtCreateMutant                                                                                                                                                                              0000000077797850 5 bytes JMP 00000000778e0290
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                           00000000777978d0 5 bytes JMP 00000000778e02b0
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                            00000000777978f0 5 bytes JMP 00000000778e03d0
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtCreateTimer                                                                                                                                                                               0000000077797900 5 bytes JMP 00000000778e0330
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                        0000000077797970 5 bytes JMP 00000000778e0410
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                           00000000777979a0 5 bytes JMP 00000000778e0240
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtLoadDriver                                                                                                                                                                                0000000077797c30 5 bytes JMP 00000000778e01e0
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                           0000000077797cf0 5 bytes JMP 00000000778e0250
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                           0000000077797d20 5 bytes JMP 00000000778e0490
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                                  0000000077797d30 5 bytes JMP 00000000778e04a0
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtOpenEventPair                                                                                                                                                                             0000000077797d50 5 bytes JMP 00000000778e0300
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                          0000000077797d60 5 bytes JMP 00000000778e0360
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtOpenMutant                                                                                                                                                                                0000000077797da0 5 bytes JMP 00000000778e02a0
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                             0000000077797df0 5 bytes JMP 00000000778e02c0
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtOpenThread                                                                                                                                                                                0000000077797e20 5 bytes JMP 00000000778e0380
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtOpenTimer                                                                                                                                                                                 0000000077797e30 5 bytes JMP 00000000778e0340
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                         0000000077798310 5 bytes JMP 00000000778e0260
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtSetBootOptions                                                                                                                                                                            0000000077798320 5 bytes JMP 00000000778e0270
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                                                                                                                          0000000077798330 5 bytes JMP 00000000778e0400
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                      00000000777984e0 5 bytes JMP 00000000778e01f0
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                                       00000000777984f0 5 bytes JMP 00000000778e0210
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtShutdownSystem                                                                                                                                                                            0000000077798550 5 bytes JMP 00000000778e0200
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtSuspendProcess                                                                                                                                                                            00000000777985b0 5 bytes JMP 00000000778e0420
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtSuspendThread                                                                                                                                                                             00000000777985c0 5 bytes JMP 00000000778e0430
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                        00000000777985d0 5 bytes JMP 00000000778e0220
.text     C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtVdmControl                                                                                                                                                                                00000000777986a0 5 bytes JMP 00000000778e0280
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                                      0000000077796f20 5 bytes JMP 00000000778e0460
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtQueryObject                                                                                                                                                                               0000000077796f70 5 bytes JMP 00000000778e0450
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtOpenProcess                                                                                                                                                                               00000000777970d0 5 bytes JMP 00000000778e0370
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                                    0000000077797120 5 bytes JMP 00000000778e0470
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                                                                                                                          0000000077797130 5 bytes JMP 00000000778e03e0
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtOpenSection                                                                                                                                                                               00000000777971e0 5 bytes JMP 00000000778e0320
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                        0000000077797210 5 bytes JMP 00000000778e03b0
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtDuplicateObject                                                                                                                                                                           0000000077797230 5 bytes JMP 00000000778e0390
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtOpenEvent                                                                                                                                                                                 0000000077797270 5 bytes JMP 00000000778e02e0
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtQueueApcThread                                                                                                                                                                            00000000777972c0 5 bytes JMP 00000000778e0440
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtCreateEvent                                                                                                                                                                               00000000777972f0 5 bytes JMP 00000000778e02d0
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtCreateSection                                                                                                                                                                             0000000077797310 5 bytes JMP 00000000778e0310
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtCreateThread                                                                                                                                                                              0000000077797350 5 bytes JMP 00000000778e03c0
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtTerminateThread                                                                                                                                                                           00000000777973a0 5 bytes JMP 00000000778e03f0
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtAddBootEntry                                                                                                                                                                              0000000077797510 5 bytes JMP 00000000778e0230
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                                   00000000777976c0 5 bytes JMP 00000000778e0480
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                                  00000000777976f0 5 bytes JMP 00000000778e03a0
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtCreateEventPair                                                                                                                                                                           00000000777977e0 5 bytes JMP 00000000778e02f0
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                        00000000777977f0 5 bytes JMP 00000000778e0350
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtCreateMutant                                                                                                                                                                              0000000077797850 5 bytes JMP 00000000778e0290
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                           00000000777978d0 5 bytes JMP 00000000778e02b0
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                            00000000777978f0 5 bytes JMP 00000000778e03d0
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtCreateTimer                                                                                                                                                                               0000000077797900 5 bytes JMP 00000000778e0330
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                        0000000077797970 5 bytes JMP 00000000778e0410
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                           00000000777979a0 5 bytes JMP 00000000778e0240
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtLoadDriver                                                                                                                                                                                0000000077797c30 5 bytes JMP 00000000778e01e0
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                           0000000077797cf0 5 bytes JMP 00000000778e0250
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                           0000000077797d20 5 bytes JMP 00000000778e0490
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                                  0000000077797d30 5 bytes JMP 00000000778e04a0
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtOpenEventPair                                                                                                                                                                             0000000077797d50 5 bytes JMP 00000000778e0300
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                          0000000077797d60 5 bytes JMP 00000000778e0360
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtOpenMutant                                                                                                                                                                                0000000077797da0 5 bytes JMP 00000000778e02a0
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                             0000000077797df0 5 bytes JMP 00000000778e02c0
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtOpenThread                                                                                                                                                                                0000000077797e20 5 bytes JMP 00000000778e0380
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtOpenTimer                                                                                                                                                                                 0000000077797e30 5 bytes JMP 00000000778e0340
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                         0000000077798310 5 bytes JMP 00000000778e0260
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtSetBootOptions                                                                                                                                                                            0000000077798320 5 bytes JMP 00000000778e0270
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                                                                                                                          0000000077798330 5 bytes JMP 00000000778e0400
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                      00000000777984e0 5 bytes JMP 00000000778e01f0
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                                       00000000777984f0 5 bytes JMP 00000000778e0210
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtShutdownSystem                                                                                                                                                                            0000000077798550 5 bytes JMP 00000000778e0200
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtSuspendProcess                                                                                                                                                                            00000000777985b0 5 bytes JMP 00000000778e0420
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtSuspendThread                                                                                                                                                                             00000000777985c0 5 bytes JMP 00000000778e0430
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                        00000000777985d0 5 bytes JMP 00000000778e0220
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtVdmControl                                                                                                                                                                                00000000777986a0 5 bytes JMP 00000000778e0280
.text     C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194                                                                                                                                                                     0000000077542c52 1 byte [62]
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                                      0000000077796f20 5 bytes JMP 00000000778e0460
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtQueryObject                                                                                                                                                                               0000000077796f70 5 bytes JMP 00000000778e0450
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtOpenProcess                                                                                                                                                                               00000000777970d0 5 bytes JMP 00000000778e0370
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                                    0000000077797120 5 bytes JMP 00000000778e0470
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                                                                                                                          0000000077797130 5 bytes JMP 00000000778e03e0
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtOpenSection                                                                                                                                                                               00000000777971e0 5 bytes JMP 00000000778e0320
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                        0000000077797210 5 bytes JMP 00000000778e03b0
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtDuplicateObject                                                                                                                                                                           0000000077797230 5 bytes JMP 00000000778e0390
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtOpenEvent                                                                                                                                                                                 0000000077797270 5 bytes JMP 00000000778e02e0
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtQueueApcThread                                                                                                                                                                            00000000777972c0 5 bytes JMP 00000000778e0440
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtCreateEvent                                                                                                                                                                               00000000777972f0 5 bytes JMP 00000000778e02d0
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtCreateSection                                                                                                                                                                             0000000077797310 5 bytes JMP 00000000778e0310
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtCreateThread                                                                                                                                                                              0000000077797350 5 bytes JMP 00000000778e03c0
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtTerminateThread                                                                                                                                                                           00000000777973a0 5 bytes JMP 00000000778e03f0
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtAddBootEntry                                                                                                                                                                              0000000077797510 5 bytes JMP 00000000778e0230
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                                   00000000777976c0 5 bytes JMP 00000000778e0480
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                                  00000000777976f0 5 bytes JMP 00000000778e03a0
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtCreateEventPair                                                                                                                                                                           00000000777977e0 5 bytes JMP 00000000778e02f0
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                        00000000777977f0 5 bytes JMP 00000000778e0350
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtCreateMutant                                                                                                                                                                              0000000077797850 5 bytes JMP 00000000778e0290
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                           00000000777978d0 5 bytes JMP 00000000778e02b0
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                            00000000777978f0 5 bytes JMP 00000000778e03d0
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtCreateTimer                                                                                                                                                                               0000000077797900 5 bytes JMP 00000000778e0330
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                        0000000077797970 5 bytes JMP 00000000778e0410
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                           00000000777979a0 5 bytes JMP 00000000778e0240
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtLoadDriver                                                                                                                                                                                0000000077797c30 5 bytes JMP 00000000778e01e0
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                           0000000077797cf0 5 bytes JMP 00000000778e0250
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                           0000000077797d20 5 bytes JMP 00000000778e0490
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                                  0000000077797d30 5 bytes JMP 00000000778e04a0
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtOpenEventPair                                                                                                                                                                             0000000077797d50 5 bytes JMP 00000000778e0300
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                          0000000077797d60 5 bytes JMP 00000000778e0360
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtOpenMutant                                                                                                                                                                                0000000077797da0 5 bytes JMP 00000000778e02a0
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                             0000000077797df0 5 bytes JMP 00000000778e02c0
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtOpenThread                                                                                                                                                                                0000000077797e20 5 bytes JMP 00000000778e0380
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtOpenTimer                                                                                                                                                                                 0000000077797e30 5 bytes JMP 00000000778e0340
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                         0000000077798310 5 bytes JMP 00000000778e0260
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtSetBootOptions                                                                                                                                                                            0000000077798320 5 bytes JMP 00000000778e0270
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                                                                                                                          0000000077798330 5 bytes JMP 00000000778e0400
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                      00000000777984e0 5 bytes JMP 00000000778e01f0
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                                       00000000777984f0 5 bytes JMP 00000000778e0210
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtShutdownSystem                                                                                                                                                                            0000000077798550 5 bytes JMP 00000000778e0200
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtSuspendProcess                                                                                                                                                                            00000000777985b0 5 bytes JMP 00000000778e0420
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtSuspendThread                                                                                                                                                                             00000000777985c0 5 bytes JMP 00000000778e0430
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                        00000000777985d0 5 bytes JMP 00000000778e0220
.text     C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtVdmControl                                                                                                                                                                                00000000777986a0 5 bytes JMP 00000000778e0280
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                                      0000000077796f20 5 bytes JMP 00000000778e0460
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtQueryObject                                                                                                                                                                               0000000077796f70 5 bytes JMP 00000000778e0450
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtOpenProcess                                                                                                                                                                               00000000777970d0 5 bytes JMP 00000000778e0370
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                                    0000000077797120 5 bytes JMP 00000000778e0470
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                                                                                                                          0000000077797130 5 bytes JMP 00000000778e03e0
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtOpenSection                                                                                                                                                                               00000000777971e0 5 bytes JMP 00000000778e0320
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                        0000000077797210 5 bytes JMP 00000000778e03b0
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtDuplicateObject                                                                                                                                                                           0000000077797230 5 bytes JMP 00000000778e0390
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtOpenEvent                                                                                                                                                                                 0000000077797270 5 bytes JMP 00000000778e02e0
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtQueueApcThread                                                                                                                                                                            00000000777972c0 5 bytes JMP 00000000778e0440
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtCreateEvent                                                                                                                                                                               00000000777972f0 5 bytes JMP 00000000778e02d0
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtCreateSection                                                                                                                                                                             0000000077797310 5 bytes JMP 00000000778e0310
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtCreateThread                                                                                                                                                                              0000000077797350 5 bytes JMP 00000000778e03c0
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtTerminateThread                                                                                                                                                                           00000000777973a0 5 bytes JMP 00000000778e03f0
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtAddBootEntry                                                                                                                                                                              0000000077797510 5 bytes JMP 00000000778e0230
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                                   00000000777976c0 5 bytes JMP 00000000778e0480
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject

Twentyflux · 14.02.2014, 10:51

GMER Teil IV

Code:

ATTFilter

.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtCreateEventPair                                                                                                                                                                           00000000777977e0 5 bytes JMP 00000000778e02f0
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                        00000000777977f0 5 bytes JMP 00000000778e0350
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtCreateMutant                                                                                                                                                                              0000000077797850 5 bytes JMP 00000000778e0290
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                           00000000777978d0 5 bytes JMP 00000000778e02b0
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                            00000000777978f0 5 bytes JMP 00000000778e03d0
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtCreateTimer                                                                                                                                                                               0000000077797900 5 bytes JMP 00000000778e0330
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                        0000000077797970 5 bytes JMP 00000000778e0410
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                           00000000777979a0 5 bytes JMP 00000000778e0240
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtLoadDriver                                                                                                                                                                                0000000077797c30 5 bytes JMP 00000000778e01e0
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                           0000000077797cf0 5 bytes JMP 00000000778e0250
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                           0000000077797d20 5 bytes JMP 00000000778e0490
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                                  0000000077797d30 5 bytes JMP 00000000778e04a0
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtOpenEventPair                                                                                                                                                                             0000000077797d50 5 bytes JMP 00000000778e0300
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                          0000000077797d60 5 bytes JMP 00000000778e0360
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtOpenMutant                                                                                                                                                                                0000000077797da0 5 bytes JMP 00000000778e02a0
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                             0000000077797df0 5 bytes JMP 00000000778e02c0
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtOpenThread                                                                                                                                                                                0000000077797e20 5 bytes JMP 00000000778e0380
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtOpenTimer                                                                                                                                                                                 0000000077797e30 5 bytes JMP 00000000778e0340
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                         0000000077798310 5 bytes JMP 00000000778e0260
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtSetBootOptions                                                                                                                                                                            0000000077798320 5 bytes JMP 00000000778e0270
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                                                                                                                          0000000077798330 5 bytes JMP 00000000778e0400
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                      00000000777984e0 5 bytes JMP 00000000778e01f0
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                                       00000000777984f0 5 bytes JMP 00000000778e0210
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtShutdownSystem                                                                                                                                                                            0000000077798550 5 bytes JMP 00000000778e0200
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtSuspendProcess                                                                                                                                                                            00000000777985b0 5 bytes JMP 00000000778e0420
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtSuspendThread                                                                                                                                                                             00000000777985c0 5 bytes JMP 00000000778e0430
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                        00000000777985d0 5 bytes JMP 00000000778e0220
.text     C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtVdmControl                                                                                                                                                                                00000000777986a0 5 bytes JMP 00000000778e0280
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                                      0000000077796f20 5 bytes JMP 00000000778e0460
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtQueryObject                                                                                                                                                                               0000000077796f70 5 bytes JMP 00000000778e0450
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtOpenProcess                                                                                                                                                                               00000000777970d0 5 bytes JMP 00000000778e0370
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                                    0000000077797120 5 bytes JMP 00000000778e0470
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                                                                                                                          0000000077797130 5 bytes JMP 00000000778e03e0
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtOpenSection                                                                                                                                                                               00000000777971e0 5 bytes JMP 00000000778e0320
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                        0000000077797210 5 bytes JMP 00000000778e03b0
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtDuplicateObject                                                                                                                                                                           0000000077797230 5 bytes JMP 00000000778e0390
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtOpenEvent                                                                                                                                                                                 0000000077797270 5 bytes JMP 00000000778e02e0
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtQueueApcThread                                                                                                                                                                            00000000777972c0 5 bytes JMP 00000000778e0440
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtCreateEvent                                                                                                                                                                               00000000777972f0 5 bytes JMP 00000000778e02d0
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtCreateSection                                                                                                                                                                             0000000077797310 5 bytes JMP 00000000778e0310
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtCreateThread                                                                                                                                                                              0000000077797350 5 bytes JMP 00000000778e03c0
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtTerminateThread                                                                                                                                                                           00000000777973a0 5 bytes JMP 00000000778e03f0
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtAddBootEntry                                                                                                                                                                              0000000077797510 5 bytes JMP 00000000778e0230
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                                   00000000777976c0 5 bytes JMP 00000000778e0480
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                                  00000000777976f0 5 bytes JMP 00000000778e03a0
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtCreateEventPair                                                                                                                                                                           00000000777977e0 5 bytes JMP 00000000778e02f0
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                        00000000777977f0 5 bytes JMP 00000000778e0350
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtCreateMutant                                                                                                                                                                              0000000077797850 5 bytes JMP 00000000778e0290
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                           00000000777978d0 5 bytes JMP 00000000778e02b0
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                            00000000777978f0 5 bytes JMP 00000000778e03d0
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtCreateTimer                                                                                                                                                                               0000000077797900 5 bytes JMP 00000000778e0330
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                        0000000077797970 5 bytes JMP 00000000778e0410
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                           00000000777979a0 5 bytes JMP 00000000778e0240
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtLoadDriver                                                                                                                                                                                0000000077797c30 5 bytes JMP 00000000778e01e0
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                           0000000077797cf0 5 bytes JMP 00000000778e0250
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                           0000000077797d20 5 bytes JMP 00000000778e0490
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                                  0000000077797d30 5 bytes JMP 00000000778e04a0
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtOpenEventPair                                                                                                                                                                             0000000077797d50 5 bytes JMP 00000000778e0300
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                          0000000077797d60 5 bytes JMP 00000000778e0360
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtOpenMutant                                                                                                                                                                                0000000077797da0 5 bytes JMP 00000000778e02a0
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                             0000000077797df0 5 bytes JMP 00000000778e02c0
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtOpenThread                                                                                                                                                                                0000000077797e20 5 bytes JMP 00000000778e0380
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtOpenTimer                                                                                                                                                                                 0000000077797e30 5 bytes JMP 00000000778e0340
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                         0000000077798310 5 bytes JMP 00000000778e0260
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtSetBootOptions                                                                                                                                                                            0000000077798320 5 bytes JMP 00000000778e0270
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                                                                                                                          0000000077798330 5 bytes JMP 00000000778e0400
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                      00000000777984e0 5 bytes JMP 00000000778e01f0
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                                       00000000777984f0 5 bytes JMP 00000000778e0210
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtShutdownSystem                                                                                                                                                                            0000000077798550 5 bytes JMP 00000000778e0200
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtSuspendProcess                                                                                                                                                                            00000000777985b0 5 bytes JMP 00000000778e0420
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtSuspendThread                                                                                                                                                                             00000000777985c0 5 bytes JMP 00000000778e0430
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                        00000000777985d0 5 bytes JMP 00000000778e0220
.text     C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtVdmControl                                                                                                                                                                                00000000777986a0 5 bytes JMP 00000000778e0280
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2212] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130                                                                                                                                        0000000076a14228 1 byte [62]
.text     C:\Program Files (x86)\RightSurf\updateRightSurf.exe[2928] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 130                                                                                                                                                0000000076a14228 1 byte [62]
.text     C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe[2088] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 130                                                                                                                                              0000000076a14228 1 byte [62]
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                                      0000000077796f20 5 bytes JMP 00000000778e0460
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtQueryObject                                                                                                                                                                               0000000077796f70 5 bytes JMP 00000000778e0450
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtOpenProcess                                                                                                                                                                               00000000777970d0 5 bytes JMP 00000000778e0370
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                                    0000000077797120 5 bytes JMP 00000000778e0470
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                                                                                                                          0000000077797130 5 bytes JMP 00000000778e03e0
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtOpenSection                                                                                                                                                                               00000000777971e0 5 bytes JMP 00000000778e0320
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                        0000000077797210 5 bytes JMP 00000000778e03b0
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtDuplicateObject                                                                                                                                                                           0000000077797230 5 bytes JMP 00000000778e0390
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtOpenEvent                                                                                                                                                                                 0000000077797270 5 bytes JMP 00000000778e02e0
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtQueueApcThread                                                                                                                                                                            00000000777972c0 5 bytes JMP 00000000778e0440
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtCreateEvent                                                                                                                                                                               00000000777972f0 5 bytes JMP 00000000778e02d0
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtCreateSection                                                                                                                                                                             0000000077797310 5 bytes JMP 00000000778e0310
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtCreateThread                                                                                                                                                                              0000000077797350 5 bytes JMP 00000000778e03c0
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtTerminateThread                                                                                                                                                                           00000000777973a0 5 bytes JMP 00000000778e03f0
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtAddBootEntry                                                                                                                                                                              0000000077797510 5 bytes JMP 00000000778e0230
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                                   00000000777976c0 5 bytes JMP 00000000778e0480
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                                  00000000777976f0 5 bytes JMP 00000000778e03a0
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtCreateEventPair                                                                                                                                                                           00000000777977e0 5 bytes JMP 00000000778e02f0
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                        00000000777977f0 5 bytes JMP 00000000778e0350
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtCreateMutant                                                                                                                                                                              0000000077797850 5 bytes JMP 00000000778e0290
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                           00000000777978d0 5 bytes JMP 00000000778e02b0
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                            00000000777978f0 5 bytes JMP 00000000778e03d0
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtCreateTimer                                                                                                                                                                               0000000077797900 5 bytes JMP 00000000778e0330
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                        0000000077797970 5 bytes JMP 00000000778e0410
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                           00000000777979a0 5 bytes JMP 00000000778e0240
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtLoadDriver                                                                                                                                                                                0000000077797c30 5 bytes JMP 00000000778e01e0
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                           0000000077797cf0 5 bytes JMP 00000000778e0250
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                           0000000077797d20 5 bytes JMP 00000000778e0490
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                                  0000000077797d30 5 bytes JMP 00000000778e04a0
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtOpenEventPair                                                                                                                                                                             0000000077797d50 5 bytes JMP 00000000778e0300
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                          0000000077797d60 5 bytes JMP 00000000778e0360
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtOpenMutant                                                                                                                                                                                0000000077797da0 5 bytes JMP 00000000778e02a0
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                             0000000077797df0 5 bytes JMP 00000000778e02c0
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtOpenThread                                                                                                                                                                                0000000077797e20 5 bytes JMP 00000000778e0380
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtOpenTimer                                                                                                                                                                                 0000000077797e30 5 bytes JMP 00000000778e0340
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                         0000000077798310 5 bytes JMP 00000000778e0260
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtSetBootOptions                                                                                                                                                                            0000000077798320 5 bytes JMP 00000000778e0270
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                                                                                                                          0000000077798330 5 bytes JMP 00000000778e0400
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                      00000000777984e0 5 bytes JMP 00000000778e01f0
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                                       00000000777984f0 5 bytes JMP 00000000778e0210
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtShutdownSystem                                                                                                                                                                            0000000077798550 5 bytes JMP 00000000778e0200
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtSuspendProcess                                                                                                                                                                            00000000777985b0 5 bytes JMP 00000000778e0420
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtSuspendThread                                                                                                                                                                             00000000777985c0 5 bytes JMP 00000000778e0430
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                        00000000777985d0 5 bytes JMP 00000000778e0220
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtVdmControl                                                                                                                                                                                00000000777986a0 5 bytes JMP 00000000778e0280
.text     C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194                                                                                                                                                                     0000000077542c52 1 byte [62]
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                                0000000077796f20 5 bytes JMP 00000000778e0460
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtQueryObject                                                                                                                                                                         0000000077796f70 5 bytes JMP 00000000778e0450
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtOpenProcess                                                                                                                                                                         00000000777970d0 5 bytes JMP 00000000778e0370
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                              0000000077797120 5 bytes JMP 00000000778e0470
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                                                                                                                    0000000077797130 5 bytes JMP 00000000778e03e0
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtOpenSection                                                                                                                                                                         00000000777971e0 5 bytes JMP 00000000778e0320
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                  0000000077797210 5 bytes JMP 00000000778e03b0
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtDuplicateObject                                                                                                                                                                     0000000077797230 5 bytes JMP 00000000778e0390
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtOpenEvent                                                                                                                                                                           0000000077797270 5 bytes JMP 00000000778e02e0
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtQueueApcThread                                                                                                                                                                      00000000777972c0 5 bytes JMP 00000000778e0440
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtCreateEvent                                                                                                                                                                         00000000777972f0 5 bytes JMP 00000000778e02d0
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtCreateSection                                                                                                                                                                       0000000077797310 5 bytes JMP 00000000778e0310
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtCreateThread                                                                                                                                                                        0000000077797350 5 bytes JMP 00000000778e03c0
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtTerminateThread                                                                                                                                                                     00000000777973a0 5 bytes JMP 00000000778e03f0
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtAddBootEntry                                                                                                                                                                        0000000077797510 5 bytes JMP 00000000778e0230
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                             00000000777976c0 5 bytes JMP 00000000778e0480
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                            00000000777976f0 5 bytes JMP 00000000778e03a0
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtCreateEventPair                                                                                                                                                                     00000000777977e0 5 bytes JMP 00000000778e02f0
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                  00000000777977f0 5 bytes JMP 00000000778e0350
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtCreateMutant                                                                                                                                                                        0000000077797850 5 bytes JMP 00000000778e0290
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                     00000000777978d0 5 bytes JMP 00000000778e02b0
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                      00000000777978f0 5 bytes JMP 00000000778e03d0
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtCreateTimer                                                                                                                                                                         0000000077797900 5 bytes JMP 00000000778e0330
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                  0000000077797970 5 bytes JMP 00000000778e0410
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                     00000000777979a0 5 bytes JMP 00000000778e0240
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtLoadDriver                                                                                                                                                                          0000000077797c30 5 bytes JMP 00000000778e01e0
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                     0000000077797cf0 5 bytes JMP 00000000778e0250
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                     0000000077797d20 5 bytes JMP 00000000778e0490
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                            0000000077797d30 5 bytes JMP 00000000778e04a0
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtOpenEventPair                                                                                                                                                                       0000000077797d50 5 bytes JMP 00000000778e0300
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                    0000000077797d60 5 bytes JMP 00000000778e0360
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtOpenMutant                                                                                                                                                                          0000000077797da0 5 bytes JMP 00000000778e02a0
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                       0000000077797df0 5 bytes JMP 00000000778e02c0
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtOpenThread                                                                                                                                                                          0000000077797e20 5 bytes JMP 00000000778e0380
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtOpenTimer                                                                                                                                                                           0000000077797e30 5 bytes JMP 00000000778e0340
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                   0000000077798310 5 bytes JMP 00000000778e0260
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtSetBootOptions                                                                                                                                                                      0000000077798320 5 bytes JMP 00000000778e0270
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                                                                                                                    0000000077798330 5 bytes JMP 00000000778e0400
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                00000000777984e0 5 bytes JMP 00000000778e01f0
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                                 00000000777984f0 5 bytes JMP 00000000778e0210
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtShutdownSystem                                                                                                                                                                      0000000077798550 5 bytes JMP 00000000778e0200
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtSuspendProcess                                                                                                                                                                      00000000777985b0 5 bytes JMP 00000000778e0420
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtSuspendThread                                                                                                                                                                       00000000777985c0 5 bytes JMP 00000000778e0430
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                  00000000777985d0 5 bytes JMP 00000000778e0220
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtVdmControl                                                                                                                                                                          00000000777986a0 5 bytes JMP 00000000778e0280
.text     C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194                                                                                                                                                               0000000077542c52 1 byte [62]
.text     C:\Windows\SysWOW64\conime.exe[2576] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130                                                                                                                                                                      0000000076a14228 1 byte [62]
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                               0000000077796f20 5 bytes JMP 00000000778e0460
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtQueryObject                                                                                                                                                                        0000000077796f70 5 bytes JMP 00000000778e0450
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtOpenProcess                                                                                                                                                                        00000000777970d0 5 bytes JMP 00000000778e0370
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                             0000000077797120 5 bytes JMP 00000000778e0470
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                                                                                                                   0000000077797130 5 bytes JMP 00000000778e03e0
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtOpenSection                                                                                                                                                                        00000000777971e0 5 bytes JMP 00000000778e0320
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                 0000000077797210 5 bytes JMP 00000000778e03b0
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtDuplicateObject                                                                                                                                                                    0000000077797230 5 bytes JMP 00000000778e0390
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtOpenEvent                                                                                                                                                                          0000000077797270 5 bytes JMP 00000000778e02e0
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtQueueApcThread                                                                                                                                                                     00000000777972c0 5 bytes JMP 00000000778e0440
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtCreateEvent                                                                                                                                                                        00000000777972f0 5 bytes JMP 00000000778e02d0
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtCreateSection                                                                                                                                                                      0000000077797310 5 bytes JMP 00000000778e0310
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtCreateThread                                                                                                                                                                       0000000077797350 5 bytes JMP 00000000778e03c0
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtTerminateThread                                                                                                                                                                    00000000777973a0 5 bytes JMP 00000000778e03f0
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtAddBootEntry                                                                                                                                                                       0000000077797510 5 bytes JMP 00000000778e0230
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                            00000000777976c0 5 bytes JMP 00000000778e0480
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                           00000000777976f0 5 bytes JMP 00000000778e03a0
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtCreateEventPair                                                                                                                                                                    00000000777977e0 5 bytes JMP 00000000778e02f0
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                 00000000777977f0 5 bytes JMP 00000000778e0350
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtCreateMutant                                                                                                                                                                       0000000077797850 5 bytes JMP 00000000778e0290
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                    00000000777978d0 5 bytes JMP 00000000778e02b0
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                     00000000777978f0 5 bytes JMP 00000000778e03d0
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtCreateTimer                                                                                                                                                                        0000000077797900 5 bytes JMP 00000000778e0330
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                 0000000077797970 5 bytes JMP 00000000778e0410
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                    00000000777979a0 5 bytes JMP 00000000778e0240
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtLoadDriver                                                                                                                                                                         0000000077797c30 5 bytes JMP 00000000778e01e0
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                    0000000077797cf0 5 bytes JMP 00000000778e0250
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                    0000000077797d20 5 bytes JMP 00000000778e0490
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                           0000000077797d30 5 bytes JMP 00000000778e04a0
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtOpenEventPair                                                                                                                                                                      0000000077797d50 5 bytes JMP 00000000778e0300
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                   0000000077797d60 5 bytes JMP 00000000778e0360
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtOpenMutant                                                                                                                                                                         0000000077797da0 5 bytes JMP 00000000778e02a0
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                      0000000077797df0 5 bytes JMP 00000000778e02c0
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtOpenThread                                                                                                                                                                         0000000077797e20 5 bytes JMP 00000000778e0380
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtOpenTimer                                                                                                                                                                          0000000077797e30 5 bytes JMP 00000000778e0340
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                  0000000077798310 5 bytes JMP 00000000778e0260
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtSetBootOptions                                                                                                                                                                     0000000077798320 5 bytes JMP 00000000778e0270
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                                                                                                                   0000000077798330 5 bytes JMP 00000000778e0400
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtSetSystemInformation                                                                                                                                                               00000000777984e0 5 bytes JMP 00000000778e01f0
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                                00000000777984f0 5 bytes JMP 00000000778e0210
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtShutdownSystem                                                                                                                                                                     0000000077798550 5 bytes JMP 00000000778e0200
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtSuspendProcess                                                                                                                                                                     00000000777985b0 5 bytes JMP 00000000778e0420
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtSuspendThread                                                                                                                                                                      00000000777985c0 5 bytes JMP 00000000778e0430
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                 00000000777985d0 5 bytes JMP 00000000778e0220
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtVdmControl                                                                                                                                                                         00000000777986a0 5 bytes JMP 00000000778e0280
.text     C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130                                                                                                                                                              0000000076a14228 1 byte [62]

---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                                                                                                                                                                suspicious modification
INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                                                                                                                                                                suspicious modification
INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                                                                                                                                                                suspicious modification
INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                                                                                                                                                                suspicious modification

---- Threads - GMER 2.1 ----

Thread     [1740:1912]                                                                                                                                                                                                                                                    000000007794dd19
Thread     [1740:1916]                                                                                                                                                                                                                                                    00000000779d810d
Thread     [1740:1920]                                                                                                                                                                                                                                                    0000000074e4f28e
Thread     [1740:2632]                                                                                                                                                                                                                                                    00000000725d13f0
Thread     [1740:2636]                                                                                                                                                                                                                                                    0000000073eb0140
Thread     [1740:2640]                                                                                                                                                                                                                                                    0000000074e4f28e
Thread     [1740:2732]                                                                                                                                                                                                                                                    000000007106a031
Thread     [1740:2748]                                                                                                                                                                                                                                                    000000007106a031
Thread     [1740:2752]                                                                                                                                                                                                                                                    0000000071bfb90f
Thread     [1740:2772]                                                                                                                                                                                                                                                    000000007106a031
Thread     [1740:2872]                                                                                                                                                                                                                                                    000000007106a031
Thread     [1740:2880]                                                                                                                                                                                                                                                    000000007106a031
Thread     [1740:2892]                                                                                                                                                                                                                                                    000000007106a031
Thread     [1740:3040]                                                                                                                                                                                                                                                    0000000074e4f28e
Thread     [1740:3048]                                                                                                                                                                                                                                                    0000000074e4f28e
Thread     [1740:1768]                                                                                                                                                                                                                                                    00000000742713dd
Thread     [1740:3792]                                                                                                                                                                                                                                                    0000000072f17e7e
Thread     [1740:3588]                                                                                                                                                                                                                                                    00000000768b77c6
Thread     [1740:2924]                                                                                                                                                                                                                                                    00000000742742fb
Thread     [1740:2520]                                                                                                                                                                                                                                                    0000000070b460d0
Thread     [1740:3640]                                                                                                                                                                                                                                                    0000000070b460d0
Thread     [1740:1856]                                                                                                                                                                                                                                                    0000000070b460d0
Thread     [1740:4072]                                                                                                                                                                                                                                                    0000000070b460d0
Thread     [1740:3500]                                                                                                                                                                                                                                                    0000000070b460d0
Thread     [1740:208]                                                                                                                                                                                                                                                     0000000072f66488
Thread     [1740:3284]                                                                                                                                                                                                                                                    00000000768b77c6
---- Processes - GMER 2.1 ----

Library   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2048311D-B9B9-4496-AE37-D2C5FD2C10A1}\mpengine.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [916] (Microsoft Malware Protection Engine/Microsoft Corporation)(2014-02-11 11:05:16)  000007fef4d70000
Library   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2048311D-B9B9-4496-AE37-D2C5FD2C10A1}\offreg.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [916] (Offline registry DLL/Microsoft Corporation)(2014-02-12 09:15:47)                   000007fef61b0000
Library   C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1392] (Dropbox Shell Extension/Dropbox, Inc.)(2013-09-10 23:54:20)                                                                              000007fefac20000
Process   C:\ProgramData\IePluginService\PluginService.exe (*** suspicious ***) @ C:\ProgramData\IePluginService\PluginService.exe [1444] (IePlugin Service/Cherished Technololgy LIMITED)(2014-01-26 12:15:12)                                                           0000000000330000
Process   C:\ProgramData\WPM\wprotectmanager.exe (*** suspicious ***) @ C:\ProgramData\WPM\wprotectmanager.exe [1484] (WPM Service/Cherished Technololgy LIMITED)(2                                                                                                       00000000013d0000
Process   C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe (*** suspicious ***) @ C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe [1624] (Dropbox/Dropbox, Inc.)(2014-01-03 00:32:12)                                                                      0000000000400000
Library   C:\Users\Regina\AppData\Roaming\Dropbox\bin\Microsoft.VC90.CRT\MSVCR90.dll (*** suspicious ***) @ C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe [1624] (Microsoft® C Runtime Library/Microsoft Corporation)(2008-07-29 15:05:08)                      0000000073020000
Library   C:\Users\Regina\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe [1624](2013-12-18 02:25:54)                                                                                         0000000003bb0000
Library   C:\Users\Regina\AppData\Roaming\Dropbox\bin\Microsoft.VC90.CRT\MSVCP90.dll (*** suspicious ***) @ C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe [1624] (Microsoft® C++ Runtime Library/Microsoft Corporation)(2008-07-29 15:05:08)                    0000000070d80000
Library   c:\users\regina\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzwg_xn.dll (*** suspicious ***) @ C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe [1624](2014-02-11 20:52:13)                                           00000000044d0000
Library   C:\Users\Regina\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe [1624](2013-10-18 23:55:02)                                                                                               0000000063f70000
Library   C:\Users\Regina\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe [1624] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00)                                                                 0000000067140000

---- EOF - GMER 2.1 ----

Hallo, ich habe meine Logfiles nun gepostet (musste sie leider teilen, ich hoffe ich habe das so richtig gemacht) und hoffe mir kann jemand bei meinem Problem helfen. Ich wäre sehr sehr dankbar dafür. Viele Grüße.

schrauber · 15.02.2014, 15:14

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Twentyflux · 16.02.2014, 12:24

Combofix Log:

Code:

ATTFilter

Combofix Logfile:

	Code: 

 ATTFilter

  
	ComboFix 14-02-14.01 - Regina 16.02.2014  11:55:29.1.1 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.4025.2362 [GMT 1:00]
ausgeführt von:: c:\users\Regina\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-01-16 bis 2014-02-16  ))))))))))))))))))))))))))))))
.
.
2014-02-16 11:04 . 2014-02-16 11:04	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-02-16 10:51 . 2014-02-16 10:51	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF319977-9C3E-4616-9B53-52CC0FDDA665}\offreg.dll
2014-02-16 10:47 . 2014-02-16 10:51	--------	d-----w-	C:\32788R22FWJFW
2014-02-14 09:30 . 2013-12-16 00:54	10315576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF319977-9C3E-4616-9B53-52CC0FDDA665}\mpengine.dll
2014-02-13 00:08 . 2014-02-13 00:08	--------	d-----w-	c:\program files (x86)\7-Zip
2014-02-12 13:55 . 2013-12-05 04:48	1869824	----a-w-	c:\windows\system32\msxml3.dll
2014-02-12 13:55 . 2013-12-05 02:12	1248768	----a-w-	c:\windows\SysWow64\msxml3.dll
2014-02-12 11:41 . 2014-02-12 11:44	--------	d-----w-	C:\FRST
2014-02-06 13:18 . 2014-02-16 10:24	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2014-01-29 11:25 . 2014-01-29 11:25	--------	d--h--w-	c:\programdata\CanonBJ
2014-01-29 11:25 . 2006-11-02 11:16	83456	----a-w-	c:\windows\system32\Spool\prtprocs\x64\CNBPP3.DLL
2014-01-26 16:45 . 2014-01-26 16:45	--------	d-----w-	c:\users\Regina\AppData\Local\Skype
2014-01-26 16:45 . 2014-02-02 13:37	--------	d-----w-	c:\users\Regina\AppData\Roaming\Skype
2014-01-26 16:44 . 2014-01-26 16:44	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2014-01-26 16:44 . 2014-01-26 16:44	--------	d-----r-	c:\program files (x86)\Skype
2014-01-26 16:44 . 2014-01-26 16:44	--------	d-----w-	c:\programdata\Skype
2014-01-26 16:13 . 2014-02-16 10:27	--------	d-----r-	c:\users\Regina\Dropbox
2014-01-26 16:11 . 2014-01-26 16:11	--------	d-----w-	c:\program files (x86)\Dropbox
2014-01-26 16:08 . 2014-02-16 10:27	--------	d-----w-	c:\users\Regina\AppData\Roaming\Dropbox
2014-01-26 12:15 . 2014-01-26 12:15	--------	d-----w-	c:\users\Regina\AppData\Roaming\0F1F1C2Y1H1P1C0I0T
2014-01-26 12:15 . 2014-01-26 12:15	--------	d-----w-	c:\programdata\IePluginService
2014-01-26 12:15 . 2014-01-26 12:15	--------	d-----w-	c:\program files (x86)\SupTab
2014-01-26 12:14 . 2014-01-27 09:57	--------	d-----w-	c:\program files (x86)\MyPC Backup
2014-01-26 12:14 . 2014-01-26 12:14	--------	d-----w-	c:\programdata\WPM
2014-01-26 12:13 . 2014-02-14 09:53	--------	d-----w-	c:\program files (x86)\RightSurf
2014-01-26 12:12 . 2013-12-27 17:10	20312	----a-w-	c:\windows\system32\roboot64.exe
2014-01-26 12:12 . 2014-01-27 09:58	--------	d-----w-	c:\users\Regina\AppData\Roaming\systweak
2014-01-24 21:01 . 2014-02-02 18:41	--------	d-----w-	c:\users\Regina\AppData\Roaming\vlc
2014-01-24 20:49 . 2014-01-24 20:49	--------	d-----w-	c:\program files (x86)\VideoLAN
2014-01-24 19:10 . 2014-01-24 19:10	--------	d-----w-	c:\users\Regina\AppData\Local\Macromedia
2014-01-24 19:09 . 2014-01-24 19:09	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2014-01-24 19:02 . 2014-02-06 13:29	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-24 19:02 . 2014-02-06 13:29	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-24 19:02 . 2014-01-24 19:02	--------	d-----w-	c:\windows\SysWow64\Macromed
2014-01-24 19:02 . 2014-01-24 19:02	--------	d-----w-	c:\windows\system32\Macromed
2014-01-24 19:00 . 2014-01-26 16:17	--------	d-----w-	c:\users\Regina\AppData\Local\Adobe
2014-01-23 19:46 . 2014-02-04 17:32	--------	d-----w-	c:\users\Regina\AppData\Local\Thunderbird
2014-01-23 19:46 . 2014-01-23 19:46	--------	d-----w-	c:\users\Regina\AppData\Roaming\Thunderbird
2014-01-23 19:46 . 2014-02-06 13:18	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2014-01-23 19:16 . 2014-01-23 19:16	--------	d-----w-	c:\users\Regina\AppData\Local\Mozilla
2014-01-20 15:09 . 2014-01-20 15:09	--------	d-----w-	c:\users\Regina\AppData\Roaming\LibreOffice
2014-01-20 13:38 . 2014-01-20 13:38	--------	d-----w-	c:\windows\Migration
2014-01-20 12:58 . 2014-01-20 12:58	--------	d-----w-	c:\program files\Windows Portable Devices
2014-01-20 12:58 . 2014-01-20 12:58	--------	d-----w-	c:\program files (x86)\Windows Portable Devices
2014-01-20 12:58 . 2014-01-20 12:58	--------	d-----w-	c:\windows\SysWow64\spool
2014-01-20 11:28 . 2009-07-14 12:19	20480	----a-w-	c:\windows\system32\winusb.dll
2014-01-20 11:28 . 2012-07-26 02:26	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2014-01-20 11:28 . 2012-07-26 02:26	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2014-01-20 11:28 . 2009-07-14 12:12	16896	----a-w-	c:\windows\SysWow64\winusb.dll
2014-01-20 11:28 . 2012-07-26 03:08	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2014-01-20 11:28 . 2012-07-26 03:08	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2014-01-20 11:28 . 2012-07-26 07:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2014-01-20 11:28 . 2012-07-26 03:08	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2014-01-20 11:28 . 2012-07-26 03:08	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2014-01-20 11:28 . 2012-07-26 03:08	744448	----a-w-	c:\windows\system32\WUDFx.dll
2014-01-20 11:18 . 2014-01-20 11:18	979456	----a-w-	c:\windows\SysWow64\MFH264Dec.dll
2014-01-20 11:17 . 2014-01-20 11:17	369664	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2014-01-20 10:44 . 2009-09-10 02:05	103424	----a-w-	c:\windows\system32\UIAnimation.dll
2014-01-20 10:44 . 2009-09-10 02:00	92672	----a-w-	c:\windows\SysWow64\UIAnimation.dll
2014-01-20 10:44 . 2009-09-10 02:06	1164800	----a-w-	c:\windows\system32\UIRibbonRes.dll
2014-01-20 10:44 . 2009-09-10 02:07	3815424	----a-w-	c:\windows\system32\UIRibbon.dll
2014-01-20 10:44 . 2009-09-10 02:01	3023360	----a-w-	c:\windows\SysWow64\UIRibbon.dll
2014-01-20 10:44 . 2009-09-10 02:00	1164800	----a-w-	c:\windows\SysWow64\UIRibbonRes.dll
2014-01-20 10:43 . 2012-02-29 15:37	5632	----a-w-	c:\windows\system32\wmi.dll
2014-01-20 10:43 . 2012-02-29 15:11	5120	----a-w-	c:\windows\SysWow64\wmi.dll
2014-01-20 10:43 . 2012-02-29 13:52	16384	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2014-01-20 10:18 . 2011-10-25 16:13	352256	----a-w-	c:\windows\system32\qdvd.dll
2014-01-20 10:18 . 2011-10-25 15:58	497152	----a-w-	c:\windows\SysWow64\qdvd.dll
2014-01-20 10:18 . 2013-04-24 02:10	1078272	----a-w-	c:\windows\system32\certutil.exe
2014-01-20 10:18 . 2013-04-24 01:46	812544	----a-w-	c:\windows\SysWow64\certutil.exe
2014-01-20 10:18 . 2013-04-24 04:09	50688	----a-w-	c:\windows\system32\certenc.dll
2014-01-20 10:18 . 2013-04-24 04:00	41984	----a-w-	c:\windows\SysWow64\certenc.dll
2014-01-20 10:18 . 2013-07-10 09:47	677888	----a-w-	c:\windows\SysWow64\rpcrt4.dll
2014-01-20 10:18 . 2013-07-10 09:42	1303552	----a-w-	c:\windows\system32\rpcrt4.dll
2014-01-20 10:16 . 2012-06-02 00:04	278528	----a-w-	c:\windows\SysWow64\schannel.dll
2014-01-20 10:14 . 2013-08-01 04:10	901568	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2014-01-20 10:14 . 2013-08-01 03:37	47104	----a-w-	c:\windows\system32\cdd.dll
2014-01-20 10:12 . 2012-06-29 16:20	648192	----a-w-	c:\windows\system32\netapi32.dll
2014-01-20 09:52 . 2012-01-09 16:16	708096	----a-w-	c:\windows\system32\rdpencom.dll
2014-01-20 09:52 . 2012-01-09 15:54	613376	----a-w-	c:\windows\SysWow64\rdpencom.dll
2014-01-20 09:25 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2014-01-20 09:25 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2014-01-20 09:25 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2014-01-20 09:25 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2014-01-20 09:24 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2014-01-20 09:24 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2014-01-20 09:24 . 2012-06-02 22:12	88576	----a-w-	c:\windows\SysWow64\wudriver.dll
2014-01-20 09:24 . 2012-06-02 22:19	35864	----a-w-	c:\windows\SysWow64\wups.dll
2014-01-20 09:24 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2014-01-20 09:24 . 2012-06-02 22:19	577048	----a-w-	c:\windows\SysWow64\wuapi.dll
2014-01-20 09:23 . 2014-01-20 09:23	--------	d-----w-	c:\program files (x86)\Microsoft.NET
2014-01-20 09:23 . 2012-06-02 14:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2014-01-20 09:23 . 2012-06-02 14:19	171904	----a-w-	c:\windows\SysWow64\wuwebv.dll
2014-01-20 09:23 . 2012-06-02 14:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2014-01-20 09:23 . 2012-06-02 14:12	33792	----a-w-	c:\windows\SysWow64\wuapp.exe
2014-01-17 18:31 . 2014-01-17 18:31	--------	d-----w-	c:\windows\SysWow64\ca-ES
2014-01-17 18:31 . 2014-01-17 18:31	--------	d-----w-	c:\windows\SysWow64\vi-VN
2014-01-17 18:31 . 2014-01-17 18:31	--------	d-----w-	c:\windows\SysWow64\eu-ES
2014-01-17 18:31 . 2014-01-17 18:31	--------	d-----w-	c:\windows\system32\ca-ES
2014-01-17 18:31 . 2014-01-17 18:31	--------	d-----w-	c:\windows\system32\eu-ES
2014-01-17 18:31 . 2014-01-17 18:31	--------	d-----w-	c:\windows\system32\vi-VN
2014-01-17 17:16 . 2014-01-17 17:16	--------	d-----w-	c:\windows\system32\EventProviders
2014-01-17 17:14 . 2009-04-11 07:11	946688	----a-w-	c:\windows\system32\scavenge.dll
2014-01-17 17:13 . 2009-04-11 07:15	166888	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2014-01-17 17:12 . 2009-04-11 07:15	62440	----a-w-	c:\windows\system32\drivers\termdd.sys
2014-01-17 17:11 . 2009-04-11 07:11	606208	----a-w-	c:\windows\system32\riched20.dll
2014-01-17 17:10 . 2009-04-11 07:11	17408	----a-w-	c:\windows\system32\wow64cpu.dll
2014-01-17 17:08 . 2009-04-11 07:11	43520	----a-w-	c:\windows\system32\wbem\wbemprox.dll
2014-01-17 17:08 . 2009-04-11 07:11	1172992	----a-w-	c:\windows\system32\wbem\wbemcore.dll
2014-01-17 17:08 . 2009-04-11 07:11	891392	----a-w-	c:\windows\system32\wbem\fastprox.dll
2014-01-17 17:08 . 2009-04-11 07:11	936448	----a-w-	c:\windows\system32\SmiEngine.dll
2014-01-17 17:08 . 2009-04-11 07:11	293888	----a-w-	c:\windows\system32\wdscore.dll
2014-01-17 17:08 . 2009-04-11 07:10	138752	----a-w-	c:\windows\system32\PkgMgr.exe
2014-01-17 17:08 . 2009-04-11 07:11	315904	----a-w-	c:\windows\system32\drvstore.dll
2014-01-17 17:07 . 2014-01-17 17:07	--------	d-----w-	c:\users\Regina\AppData\Roaming\AVAST Software
2014-01-17 16:42 . 2014-01-24 00:23	65264	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2014-01-17 16:42 . 2014-01-17 16:42	65776	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-01-17 16:42 . 2014-01-17 16:42	207904	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-01-17 16:42 . 2014-01-24 00:23	421704	----a-w-	c:\windows\system32\drivers\aswSP.sys
2014-01-17 16:42 . 2014-01-24 00:23	1038072	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2014-01-17 16:42 . 2014-01-24 00:23	78648	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-01-17 16:42 . 2014-01-24 00:23	64752	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2014-01-17 16:42 . 2014-01-24 00:23	334136	----a-w-	c:\windows\system32\aswBoot.exe
2014-01-17 16:42 . 2014-01-24 00:23	43152	----a-w-	c:\windows\avastSS.scr
2014-01-17 16:41 . 2014-01-17 16:41	--------	d-----w-	c:\program files\AVAST Software
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-06 15:20 . 2006-11-02 12:35	86054176	----a-w-	c:\windows\system32\mrt.exe
2013-12-11 11:06 . 2013-12-11 11:06	773968	----a-w-	c:\windows\SysWow64\msvcr100.dll
2013-12-11 11:06 . 2013-12-11 11:06	421200	----a-w-	c:\windows\SysWow64\msvcp100.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
2014-01-14 09:04	513136	----a-w-	c:\program files (x86)\SupTab\SupTab.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-24 3767096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
c:\users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 33508336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2014-02-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-24 13:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-24 00:23	287280	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.sweet-page.com/?type=hp&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263
mStart Page = hxxp://www.sweet-page.com/?type=hp&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263
mDefault_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263
mDefault_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263&q={searchTerms}
mSearch Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263&q={searchTerms}
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\4o7rdo4p.default\
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1091923618-718008537-278575857-1000_Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1091923618-718008537-278575857-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}]
@DACL=(02 0000)
@="Dropbox Autoplay COM Server"
.
[HKEY_USERS\S-1-5-21-1091923618-718008537-278575857-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_USERS\S-1-5-21-1091923618-718008537-278575857-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_USERS\S-1-5-21-1091923618-718008537-278575857-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_USERS\S-1-5-21-1091923618-718008537-278575857-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Zeit der Fertigstellung: 2014-02-16  12:08:09
ComboFix-quarantined-files.txt  2014-02-16 11:08
.
Vor Suchlauf: 9 Verzeichnis(se), 221.232.390.144 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 221.419.724.800 Bytes frei
.
- - End Of File - - EE2640D87131F37D9D95E2E415F34F43
         
 --- --- ---
5C616939100B85E558DA92B899A0FC36

Hallo Schrauber, ich habe nun den Scan mit Combofix gemacht und die Logdatei geschickt.
Ich wäre sehr froh, wenn du mir weiterhelfen kannst. Vielen Dank und viele Grüße.

schrauber · 17.02.2014, 13:15

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Twentyflux · 17.02.2014, 17:30

Logfile Malwarebytes Anti-Malware:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.17.04

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Regina :: REGINA-PC [Administrator]

17.02.2014 14:44:21
mbam-log-2014-02-17 (14-44-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 364298
Laufzeit: 1 Stunde(n), 9 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 4
C:\ProgramData\IePluginService\PluginService.exe (PUP.Optional.IePluginService.A) -> 1452 -> Löschen bei Neustart.
C:\Program Files (x86)\RightSurf\updateRightSurf.exe (PUP.Optional.RightSurf.A) -> 2328 -> Löschen bei Neustart.
C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe (PUP.Optional.RightSurf.A) -> 2480 -> Löschen bei Neustart.
C:\ProgramData\WPM\wprotectmanager.exe (PUP.Optional.WpManager.A) -> 1492 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 17
HKLM\SYSTEM\CurrentControlSet\Services\IePluginService (PUP.Optional.IePluginService.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IePlugins (PUP.Optional.IePluginService.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SYSTEM\CurrentControlSet\Services\Update RightSurf (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SYSTEM\CurrentControlSet\Services\Util RightSurf (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SupTab (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SYSTEM\CurrentControlSet\Services\Wpm (PUP.Optional.WpManager.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WPM (PUP.Optional.WpManager.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\RightSurf (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\sweet-pageSoftware (PUP.Optional.SweetPage.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\Software\RightSurf (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 3
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0X2O1C0R2R1R -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|lightningnewtab@gmail.com (PUP.Optional.Lightning.A) -> Daten: C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\4o7rdo4p.default\extensions\lightningnewtab@gmail.com.xpi -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SYSTEM\CurrentControlSet\Services\Wpm|ImagePath (PUP.Optional.WpManager.A) -> Daten: C:\ProgramData\WPM\wprotectmanager.exe -service -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 6
HKCU\Software\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.SweetPage.A) -> Bösartig: (hxxp://www.sweet-page.com/?type=hp&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (PUP.Optional.SweetPage.A) -> Bösartig: (C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?type=sc&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263) Gut: (iexplore.exe) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.SweetPage.A) -> Bösartig: (hxxp://www.sweet-page.com/?type=hp&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (PUP.Optional.SweetPage.A) -> Bösartig: (hxxp://www.sweet-page.com/web/?type=ds&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263&q={searchTerms}) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bösartig: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\Software\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.SweetPage.A) -> Bösartig: (hxxp://www.sweet-page.com/?type=hp&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 28
C:\Program Files (x86)\SupTab (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\img (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\js (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales\en-US (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales\es-419 (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales\es-ES (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales\fr-BE (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales\fr-CA (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales\fr-CH (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales\fr-FR (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales\fr-LU (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales\it-CH (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales\it-IT (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales\pl (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales\pt-BR (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales\ru (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales\ru-MO (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales\tr-TR (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales\vi-VI (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales\zh-CN (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales\zh-TW (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RightSurf (PUP.Optional.RightSurf.A) -> Löschen bei Neustart.
C:\Program Files (x86)\RightSurf\bin (PUP.Optional.RightSurf.A) -> Löschen bei Neustart.
C:\Program Files (x86)\RightSurf\bin\plugins (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\IePluginService (PUP.Optional.IePluginService.A) -> Löschen bei Neustart.
C:\ProgramData\IePluginService\update (PUP.Optional.IePluginService.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 59
C:\ProgramData\IePluginService\PluginService.exe (PUP.Optional.IePluginService.A) -> Löschen bei Neustart.
C:\Program Files (x86)\RightSurf\updateRightSurf.exe (PUP.Optional.RightSurf.A) -> Löschen bei Neustart.
C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe (PUP.Optional.RightSurf.A) -> Löschen bei Neustart.
C:\Program Files (x86)\SupTab\SupTab.dll (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe (PUP.Optional.IePluginService.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Regina\Downloads\adblock-plus.exe (PUP.Optional.ExtendedSetup.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\install.data (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\BHOEnabler.exe (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\uninstall.exe (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\indexIE.html (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\indexIE8.html (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\skin.css (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\style.css (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\ver.txt (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\img\default_logo.png (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\img\google.com.png (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\img\icon128.png (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\img\icon16.png (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\img\icon48.png (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\img\loading.gif (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\js\background.js (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\js\ga.js (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\js\jquery-base.js (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\js\js.js (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\js\json2.js (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\js\xa.js (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\js\xagainit.js (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\WPM\wprotectmanager.exe (PUP.Optional.WpManager.A) -> Löschen bei Neustart.
C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\sweet-page.xml (PUP.Optional.SweetPage.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RightSurf\RightSurf.ico (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RightSurf\updateRightSurf.InstallState (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RightSurf\bin\sqlite3.dll (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RightSurf\bin\utilRightSurf.InstallState (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RightSurf\bin\plugins\RightSurf.16.dll (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RightSurf\bin\plugins\RightSurf.BrowserFilter.dll (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RightSurf\bin\plugins\RightSurf.BrowserFilterG.dll (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RightSurf\bin\plugins\RightSurf.CompatibilityChecker.dll (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RightSurf\bin\plugins\RightSurf.FFUpdate.dll (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RightSurf\bin\plugins\RightSurf.IEUpdate.dll (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\IePluginService\update\conf (PUP.Optional.IePluginService.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

ADW Cleaner [S0]

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.019 - Bericht erstellt am 17/02/2014 um 16:39:05
# Aktualisiert 17/02/2014 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzername : Regina - REGINA-PC
# Gestartet von : C:\Users\Regina\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

[!] Ordner Gelöscht : C:\ProgramData\WPM
[!] Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
[!] Ordner Gelöscht : C:\Users\Regina\AppData\Roaming\Systweak
Datei Gelöscht : C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\4o7rdo4p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
Datei Gelöscht : C:\Windows\System32\roboot64.exe

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
Verknüpfung Desinfiziert : C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\Software\supTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IePlugins
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RightSurf
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\supTab
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wpm
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RightSurf

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16533

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v27.0.1 (de)

[ Datei : C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\4o7rdo4p.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [3747 octets] - [17/02/2014 16:28:02]
AdwCleaner[S0].txt - [2878 octets] - [17/02/2014 16:39:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2938 octets] ##########

--- --- ---

[/CODE]

ADW Cleaner [R0]

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.019 - Bericht erstellt am 17/02/2014 um 16:28:02
# Aktualisiert 17/02/2014 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzername : Regina - REGINA-PC
# Gestartet von : C:\Users\Regina\Desktop\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\4o7rdo4p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
Datei Gefunden : C:\Windows\System32\roboot64.exe
Ordner Gefunden C:\Program Files (x86)\MyPC Backup
Ordner Gefunden C:\ProgramData\WPM
Ordner Gefunden C:\Users\Regina\AppData\Roaming\Systweak

***** [ Verknüpfungen ] *****

Verknüpfung Gefunden : C:\Users\Public\Desktop\Mozilla Firefox.lnk ( hxxp://www.sweet-page.com/?type=sc&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263 )
Verknüpfung Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://www.sweet-page.com/?type=sc&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263 )
Verknüpfung Gefunden : C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk ( hxxp://www.sweet-page.com/?type=sc&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263 )
Verknüpfung Gefunden : C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.sweet-page.com/?type=sc&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263 )
Verknüpfung Gefunden : C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.sweet-page.com/?type=sc&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263 )

***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IePlugins
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RightSurf
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\supTab
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wpm
Schlüssel Gefunden : HKCU\Software\systweak
Schlüssel Gefunden : [x64] HKCU\Software\systweak
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gefunden : HKLM\Software\supTab
Schlüssel Gefunden : HKLM\Software\supWPM
Schlüssel Gefunden : HKLM\Software\systweak
Schlüssel Gefunden : HKLM\Software\Wpm
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RightSurf

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16533

Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.sweet-page.com/web/?type=ds&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263&q={searchTerms}
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.sweet-page.com/?type=hp&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263

-\\ Mozilla Firefox v27.0.1 (de)

[ Datei : C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\4o7rdo4p.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [3587 octets] - [17/02/2014 16:28:02]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3647 octets] ##########

--- --- ---

[/CODE]

Ich habe hier 2 Logdateien bei ADW Cleaner gefunden einmal steht hinten [S0] und einmal [R0] . Da ich mir nicht sicher war welches ich posten soll, habe ich vorsichtshalber mal beide gepostet.

Logfile Junkware Removal Tool:

JRT Logfile:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows (TM) Vista Home Premium x64
Ran by Regina on 17.02.2014 at 16:50:40,01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Regina\AppData\Roaming\mozilla\firefox\profiles\4o7rdo4p.default\minidumps [48 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.02.2014 at 17:01:03,97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- --- ---

[/CODE]

FRST Log

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-02-2014
Ran by Regina (administrator) on REGINA-PC on 17-02-2014 17:28:51
Running from C:\Users\Regina\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-24] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x99035DB06E18CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\4o7rdo4p.default
FF NewTab: chrome://lightning/content/newtab.html
FF DefaultSearchEngine: LEO Eng-Deu
FF SelectedSearchEngine: LEO Eng-Deu
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Extension_Protected - C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\4o7rdo4p.default\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi [2014-01-26]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-17]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-24] (AVAST Software)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-01-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-24] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-01-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-17] ()
S1 Beep; No ImagePath
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [56832 2009-04-01] (Atheros Communications, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-17 17:28 - 2014-02-17 17:28 - 00000000 ____D () C:\Users\Regina\Desktop\FRST-OlderVersion
2014-02-17 17:01 - 2014-02-17 17:01 - 00000768 _____ () C:\Users\Regina\Desktop\JRT.txt
2014-02-17 16:50 - 2014-02-17 16:50 - 00000000 ____D () C:\Windows\ERUNT
2014-02-17 16:38 - 2014-02-17 16:38 - 00003747 _____ () C:\Users\Regina\Desktop\AdwCleaner[R0].txt
2014-02-17 16:27 - 2014-02-17 16:39 - 00000000 ____D () C:\AdwCleaner
2014-02-17 16:21 - 2014-02-17 16:21 - 01037530 _____ (Thisisu) C:\Users\Regina\Desktop\JRT.exe
2014-02-17 14:42 - 2014-02-17 14:42 - 00000948 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-17 14:42 - 2014-02-17 14:42 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Malwarebytes
2014-02-17 14:42 - 2014-02-17 14:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-17 14:42 - 2014-02-17 14:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-17 14:42 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-17 14:35 - 2014-02-17 14:35 - 01037530 _____ (Thisisu) C:\Users\Regina\Desktop\JRT.exe.part
2014-02-17 14:34 - 2014-02-17 16:27 - 01241888 _____ () C:\Users\Regina\Desktop\adwcleaner.exe
2014-02-17 14:29 - 2014-02-17 14:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Regina\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-16 18:34 - 2014-02-16 18:34 - 00031744 _____ () C:\Users\Regina\Desktop\Ausgaben Steffi+Regi_2013.xls
2014-02-16 18:33 - 2014-02-16 18:40 - 00018432 _____ () C:\Users\Regina\Desktop\Ausgaben Steffi+Regi_2014.xls
2014-02-16 12:08 - 2014-02-16 12:08 - 00018100 _____ () C:\ComboFix.txt
2014-02-16 11:52 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-16 11:52 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-16 11:52 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-16 11:52 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-16 11:52 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-16 11:52 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-16 11:52 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-16 11:52 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-16 11:48 - 2014-02-16 12:08 - 00000000 ____D () C:\Qoobox
2014-02-16 11:47 - 2014-02-16 12:06 - 00000000 ____D () C:\Windows\erdnt
2014-02-16 11:47 - 2014-02-16 11:51 - 00000000 ____D () C:\32788R22FWJFW
2014-02-16 11:46 - 2014-02-16 11:47 - 05183211 ____R (Swearware) C:\Users\Regina\Desktop\ComboFix.exe
2014-02-14 11:22 - 2014-02-14 11:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 10:20 - 2014-02-05 11:19 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 10:20 - 2014-02-05 11:02 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 10:20 - 2014-02-05 11:00 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 10:20 - 2014-02-05 10:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 10:20 - 2014-02-05 10:54 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 10:20 - 2014-02-05 10:52 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 10:20 - 2014-02-05 10:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-13 10:20 - 2014-02-05 10:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 10:20 - 2014-02-05 10:51 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 10:20 - 2014-02-05 10:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-13 10:20 - 2014-02-05 10:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 10:20 - 2014-02-05 10:51 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 10:20 - 2014-02-05 10:51 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 10:20 - 2014-02-05 10:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 10:20 - 2014-02-05 10:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 10:20 - 2014-02-05 10:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-13 10:20 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 10:20 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 10:20 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 10:20 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 10:20 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 10:20 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 10:20 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-13 10:20 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 10:20 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-13 10:20 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 10:20 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 10:20 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 10:20 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 10:20 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 10:20 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-13 10:20 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 01:08 - 2014-02-13 10:03 - 00055767 _____ () C:\Users\Regina\Downloads\7z920.exe
2014-02-13 01:08 - 2014-02-13 01:08 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-02-12 14:55 - 2013-12-05 05:48 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 14:55 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 14:44 - 2014-02-12 14:45 - 00414571 _____ () C:\Users\Regina\Desktop\gmer.txt.txt
2014-02-12 13:07 - 2014-02-12 13:07 - 00380416 _____ () C:\Users\Regina\Desktop\Gmer-19357.exe
2014-02-12 12:43 - 2014-02-12 12:44 - 00014496 _____ () C:\Users\Regina\Desktop\Addition.txt
2014-02-12 12:41 - 2014-02-17 17:29 - 00006710 _____ () C:\Users\Regina\Desktop\FRST.txt
2014-02-12 12:41 - 2014-02-17 17:28 - 00000000 ____D () C:\FRST
2014-02-12 12:39 - 2014-02-17 17:28 - 02152448 _____ (Farbar) C:\Users\Regina\Desktop\FRST64.exe
2014-02-12 12:37 - 2014-02-12 12:38 - 00000474 _____ () C:\Users\Regina\Desktop\defogger_disable.log
2014-02-12 12:37 - 2014-02-12 12:37 - 00000000 _____ () C:\Users\Regina\defogger_reenable
2014-02-11 23:03 - 2014-02-11 23:03 - 00010506 _____ () C:\Users\Regina\Desktop\prefs.js
2014-02-11 15:28 - 2014-02-11 15:29 - 00277280 _____ () C:\Windows\Minidump\Mini021114-02.dmp
2014-02-11 15:00 - 2014-02-11 15:28 - 390989177 _____ () C:\Windows\MEMORY.DMP
2014-02-11 15:00 - 2014-02-11 15:28 - 00000000 ____D () C:\Windows\Minidump
2014-02-11 15:00 - 2014-02-11 15:00 - 00277256 _____ () C:\Windows\Minidump\Mini021114-01.dmp
2014-02-10 17:43 - 2014-02-10 17:43 - 00050477 _____ () C:\Users\Regina\Desktop\Defogger.exe
2014-02-06 14:18 - 2014-02-16 11:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-06 14:18 - 2014-02-06 14:18 - 00000000 ____D () C:\ProgramData\Mozilla
2014-02-02 19:40 - 2014-02-02 19:40 - 00000000 ____D () C:\Users\Regina\Desktop\Bilder 2014
2014-01-29 12:25 - 2014-01-29 12:25 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-01-28 23:04 - 2014-01-29 00:17 - 00000000 ___RD () C:\Users\Regina\Desktop\Fotos_Videos_ReginaBerthold_2005-2014
2014-01-28 22:57 - 2014-01-28 22:58 - 00000000 ____D () C:\Users\Regina\Desktop\Uni BA MA
2014-01-28 22:56 - 2014-01-28 22:56 - 00003584 _____ () C:\Users\Regina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-28 22:56 - 2014-01-28 22:56 - 00000000 ____D () C:\Users\Regina\Desktop\Ungeordnete Dateien Regina
2014-01-28 22:46 - 2014-01-28 22:53 - 00000000 ____D () C:\Users\Regina\Desktop\Musik von Regina
2014-01-28 22:45 - 2014-01-29 21:59 - 00000000 ___RD () C:\Users\Regina\Desktop\Projekte
2014-01-28 21:45 - 2014-01-29 21:59 - 00000000 ___RD () C:\Users\Regina\Desktop\Freizeit
2014-01-28 21:34 - 2014-01-28 21:34 - 00000000 ____D () C:\Users\Regina\Desktop\Bewerbung
2014-01-28 21:33 - 2014-01-31 18:15 - 00000000 ____D () C:\Users\Regina\Desktop\Jobs
2014-01-26 17:45 - 2014-02-02 14:37 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Skype
2014-01-26 17:45 - 2014-01-26 17:45 - 00000000 ____D () C:\Users\Regina\AppData\Local\Skype
2014-01-26 17:44 - 2014-01-26 17:44 - 00001892 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-01-26 17:44 - 2014-01-26 17:44 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-01-26 17:44 - 2014-01-26 17:44 - 00000000 ____D () C:\ProgramData\Skype
2014-01-26 17:42 - 2014-01-26 17:43 - 35671200 _____ (Skype Technologies S.A.) C:\Users\Regina\Downloads\SkypeSetupFull.exe
2014-01-26 17:13 - 2014-02-17 16:41 - 00000000 ___RD () C:\Users\Regina\Dropbox
2014-01-26 17:13 - 2014-01-26 17:13 - 00000942 _____ () C:\Users\Regina\Desktop\Dropbox.lnk
2014-01-26 17:11 - 2014-01-26 17:13 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\DropboxMaster
2014-01-26 17:11 - 2014-01-26 17:11 - 00000000 ____D () C:\Program Files (x86)\Dropbox
2014-01-26 17:10 - 2014-01-26 17:10 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-26 17:08 - 2014-02-17 16:41 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Dropbox
2014-01-26 17:05 - 2014-01-26 17:06 - 37660568 _____ (Dropbox, Inc.) C:\Users\Regina\Downloads\Dropbox 2.6.2.exe
2014-01-26 13:15 - 2014-01-26 13:15 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\0F1F1C2Y1H1P1C0I0T
2014-01-26 13:13 - 2014-01-26 13:14 - 00437118 _____ () C:\Users\Regina\AppData\Local\dd_vcredistMSI4E0F.txt
2014-01-26 13:13 - 2014-01-26 13:14 - 00012072 _____ () C:\Users\Regina\AppData\Local\dd_vcredistUI4E0F.txt
2014-01-26 13:12 - 2014-01-26 13:11 - 00608840 _____ () C:\Users\Regina\Downloads\adblock-plus.xpi
2014-01-24 22:01 - 2014-02-02 19:41 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\vlc
2014-01-24 21:49 - 2014-01-24 21:49 - 00000901 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-01-24 21:49 - 2014-01-24 21:49 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-01-24 21:38 - 2014-01-24 21:39 - 24097311 _____ () C:\Users\Regina\Downloads\vlc-2.1.2-win32.exe
2014-01-24 20:26 - 2014-02-17 17:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-24 20:26 - 2014-02-06 14:29 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-24 20:10 - 2014-01-26 17:17 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Adobe
2014-01-24 20:10 - 2014-01-24 20:10 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Macromedia
2014-01-24 20:10 - 2014-01-24 20:10 - 00000000 ____D () C:\Users\Regina\AppData\Local\Macromedia
2014-01-24 20:09 - 2014-01-24 20:09 - 00001922 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-01-24 20:09 - 2014-01-24 20:09 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-01-24 20:08 - 2014-01-30 23:35 - 00000000 ____D () C:\ProgramData\Adobe
2014-01-24 20:02 - 2014-02-06 14:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-24 20:02 - 2014-02-06 14:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-24 20:02 - 2014-01-24 20:02 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-01-24 20:02 - 2014-01-24 20:02 - 00000000 ____D () C:\Windows\system32\Macromed
2014-01-24 20:00 - 2014-01-26 17:17 - 00000000 ____D () C:\Users\Regina\AppData\Local\Adobe
2014-01-23 21:02 - 2014-01-23 21:02 - 00001003 _____ () C:\Users\Regina\Documents\MailShield.der
2014-01-23 20:46 - 2014-02-06 14:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-01-23 20:46 - 2014-02-04 18:32 - 00000000 ____D () C:\Users\Regina\AppData\Local\Thunderbird
2014-01-23 20:46 - 2014-01-23 20:46 - 00001844 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-01-23 20:46 - 2014-01-23 20:46 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Thunderbird
2014-01-23 20:17 - 2014-01-23 20:18 - 21981704 _____ (Mozilla) C:\Users\Regina\Downloads\Thunderbird Setup 24.2.0.exe
2014-01-23 20:16 - 2014-02-17 16:39 - 00000791 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-23 20:16 - 2014-01-23 20:16 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Mozilla
2014-01-23 20:16 - 2014-01-23 20:16 - 00000000 ____D () C:\Users\Regina\AppData\Local\Mozilla
2014-01-20 16:09 - 2014-01-20 16:09 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\LibreOffice
2014-01-20 14:46 - 2014-02-13 10:10 - 01541636 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-20 14:16 - 2013-08-27 04:39 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-01-20 14:16 - 2013-08-27 04:39 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-01-20 14:16 - 2013-08-27 04:39 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-01-20 14:16 - 2013-08-27 04:39 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-01-20 14:16 - 2013-08-27 03:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-01-20 14:16 - 2013-08-27 03:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-01-20 14:16 - 2013-08-27 03:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-01-20 14:16 - 2013-08-27 03:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-01-20 14:16 - 2013-08-27 03:32 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-01-20 14:16 - 2013-08-27 03:30 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-01-20 14:16 - 2013-08-27 03:06 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-01-20 14:16 - 2013-08-27 03:00 - 01556480 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-01-20 14:16 - 2013-08-27 03:00 - 01149952 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-01-20 14:16 - 2013-08-27 02:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-01-20 14:16 - 2013-08-27 02:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-01-20 14:16 - 2013-08-27 02:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-01-20 14:16 - 2013-08-27 02:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-01-20 14:16 - 2011-03-12 23:52 - 01653760 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-01-20 14:16 - 2011-03-12 22:55 - 00876032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-01-20 14:04 - 2014-01-20 14:04 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-01-20 13:58 - 2014-01-20 13:58 - 00000000 ____D () C:\Windows\SysWOW64\spool
2014-01-20 13:58 - 2014-01-20 13:58 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-01-20 13:58 - 2014-01-20 13:58 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2014-01-20 13:57 - 2014-01-20 13:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_07_00.Wdf
2014-01-20 13:46 - 2009-10-01 02:02 - 02537472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2014-01-20 13:46 - 2009-10-01 02:02 - 00334848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceApi.dll
2014-01-20 13:46 - 2009-10-01 02:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDShServiceObj.dll
2014-01-20 13:46 - 2009-10-01 02:02 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDShextAutoplay.exe
2014-01-20 13:46 - 2009-10-01 02:01 - 00350208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDSp.dll
2014-01-20 13:46 - 2009-10-01 02:01 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceWMDRM.dll
2014-01-20 13:46 - 2009-10-01 02:01 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceTypes.dll
2014-01-20 13:46 - 2009-10-01 02:01 - 00100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceClassExtension.dll
2014-01-20 13:46 - 2009-10-01 02:01 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceConnectApi.dll
2014-01-20 13:46 - 2009-10-01 01:52 - 02727936 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2014-01-20 13:46 - 2009-10-01 01:52 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2014-01-20 13:46 - 2009-10-01 01:52 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\WPDShextAutoplay.exe
2014-01-20 13:46 - 2009-10-01 01:51 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2014-01-20 13:46 - 2009-10-01 01:51 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\WPDSp.dll
2014-01-20 13:46 - 2009-10-01 01:51 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWMDRM.dll
2014-01-20 13:46 - 2009-10-01 01:51 - 00214528 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceTypes.dll
2014-01-20 13:46 - 2009-10-01 01:51 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceClassExtension.dll
2014-01-20 13:46 - 2009-10-01 01:51 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll
2014-01-20 13:46 - 2009-10-01 01:51 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2014-01-20 13:46 - 2009-10-01 01:51 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceConnectApi.dll
2014-01-20 13:46 - 2009-10-01 01:51 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\BthMtpContextHandler.dll
2014-01-20 12:28 - 2012-07-26 04:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-01-20 12:28 - 2012-07-26 04:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-01-20 12:28 - 2012-07-26 04:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-01-20 12:28 - 2012-07-26 04:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-01-20 12:28 - 2012-07-26 04:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-01-20 12:28 - 2012-07-26 03:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-01-20 12:28 - 2012-07-26 03:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-01-20 12:28 - 2012-06-02 15:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-01-20 12:28 - 2009-07-14 13:19 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\winusb.dll
2014-01-20 12:28 - 2009-07-14 13:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winusb.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-01-20 12:20 - 2014-01-20 12:20 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-01-20 12:20 - 2014-01-20 12:20 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-01-20 12:20 - 2014-01-20 12:20 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-01-20 12:20 - 2014-01-20 12:20 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\advpack.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-01-20 12:20 - 2014-01-20 12:20 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-01-20 12:20 - 2014-01-20 12:20 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-01-20 12:18 - 2014-01-20 12:18 - 03548672 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 03068416 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 01554432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsservices.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\MFH264Dec.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 01075712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 01032192 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe
2014-01-20 12:18 - 2014-01-20 12:18 - 00979456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFH264Dec.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00847360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00625152 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00586240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00428544 _____ (Microsoft Corporation) C:\Windows\system32\MFHEAACdec.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4src.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2014-01-20 12:18 - 2014-01-20 12:18 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFHEAACdec.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00345088 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00302592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4src.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00258048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2014-01-20 12:18 - 2014-01-20 12:18 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00135680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelineprxy.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-01-20 12:17 - 2014-01-20 12:17 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00449024 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00369664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\dxdiag.exe
2014-01-20 12:17 - 2014-01-20 12:17 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\dxdiagn.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiag.exe
2014-01-20 12:17 - 2014-01-20 12:17 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiagn.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00189440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-01-20 12:16 - 2014-01-20 12:21 - 00004287 _____ () C:\Windows\IE9_main.log
2014-01-20 11:44 - 2009-09-10 03:07 - 03815424 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll
2014-01-20 11:44 - 2009-09-10 03:06 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2014-01-20 11:44 - 2009-09-10 03:05 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-01-20 11:44 - 2009-09-10 03:01 - 03023360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbon.dll
2014-01-20 11:44 - 2009-09-10 03:00 - 01164800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll
2014-01-20 11:44 - 2009-09-10 03:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2014-01-20 11:43 - 2012-02-29 16:37 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2014-01-20 11:43 - 2012-02-29 16:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2014-01-20 11:43 - 2012-02-29 14:52 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2014-01-20 11:33 - 2014-02-17 15:58 - 00002088 _____ () C:\Windows\system32\spsys.log
2014-01-20 11:20 - 2013-10-11 05:23 - 00781824 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-01-20 11:20 - 2013-10-11 05:23 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-01-20 11:20 - 2013-10-11 03:29 - 00217074 _____ () C:\Windows\system32\WFP.TMF
2014-01-20 11:20 - 2013-10-11 03:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-01-20 11:20 - 2013-08-02 15:06 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-01-20 11:20 - 2013-08-02 05:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-01-20 11:20 - 2013-07-09 13:04 - 01585256 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-01-20 11:20 - 2013-07-09 13:04 - 01168088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-01-20 11:20 - 2013-07-08 05:51 - 04691904 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-01-20 11:20 - 2013-07-08 05:20 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-01-20 11:20 - 2013-07-08 05:18 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-01-20 11:20 - 2013-07-08 05:15 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-01-20 11:20 - 2013-07-08 05:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-01-20 11:20 - 2013-07-08 02:39 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-01-20 11:20 - 2013-07-08 02:39 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-01-20 11:20 - 2013-07-08 02:39 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-01-20 11:20 - 2013-03-09 05:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-01-20 11:20 - 2013-03-09 02:48 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-01-20 11:20 - 2013-03-03 20:13 - 01513320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-01-20 11:20 - 2012-09-25 17:31 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2014-01-20 11:20 - 2012-09-25 17:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2014-01-20 11:20 - 2012-05-01 15:29 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-01-20 11:20 - 2011-12-14 17:38 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2014-01-20 11:20 - 2011-12-14 17:17 - 00680448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2014-01-20 11:20 - 2011-02-22 15:47 - 00479744 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-01-20 11:20 - 2011-02-22 15:13 - 00288768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-01-20 11:18 - 2013-07-10 10:47 - 00677888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-01-20 11:18 - 2013-07-10 10:42 - 01303552 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-01-20 11:18 - 2013-04-24 05:09 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2014-01-20 11:18 - 2013-04-24 05:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2014-01-20 11:18 - 2013-04-24 03:10 - 01078272 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-01-20 11:18 - 2013-04-24 02:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2014-01-20 11:18 - 2011-10-25 17:13 - 00352256 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-01-20 11:18 - 2011-10-25 16:58 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-01-20 11:17 - 2013-10-11 05:27 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-01-20 11:17 - 2013-10-11 05:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-01-20 11:17 - 2013-10-11 03:19 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-01-20 11:17 - 2013-10-11 03:19 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-01-20 11:17 - 2013-10-11 03:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-01-20 11:17 - 2013-10-11 03:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-01-20 11:17 - 2013-10-11 03:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshcon.dll
2014-01-20 11:17 - 2013-10-11 01:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-01-20 11:17 - 2013-10-11 01:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-01-20 11:17 - 2013-07-08 05:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-01-20 11:17 - 2013-07-08 05:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-01-20 11:17 - 2013-07-08 05:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2014-01-20 11:17 - 2013-07-08 05:15 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-01-20 11:17 - 2013-07-08 05:12 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-01-20 11:17 - 2013-07-08 05:12 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-01-20 11:17 - 2013-04-17 14:04 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-01-20 11:17 - 2013-04-17 13:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2014-01-20 11:17 - 2013-02-12 03:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2014-01-20 11:17 - 2012-11-02 11:47 - 01794560 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-01-20 11:17 - 2012-11-02 11:19 - 01400832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-01-20 11:17 - 2012-06-08 18:59 - 12899840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-01-20 11:17 - 2012-06-08 18:47 - 11586048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-01-20 11:17 - 2012-05-11 17:34 - 00788480 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-01-20 11:17 - 2012-05-11 16:57 - 00623616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\localspl.dll
2014-01-20 11:17 - 2012-02-01 16:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2014-01-20 11:17 - 2011-08-25 17:20 - 00735744 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2014-01-20 11:17 - 2011-08-25 17:19 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-01-20 11:17 - 2011-08-25 17:19 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2014-01-20 11:17 - 2011-08-25 17:15 - 00555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2014-01-20 11:17 - 2011-08-25 17:14 - 00563712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-01-20 11:17 - 2011-08-25 17:14 - 00238080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2014-01-20 11:17 - 2011-08-25 14:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\oleaccrc.dll
2014-01-20 11:17 - 2011-08-25 14:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaccrc.dll
2014-01-20 11:16 - 2013-10-03 16:02 - 01278976 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-01-20 11:16 - 2013-10-03 13:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-01-20 11:16 - 2013-07-20 11:45 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-01-20 11:16 - 2013-07-20 11:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-01-20 11:16 - 2013-07-17 21:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-01-20 11:16 - 2013-07-17 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-01-20 11:16 - 2013-07-16 10:25 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2014-01-20 11:16 - 2013-07-16 05:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2014-01-20 11:16 - 2013-07-03 03:22 - 00031616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-01-20 11:16 - 2013-06-01 05:19 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-01-20 11:16 - 2013-06-01 05:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-01-20 11:16 - 2013-05-02 05:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-01-20 11:16 - 2013-05-02 05:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2014-01-20 11:16 - 2013-05-02 05:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printcom.dll
2014-01-20 11:16 - 2013-03-08 05:17 - 02425344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-01-20 11:16 - 2013-03-08 04:52 - 02067968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-01-20 11:16 - 2012-11-22 05:22 - 00456192 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2014-01-20 11:16 - 2012-11-22 04:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shlwapi.dll
2014-01-20 11:16 - 2012-09-28 17:34 - 01210368 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-01-20 11:16 - 2012-09-28 17:13 - 00860160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-01-20 11:16 - 2012-06-04 16:29 - 00516480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-01-20 11:16 - 2012-06-02 01:22 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-01-20 11:16 - 2012-06-02 01:05 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-01-20 11:16 - 2012-06-02 01:04 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-01-20 11:16 - 2011-11-16 17:43 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2014-01-20 11:16 - 2011-11-16 17:42 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-01-20 11:16 - 2011-11-16 17:41 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-01-20 11:16 - 2011-11-16 17:23 - 00377344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2014-01-20 11:16 - 2011-11-16 15:34 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-01-20 11:16 - 2011-07-29 17:08 - 00375808 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2014-01-20 11:16 - 2011-07-29 17:08 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2014-01-20 11:16 - 2011-07-29 17:06 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\Mpeg2Data.ax
2014-01-20 11:16 - 2011-07-29 17:06 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax
2014-01-20 11:16 - 2011-07-29 17:01 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2014-01-20 11:16 - 2011-07-29 17:01 - 00217088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2014-01-20 11:16 - 2011-07-29 17:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax
2014-01-20 11:16 - 2011-07-29 17:00 - 00057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax
2014-01-20 11:14 - 2013-08-01 05:10 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-01-20 11:14 - 2013-08-01 04:37 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-01-20 11:13 - 2013-10-30 03:10 - 02776064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-20 11:13 - 2013-09-04 03:31 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-01-20 11:13 - 2013-07-05 05:45 - 01423808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-01-20 11:13 - 2013-07-04 05:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-01-20 11:13 - 2013-07-04 05:13 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-01-20 11:13 - 2013-06-29 03:25 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-20 11:13 - 2013-06-29 03:25 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-20 11:13 - 2013-06-29 03:25 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-20 11:13 - 2013-06-29 03:25 - 00007552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-20 11:13 - 2013-06-27 00:00 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-01-20 11:13 - 2013-06-27 00:00 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-01-20 11:13 - 2013-06-27 00:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2014-01-20 11:13 - 2013-06-15 14:27 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2014-01-20 11:13 - 2013-06-15 12:38 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-01-20 11:13 - 2013-06-04 05:16 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-01-20 11:13 - 2013-06-04 05:16 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-01-20 11:13 - 2013-06-04 03:01 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-01-20 11:13 - 2013-06-04 02:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-01-20 11:13 - 2011-10-14 18:31 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2014-01-20 11:13 - 2011-10-14 18:27 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\mcicda.dll
2014-01-20 11:13 - 2011-10-14 18:27 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\mciwave.dll
2014-01-20 11:13 - 2011-10-14 18:27 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\mciseq.dll
2014-01-20 11:13 - 2011-10-14 17:03 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2014-01-20 11:13 - 2011-10-14 17:00 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mciseq.dll
2014-01-20 11:13 - 2011-05-05 15:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-20 11:13 - 2011-05-05 15:17 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-20 11:12 - 2013-10-30 05:34 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2014-01-20 11:12 - 2013-10-30 04:55 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-01-20 11:12 - 2013-10-30 03:33 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-01-20 11:12 - 2013-10-22 10:31 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-01-20 11:12 - 2013-10-22 08:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-01-20 11:12 - 2013-10-03 16:03 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-01-20 11:12 - 2013-10-03 13:46 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-01-20 11:12 - 2013-07-12 10:19 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2014-01-20 11:12 - 2013-03-08 05:18 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-01-20 11:12 - 2012-11-20 05:22 - 00204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-01-20 11:12 - 2012-11-20 05:21 - 00253952 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-01-20 11:12 - 2012-11-08 05:26 - 01570816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-01-20 11:12 - 2012-11-08 04:48 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-01-20 11:12 - 2012-11-02 11:45 - 00477696 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2014-01-20 11:12 - 2012-11-02 11:45 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll
2014-01-20 11:12 - 2012-11-02 11:18 - 00376320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2014-01-20 11:12 - 2012-11-02 09:59 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2014-01-20 11:12 - 2012-11-02 09:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
2014-01-20 11:12 - 2012-08-21 12:50 - 00267648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-01-20 11:12 - 2012-06-29 17:20 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2014-01-20 11:12 - 2012-06-29 17:01 - 00467968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2014-01-20 11:12 - 2012-03-21 00:34 - 00072576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2014-01-20 11:12 - 2011-11-18 19:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-01-20 11:12 - 2011-11-18 18:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-01-20 11:12 - 2011-10-14 18:30 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2014-01-20 11:12 - 2011-10-14 17:02 - 00429056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2014-01-20 11:12 - 2011-06-15 17:16 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2014-01-20 11:12 - 2011-06-15 17:12 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2014-01-20 11:12 - 2010-05-04 20:40 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msshsq.dll
2014-01-20 11:12 - 2010-05-04 20:13 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshsq.dll
2014-01-20 10:52 - 2012-01-09 17:16 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2014-01-20 10:52 - 2012-01-09 16:54 - 00613376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2014-01-20 10:25 - 2012-06-02 23:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-01-20 10:25 - 2012-06-02 23:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-01-20 10:25 - 2012-06-02 23:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-01-20 10:25 - 2012-06-02 23:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-01-20 10:24 - 2012-06-02 23:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-01-20 10:24 - 2012-06-02 23:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-01-20 10:24 - 2012-06-02 23:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-01-20 10:24 - 2012-06-02 23:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-01-20 10:24 - 2012-06-02 23:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-01-20 10:24 - 2012-06-02 23:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-01-20 10:23 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-01-20 10:23 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-01-20 10:23 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-01-20 10:23 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

2014-02-17 17:29 - 2014-02-12 12:41 - 00006710 _____ () C:\Users\Regina\Desktop\FRST.txt
2014-02-17 17:29 - 2014-01-24 20:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-17 17:28 - 2014-02-17 17:28 - 00000000 ____D () C:\Users\Regina\Desktop\FRST-OlderVersion
2014-02-17 17:28 - 2014-02-12 12:41 - 00000000 ____D () C:\FRST
2014-02-17 17:28 - 2014-02-12 12:39 - 02152448 _____ (Farbar) C:\Users\Regina\Desktop\FRST64.exe
2014-02-17 17:09 - 2008-01-21 02:53 - 01721052 _____ () C:\Windows\WindowsUpdate.log
2014-02-17 17:01 - 2014-02-17 17:01 - 00000768 _____ () C:\Users\Regina\Desktop\JRT.txt
2014-02-17 16:50 - 2014-02-17 16:50 - 00000000 ____D () C:\Windows\ERUNT
2014-02-17 16:47 - 2008-01-21 12:10 - 01565124 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-17 16:47 - 2008-01-21 12:09 - 00673502 _____ () C:\Windows\system32\perfh007.dat
2014-02-17 16:47 - 2008-01-21 12:09 - 00145482 _____ () C:\Windows\system32\perfc007.dat
2014-02-17 16:41 - 2014-01-26 17:13 - 00000000 ___RD () C:\Users\Regina\Dropbox
2014-02-17 16:41 - 2014-01-26 17:08 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Dropbox
2014-02-17 16:41 - 2006-11-02 16:22 - 00004576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-17 16:41 - 2006-11-02 16:22 - 00004576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-17 16:40 - 2006-11-02 16:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-17 16:39 - 2014-02-17 16:27 - 00000000 ____D () C:\AdwCleaner
2014-02-17 16:39 - 2014-01-23 20:16 - 00000791 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-17 16:39 - 2014-01-17 11:10 - 00000907 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-17 16:39 - 2014-01-17 11:10 - 00000907 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-02-17 16:39 - 2006-11-02 16:42 - 00020880 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-17 16:38 - 2014-02-17 16:38 - 00003747 _____ () C:\Users\Regina\Desktop\AdwCleaner[R0].txt
2014-02-17 16:27 - 2014-02-17 14:34 - 01241888 _____ () C:\Users\Regina\Desktop\adwcleaner.exe
2014-02-17 16:21 - 2014-02-17 16:21 - 01037530 _____ (Thisisu) C:\Users\Regina\Desktop\JRT.exe
2014-02-17 15:58 - 2014-01-20 11:33 - 00002088 _____ () C:\Windows\system32\spsys.log
2014-02-17 15:57 - 2008-01-21 04:26 - 00041218 _____ () C:\Windows\PFRO.log
2014-02-17 14:42 - 2014-02-17 14:42 - 00000948 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-17 14:42 - 2014-02-17 14:42 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Malwarebytes
2014-02-17 14:42 - 2014-02-17 14:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-17 14:42 - 2014-02-17 14:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-17 14:35 - 2014-02-17 14:35 - 01037530 _____ (Thisisu) C:\Users\Regina\Desktop\JRT.exe.part
2014-02-17 14:29 - 2014-02-17 14:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Regina\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-17 12:00 - 2014-01-17 17:43 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-16 18:40 - 2014-02-16 18:33 - 00018432 _____ () C:\Users\Regina\Desktop\Ausgaben Steffi+Regi_2014.xls
2014-02-16 18:34 - 2014-02-16 18:34 - 00031744 _____ () C:\Users\Regina\Desktop\Ausgaben Steffi+Regi_2013.xls
2014-02-16 12:08 - 2014-02-16 12:08 - 00018100 _____ () C:\ComboFix.txt
2014-02-16 12:08 - 2014-02-16 11:48 - 00000000 ____D () C:\Qoobox
2014-02-16 12:06 - 2014-02-16 11:47 - 00000000 ____D () C:\Windows\erdnt
2014-02-16 12:04 - 2006-11-02 13:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-16 11:51 - 2014-02-16 11:47 - 00000000 ____D () C:\32788R22FWJFW
2014-02-16 11:47 - 2014-02-16 11:46 - 05183211 ____R (Swearware) C:\Users\Regina\Desktop\ComboFix.exe
2014-02-16 11:24 - 2014-02-06 14:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-14 11:22 - 2014-02-14 11:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 10:10 - 2014-01-20 14:46 - 01541636 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-13 10:03 - 2014-02-13 01:08 - 00055767 _____ () C:\Users\Regina\Downloads\7z920.exe
2014-02-13 01:08 - 2014-02-13 01:08 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-02-12 14:45 - 2014-02-12 14:44 - 00414571 _____ () C:\Users\Regina\Desktop\gmer.txt.txt
2014-02-12 13:07 - 2014-02-12 13:07 - 00380416 _____ () C:\Users\Regina\Desktop\Gmer-19357.exe
2014-02-12 12:44 - 2014-02-12 12:43 - 00014496 _____ () C:\Users\Regina\Desktop\Addition.txt
2014-02-12 12:38 - 2014-02-12 12:37 - 00000474 _____ () C:\Users\Regina\Desktop\defogger_disable.log
2014-02-12 12:37 - 2014-02-12 12:37 - 00000000 _____ () C:\Users\Regina\defogger_reenable
2014-02-12 12:37 - 2014-01-17 11:09 - 00000000 ____D () C:\Users\Regina
2014-02-11 23:03 - 2014-02-11 23:03 - 00010506 _____ () C:\Users\Regina\Desktop\prefs.js
2014-02-11 15:29 - 2014-02-11 15:28 - 00277280 _____ () C:\Windows\Minidump\Mini021114-02.dmp
2014-02-11 15:28 - 2014-02-11 15:00 - 390989177 _____ () C:\Windows\MEMORY.DMP
2014-02-11 15:28 - 2014-02-11 15:00 - 00000000 ____D () C:\Windows\Minidump
2014-02-11 15:00 - 2014-02-11 15:00 - 00277256 _____ () C:\Windows\Minidump\Mini021114-01.dmp
2014-02-10 17:43 - 2014-02-10 17:43 - 00050477 _____ () C:\Users\Regina\Desktop\Defogger.exe
2014-02-06 14:29 - 2014-01-24 20:26 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-06 14:29 - 2014-01-24 20:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-06 14:29 - 2014-01-24 20:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-06 14:18 - 2014-02-06 14:18 - 00000000 ____D () C:\ProgramData\Mozilla
2014-02-06 14:18 - 2014-01-23 20:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-05 11:19 - 2014-02-13 10:20 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 11:02 - 2014-02-13 10:20 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 11:00 - 2014-02-13 10:20 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 10:54 - 2014-02-13 10:20 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 10:54 - 2014-02-13 10:20 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 10:52 - 2014-02-13 10:20 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 10:52 - 2014-02-13 10:20 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 10:52 - 2014-02-13 10:20 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 10:51 - 2014-02-13 10:20 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 10:51 - 2014-02-13 10:20 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 10:51 - 2014-02-13 10:20 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 10:51 - 2014-02-13 10:20 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 10:51 - 2014-02-13 10:20 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 10:50 - 2014-02-13 10:20 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 10:50 - 2014-02-13 10:20 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-05 10:50 - 2014-02-13 10:20 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 09:58 - 2014-02-13 10:20 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-05 09:56 - 2014-02-13 10:20 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-05 09:53 - 2014-02-13 10:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-05 09:51 - 2014-02-13 10:20 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-05 09:50 - 2014-02-13 10:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-05 09:49 - 2014-02-13 10:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-05 09:49 - 2014-02-13 10:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-05 09:48 - 2014-02-13 10:20 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-05 09:48 - 2014-02-13 10:20 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-05 09:48 - 2014-02-13 10:20 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-05 09:48 - 2014-02-13 10:20 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-05 09:48 - 2014-02-13 10:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-05 09:47 - 2014-02-13 10:20 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-05 09:47 - 2014-02-13 10:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-05 09:47 - 2014-02-13 10:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-05 09:46 - 2014-02-13 10:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-04 18:32 - 2014-01-23 20:46 - 00000000 ____D () C:\Users\Regina\AppData\Local\Thunderbird
2014-02-02 19:41 - 2014-01-24 22:01 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\vlc
2014-02-02 19:40 - 2014-02-02 19:40 - 00000000 ____D () C:\Users\Regina\Desktop\Bilder 2014
2014-02-02 19:35 - 2006-11-02 16:27 - 00090574 _____ () C:\Windows\setupact.log
2014-02-02 14:37 - 2014-01-26 17:45 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Skype
2014-01-31 18:15 - 2014-01-28 21:33 - 00000000 ____D () C:\Users\Regina\Desktop\Jobs
2014-01-30 23:35 - 2014-01-24 20:08 - 00000000 ____D () C:\ProgramData\Adobe
2014-01-29 21:59 - 2014-01-28 22:45 - 00000000 ___RD () C:\Users\Regina\Desktop\Projekte
2014-01-29 21:59 - 2014-01-28 21:45 - 00000000 ___RD () C:\Users\Regina\Desktop\Freizeit
2014-01-29 12:25 - 2014-01-29 12:25 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-01-29 00:17 - 2014-01-28 23:04 - 00000000 ___RD () C:\Users\Regina\Desktop\Fotos_Videos_ReginaBerthold_2005-2014
2014-01-28 22:58 - 2014-01-28 22:57 - 00000000 ____D () C:\Users\Regina\Desktop\Uni BA MA
2014-01-28 22:56 - 2014-01-28 22:56 - 00003584 _____ () C:\Users\Regina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-28 22:56 - 2014-01-28 22:56 - 00000000 ____D () C:\Users\Regina\Desktop\Ungeordnete Dateien Regina
2014-01-28 22:53 - 2014-01-28 22:46 - 00000000 ____D () C:\Users\Regina\Desktop\Musik von Regina
2014-01-28 21:34 - 2014-01-28 21:34 - 00000000 ____D () C:\Users\Regina\Desktop\Bewerbung
2014-01-27 10:57 - 2014-01-17 11:10 - 00000000 ___RD () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-26 17:45 - 2014-01-26 17:45 - 00000000 ____D () C:\Users\Regina\AppData\Local\Skype
2014-01-26 17:44 - 2014-01-26 17:44 - 00001892 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-01-26 17:44 - 2014-01-26 17:44 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-01-26 17:44 - 2014-01-26 17:44 - 00000000 ____D () C:\ProgramData\Skype
2014-01-26 17:43 - 2014-01-26 17:42 - 35671200 _____ (Skype Technologies S.A.) C:\Users\Regina\Downloads\SkypeSetupFull.exe
2014-01-26 17:17 - 2014-01-24 20:10 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Adobe
2014-01-26 17:17 - 2014-01-24 20:00 - 00000000 ____D () C:\Users\Regina\AppData\Local\Adobe
2014-01-26 17:13 - 2014-01-26 17:13 - 00000942 _____ () C:\Users\Regina\Desktop\Dropbox.lnk
2014-01-26 17:13 - 2014-01-26 17:11 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\DropboxMaster
2014-01-26 17:11 - 2014-01-26 17:11 - 00000000 ____D () C:\Program Files (x86)\Dropbox
2014-01-26 17:10 - 2014-01-26 17:10 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-26 17:06 - 2014-01-26 17:05 - 37660568 _____ (Dropbox, Inc.) C:\Users\Regina\Downloads\Dropbox 2.6.2.exe
2014-01-26 13:15 - 2014-01-26 13:15 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\0F1F1C2Y1H1P1C0I0T
2014-01-26 13:14 - 2014-01-26 13:13 - 00437118 _____ () C:\Users\Regina\AppData\Local\dd_vcredistMSI4E0F.txt
2014-01-26 13:14 - 2014-01-26 13:13 - 00012072 _____ () C:\Users\Regina\AppData\Local\dd_vcredistUI4E0F.txt
2014-01-26 13:13 - 2006-11-02 14:33 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-01-26 13:11 - 2014-01-26 13:12 - 00608840 _____ () C:\Users\Regina\Downloads\adblock-plus.xpi
2014-01-24 21:49 - 2014-01-24 21:49 - 00000901 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-01-24 21:49 - 2014-01-24 21:49 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-01-24 21:39 - 2014-01-24 21:38 - 24097311 _____ () C:\Users\Regina\Downloads\vlc-2.1.2-win32.exe
2014-01-24 20:10 - 2014-01-24 20:10 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Macromedia
2014-01-24 20:10 - 2014-01-24 20:10 - 00000000 ____D () C:\Users\Regina\AppData\Local\Macromedia
2014-01-24 20:09 - 2014-01-24 20:09 - 00001922 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-01-24 20:09 - 2014-01-24 20:09 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-01-24 20:02 - 2014-01-24 20:02 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-01-24 20:02 - 2014-01-24 20:02 - 00000000 ____D () C:\Windows\system32\Macromed
2014-01-24 01:24 - 2014-01-17 17:43 - 00001829 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-24 01:23 - 2014-01-17 17:42 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-24 01:23 - 2014-01-17 17:42 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-24 01:23 - 2014-01-17 17:42 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-24 01:23 - 2014-01-17 17:42 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-24 01:23 - 2014-01-17 17:42 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-01-24 01:23 - 2014-01-17 17:42 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-01-24 01:23 - 2014-01-17 17:42 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-23 21:02 - 2014-01-23 21:02 - 00001003 _____ () C:\Users\Regina\Documents\MailShield.der
2014-01-23 20:46 - 2014-01-23 20:46 - 00001844 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-01-23 20:46 - 2014-01-23 20:46 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Thunderbird
2014-01-23 20:18 - 2014-01-23 20:17 - 21981704 _____ (Mozilla) C:\Users\Regina\Downloads\Thunderbird Setup 24.2.0.exe
2014-01-23 20:16 - 2014-01-23 20:16 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Mozilla
2014-01-23 20:16 - 2014-01-23 20:16 - 00000000 ____D () C:\Users\Regina\AppData\Local\Mozilla
2014-01-20 16:09 - 2014-01-20 16:09 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\LibreOffice
2014-01-20 15:06 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\rescache
2014-01-20 14:04 - 2014-01-20 14:04 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-01-20 14:01 - 2006-11-02 16:21 - 00290832 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-20 13:58 - 2014-01-20 13:58 - 00000000 ____D () C:\Windows\SysWOW64\spool
2014-01-20 13:58 - 2014-01-20 13:58 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-01-20 13:58 - 2014-01-20 13:58 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2014-01-20 13:58 - 2006-11-02 16:07 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-01-20 13:58 - 2006-11-02 16:07 - 00000000 ____D () C:\Program Files\Windows Journal
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\uk-UA
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\th-TH
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\sr-Latn-CS
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\sl-SI
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\ro-RO
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\lv-LV
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\lt-LT
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\hr-HR
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\he-IL
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\et-EE
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\uk-UA
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\th-TH
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\sl-SI
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\sk-SK
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\ro-RO
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\lv-LV
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\lt-LT
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\hr-HR
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\he-IL
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\et-EE
2014-01-20 13:58 - 2006-11-02 14:33 - 00000000 ___RD () C:\Windows\Offline Web Pages
2014-01-20 13:58 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\system32\bg-BG
2014-01-20 13:58 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-01-20 13:58 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-01-20 13:58 - 2006-11-02 14:33 - 00000000 ____D () C:\Program Files\Common Files\System
2014-01-20 13:57 - 2014-01-20 13:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_07_00.Wdf
2014-01-20 12:21 - 2014-01-20 12:16 - 00004287 _____ () C:\Windows\IE9_main.log
2014-01-20 12:20 - 2014-01-20 12:20 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-01-20 12:20 - 2014-01-20 12:20 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-01-20 12:20 - 2014-01-20 12:20 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-01-20 12:20 - 2014-01-20 12:20 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-01-20 12:20 - 2014-01-20 12:20 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\advpack.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-01-20 12:20 - 2014-01-20 12:20 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-01-20 12:20 - 2014-01-20 12:20 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-01-20 12:20 - 2006-11-02 13:16 - 00008798 _____ () C:\Windows\SysWOW64\icrav03.rat
2014-01-20 12:20 - 2006-11-02 13:16 - 00001988 _____ () C:\Windows\SysWOW64\ticrf.rat
2014-01-20 12:20 - 2006-11-02 07:36 - 00008798 _____ () C:\Windows\system32\icrav03.rat
2014-01-20 12:20 - 2006-11-02 07:36 - 00001988 _____ () C:\Windows\system32\ticrf.rat
2014-01-20 12:18 - 2014-01-20 12:18 - 03548672 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 03068416 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 01554432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsservices.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\MFH264Dec.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 01075712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 01032192 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe
2014-01-20 12:18 - 2014-01-20 12:18 - 00979456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFH264Dec.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00847360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00625152 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00586240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00428544 _____ (Microsoft Corporation) C:\Windows\system32\MFHEAACdec.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4src.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2014-01-20 12:18 - 2014-01-20 12:18 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFHEAACdec.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00345088 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00302592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4src.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00258048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2014-01-20 12:18 - 2014-01-20 12:18 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00135680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelineprxy.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-01-20 12:17 - 2014-01-20 12:17 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00449024 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00369664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\dxdiag.exe
2014-01-20 12:17 - 2014-01-20 12:17 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\dxdiagn.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiag.exe
2014-01-20 12:17 - 2014-01-20 12:17 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiagn.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00189440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-01-20 10:15 - 2014-01-17 11:10 - 00062768 _____ () C:\Users\Regina\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-20 10:14 - 2014-01-17 11:09 - 00000915 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk

Some content of TEMP:
====================
C:\Users\Regina\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvedswt.dll
C:\Users\Regina\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-17 16:46

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 18.02.2014, 12:33

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Twentyflux · 19.02.2014, 12:29

Eset Online Scanner Logfile:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3b23aa30f0c2a64d9dd6f45f6ef75028
# engine=17123
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-18 06:21:34
# local_time=2014-02-18 07:21:34 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=774 16777213 71 77 2170898 2228309 0 0
# compatibility_mode=5892 16776573 100 100 10561 230271600 0 0
# scanned=204366
# found=0
# cleaned=0
# scan_time=5744

Security Check:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.79  
 Windows Vista Service Pack 2 x64 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Adobe Flash Player 	12.0.0.44  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (27.0.1) 
 Mozilla Thunderbird (24.3.0) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

FRST Log neu:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2014
Ran by Regina (administrator) on REGINA-PC on 19-02-2014 11:30:49
Running from C:\Users\Regina\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-24] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x99035DB06E18CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\4o7rdo4p.default
FF NewTab: chrome://lightning/content/newtab.html
FF DefaultSearchEngine: LEO Eng-Deu
FF SelectedSearchEngine: LEO Eng-Deu
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Extension_Protected - C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\4o7rdo4p.default\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi [2014-01-26]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-17]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-24] (AVAST Software)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-01-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-24] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-01-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-17] ()
S1 Beep; No ImagePath
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [56832 2009-04-01] (Atheros Communications, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-19 11:26 - 2014-02-19 11:26 - 00000891 _____ () C:\Users\Regina\Desktop\checkup.txt
2014-02-19 11:17 - 2014-02-19 11:17 - 00000000 ____D () C:\Users\Regina\Desktop\Trojaner_Board Sweet Page Entfernung
2014-02-18 17:40 - 2014-02-18 17:40 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-18 17:34 - 2014-02-18 17:34 - 00987425 _____ () C:\Users\Regina\Desktop\SecurityCheck.exe
2014-02-18 17:33 - 2014-02-18 17:33 - 02347384 _____ (ESET) C:\Users\Regina\Desktop\esetsmartinstaller_enu.exe
2014-02-17 17:28 - 2014-02-19 11:30 - 00000000 ____D () C:\Users\Regina\Desktop\FRST-OlderVersion
2014-02-17 17:01 - 2014-02-17 17:01 - 00000768 _____ () C:\Users\Regina\Desktop\JRT.txt
2014-02-17 16:50 - 2014-02-17 16:50 - 00000000 ____D () C:\Windows\ERUNT
2014-02-17 16:38 - 2014-02-17 16:38 - 00003747 _____ () C:\Users\Regina\Desktop\AdwCleaner[R0].txt
2014-02-17 16:27 - 2014-02-17 16:39 - 00000000 ____D () C:\AdwCleaner
2014-02-17 16:21 - 2014-02-17 16:21 - 01037530 _____ (Thisisu) C:\Users\Regina\Desktop\JRT.exe
2014-02-17 14:42 - 2014-02-17 14:42 - 00000948 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-17 14:42 - 2014-02-17 14:42 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Malwarebytes
2014-02-17 14:42 - 2014-02-17 14:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-17 14:42 - 2014-02-17 14:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-17 14:42 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-17 14:35 - 2014-02-17 14:35 - 01037530 _____ (Thisisu) C:\Users\Regina\Desktop\JRT.exe.part
2014-02-17 14:34 - 2014-02-17 16:27 - 01241888 _____ () C:\Users\Regina\Desktop\adwcleaner.exe
2014-02-17 14:29 - 2014-02-17 14:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Regina\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-16 18:34 - 2014-02-16 18:34 - 00031744 _____ () C:\Users\Regina\Desktop\Ausgaben Steffi+Regi_2013.xls
2014-02-16 18:33 - 2014-02-16 18:40 - 00018432 _____ () C:\Users\Regina\Desktop\Ausgaben Steffi+Regi_2014.xls
2014-02-16 12:08 - 2014-02-16 12:08 - 00018100 _____ () C:\ComboFix.txt
2014-02-16 11:52 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-16 11:52 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-16 11:52 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-16 11:52 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-16 11:52 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-16 11:52 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-16 11:52 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-16 11:52 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-16 11:48 - 2014-02-16 12:08 - 00000000 ____D () C:\Qoobox
2014-02-16 11:47 - 2014-02-16 12:06 - 00000000 ____D () C:\Windows\erdnt
2014-02-16 11:47 - 2014-02-16 11:51 - 00000000 ____D () C:\32788R22FWJFW
2014-02-16 11:46 - 2014-02-16 11:47 - 05183211 ____R (Swearware) C:\Users\Regina\Desktop\ComboFix.exe
2014-02-14 11:22 - 2014-02-14 11:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 10:20 - 2014-02-05 11:19 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 10:20 - 2014-02-05 11:02 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 10:20 - 2014-02-05 11:00 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 10:20 - 2014-02-05 10:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 10:20 - 2014-02-05 10:54 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 10:20 - 2014-02-05 10:52 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 10:20 - 2014-02-05 10:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-13 10:20 - 2014-02-05 10:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 10:20 - 2014-02-05 10:51 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 10:20 - 2014-02-05 10:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-13 10:20 - 2014-02-05 10:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 10:20 - 2014-02-05 10:51 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 10:20 - 2014-02-05 10:51 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 10:20 - 2014-02-05 10:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 10:20 - 2014-02-05 10:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 10:20 - 2014-02-05 10:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-13 10:20 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 10:20 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 10:20 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 10:20 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 10:20 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 10:20 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 10:20 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-13 10:20 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 10:20 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-13 10:20 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 10:20 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 10:20 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 10:20 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 10:20 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 10:20 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-13 10:20 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 01:08 - 2014-02-13 10:03 - 00055767 _____ () C:\Users\Regina\Downloads\7z920.exe
2014-02-13 01:08 - 2014-02-13 01:08 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-02-12 14:55 - 2013-12-05 05:48 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 14:55 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 14:44 - 2014-02-12 14:45 - 00414571 _____ () C:\Users\Regina\Desktop\gmer.txt.txt
2014-02-12 13:07 - 2014-02-12 13:07 - 00380416 _____ () C:\Users\Regina\Desktop\Gmer-19357.exe
2014-02-12 12:43 - 2014-02-12 12:44 - 00014496 _____ () C:\Users\Regina\Desktop\Addition.txt
2014-02-12 12:41 - 2014-02-19 11:30 - 00006792 _____ () C:\Users\Regina\Desktop\FRST.txt
2014-02-12 12:41 - 2014-02-19 11:30 - 00000000 ____D () C:\FRST
2014-02-12 12:39 - 2014-02-19 11:30 - 02153472 _____ (Farbar) C:\Users\Regina\Desktop\FRST64.exe
2014-02-12 12:37 - 2014-02-12 12:38 - 00000474 _____ () C:\Users\Regina\Desktop\defogger_disable.log
2014-02-12 12:37 - 2014-02-12 12:37 - 00000000 _____ () C:\Users\Regina\defogger_reenable
2014-02-11 23:03 - 2014-02-11 23:03 - 00010506 _____ () C:\Users\Regina\Desktop\prefs.js
2014-02-11 15:28 - 2014-02-11 15:29 - 00277280 _____ () C:\Windows\Minidump\Mini021114-02.dmp
2014-02-11 15:00 - 2014-02-11 15:28 - 390989177 _____ () C:\Windows\MEMORY.DMP
2014-02-11 15:00 - 2014-02-11 15:28 - 00000000 ____D () C:\Windows\Minidump
2014-02-11 15:00 - 2014-02-11 15:00 - 00277256 _____ () C:\Windows\Minidump\Mini021114-01.dmp
2014-02-10 17:43 - 2014-02-10 17:43 - 00050477 _____ () C:\Users\Regina\Desktop\Defogger.exe
2014-02-06 14:18 - 2014-02-16 11:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-06 14:18 - 2014-02-06 14:18 - 00000000 ____D () C:\ProgramData\Mozilla
2014-02-02 19:40 - 2014-02-02 19:40 - 00000000 ____D () C:\Users\Regina\Desktop\Bilder 2014
2014-01-29 12:25 - 2014-01-29 12:25 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-01-28 23:04 - 2014-01-29 00:17 - 00000000 ___RD () C:\Users\Regina\Desktop\Fotos_Videos_ReginaBerthold_2005-2014
2014-01-28 22:57 - 2014-01-28 22:58 - 00000000 ____D () C:\Users\Regina\Desktop\Uni BA MA
2014-01-28 22:56 - 2014-01-28 22:56 - 00003584 _____ () C:\Users\Regina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-28 22:56 - 2014-01-28 22:56 - 00000000 ____D () C:\Users\Regina\Desktop\Ungeordnete Dateien Regina
2014-01-28 22:46 - 2014-01-28 22:53 - 00000000 ____D () C:\Users\Regina\Desktop\Musik von Regina
2014-01-28 22:45 - 2014-01-29 21:59 - 00000000 ___RD () C:\Users\Regina\Desktop\Projekte
2014-01-28 21:45 - 2014-01-29 21:59 - 00000000 ___RD () C:\Users\Regina\Desktop\Freizeit
2014-01-28 21:34 - 2014-01-28 21:34 - 00000000 ____D () C:\Users\Regina\Desktop\Bewerbung
2014-01-28 21:33 - 2014-01-31 18:15 - 00000000 ____D () C:\Users\Regina\Desktop\Jobs
2014-01-26 17:45 - 2014-02-02 14:37 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Skype
2014-01-26 17:45 - 2014-01-26 17:45 - 00000000 ____D () C:\Users\Regina\AppData\Local\Skype
2014-01-26 17:44 - 2014-01-26 17:44 - 00001892 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-01-26 17:44 - 2014-01-26 17:44 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-01-26 17:44 - 2014-01-26 17:44 - 00000000 ____D () C:\ProgramData\Skype
2014-01-26 17:42 - 2014-01-26 17:43 - 35671200 _____ (Skype Technologies S.A.) C:\Users\Regina\Downloads\SkypeSetupFull.exe
2014-01-26 17:13 - 2014-02-19 11:15 - 00000000 ___RD () C:\Users\Regina\Dropbox
2014-01-26 17:13 - 2014-01-26 17:13 - 00000942 _____ () C:\Users\Regina\Desktop\Dropbox.lnk
2014-01-26 17:11 - 2014-01-26 17:13 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\DropboxMaster
2014-01-26 17:11 - 2014-01-26 17:11 - 00000000 ____D () C:\Program Files (x86)\Dropbox
2014-01-26 17:10 - 2014-01-26 17:10 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-26 17:08 - 2014-02-19 11:15 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Dropbox
2014-01-26 17:05 - 2014-01-26 17:06 - 37660568 _____ (Dropbox, Inc.) C:\Users\Regina\Downloads\Dropbox 2.6.2.exe
2014-01-26 13:15 - 2014-01-26 13:15 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\0F1F1C2Y1H1P1C0I0T
2014-01-26 13:13 - 2014-01-26 13:14 - 00437118 _____ () C:\Users\Regina\AppData\Local\dd_vcredistMSI4E0F.txt
2014-01-26 13:13 - 2014-01-26 13:14 - 00012072 _____ () C:\Users\Regina\AppData\Local\dd_vcredistUI4E0F.txt
2014-01-26 13:12 - 2014-01-26 13:11 - 00608840 _____ () C:\Users\Regina\Downloads\adblock-plus.xpi
2014-01-24 22:01 - 2014-02-02 19:41 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\vlc
2014-01-24 21:49 - 2014-01-24 21:49 - 00000901 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-01-24 21:49 - 2014-01-24 21:49 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-01-24 21:38 - 2014-01-24 21:39 - 24097311 _____ () C:\Users\Regina\Downloads\vlc-2.1.2-win32.exe
2014-01-24 20:26 - 2014-02-19 11:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-24 20:26 - 2014-02-06 14:29 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-24 20:10 - 2014-01-26 17:17 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Adobe
2014-01-24 20:10 - 2014-01-24 20:10 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Macromedia
2014-01-24 20:10 - 2014-01-24 20:10 - 00000000 ____D () C:\Users\Regina\AppData\Local\Macromedia
2014-01-24 20:09 - 2014-01-24 20:09 - 00001922 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-01-24 20:09 - 2014-01-24 20:09 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-01-24 20:08 - 2014-01-30 23:35 - 00000000 ____D () C:\ProgramData\Adobe
2014-01-24 20:02 - 2014-02-06 14:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-24 20:02 - 2014-02-06 14:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-24 20:02 - 2014-01-24 20:02 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-01-24 20:02 - 2014-01-24 20:02 - 00000000 ____D () C:\Windows\system32\Macromed
2014-01-24 20:00 - 2014-01-26 17:17 - 00000000 ____D () C:\Users\Regina\AppData\Local\Adobe
2014-01-23 21:02 - 2014-01-23 21:02 - 00001003 _____ () C:\Users\Regina\Documents\MailShield.der
2014-01-23 20:46 - 2014-02-06 14:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-01-23 20:46 - 2014-02-04 18:32 - 00000000 ____D () C:\Users\Regina\AppData\Local\Thunderbird
2014-01-23 20:46 - 2014-01-23 20:46 - 00001844 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-01-23 20:46 - 2014-01-23 20:46 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Thunderbird
2014-01-23 20:17 - 2014-01-23 20:18 - 21981704 _____ (Mozilla) C:\Users\Regina\Downloads\Thunderbird Setup 24.2.0.exe
2014-01-23 20:16 - 2014-02-17 16:39 - 00000791 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-23 20:16 - 2014-01-23 20:16 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Mozilla
2014-01-23 20:16 - 2014-01-23 20:16 - 00000000 ____D () C:\Users\Regina\AppData\Local\Mozilla
2014-01-20 16:09 - 2014-01-20 16:09 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\LibreOffice
2014-01-20 14:46 - 2014-02-13 10:10 - 01541636 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-20 14:16 - 2013-08-27 04:39 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-01-20 14:16 - 2013-08-27 04:39 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-01-20 14:16 - 2013-08-27 04:39 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-01-20 14:16 - 2013-08-27 04:39 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-01-20 14:16 - 2013-08-27 03:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-01-20 14:16 - 2013-08-27 03:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-01-20 14:16 - 2013-08-27 03:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-01-20 14:16 - 2013-08-27 03:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-01-20 14:16 - 2013-08-27 03:32 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-01-20 14:16 - 2013-08-27 03:30 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-01-20 14:16 - 2013-08-27 03:06 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-01-20 14:16 - 2013-08-27 03:00 - 01556480 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-01-20 14:16 - 2013-08-27 03:00 - 01149952 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-01-20 14:16 - 2013-08-27 02:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-01-20 14:16 - 2013-08-27 02:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-01-20 14:16 - 2013-08-27 02:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-01-20 14:16 - 2013-08-27 02:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-01-20 14:16 - 2011-03-12 23:52 - 01653760 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-01-20 14:16 - 2011-03-12 22:55 - 00876032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-01-20 14:04 - 2014-01-20 14:04 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-01-20 13:58 - 2014-01-20 13:58 - 00000000 ____D () C:\Windows\SysWOW64\spool
2014-01-20 13:58 - 2014-01-20 13:58 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-01-20 13:58 - 2014-01-20 13:58 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2014-01-20 13:57 - 2014-01-20 13:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_07_00.Wdf
2014-01-20 13:46 - 2009-10-01 02:02 - 02537472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2014-01-20 13:46 - 2009-10-01 02:02 - 00334848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceApi.dll
2014-01-20 13:46 - 2009-10-01 02:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDShServiceObj.dll
2014-01-20 13:46 - 2009-10-01 02:02 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDShextAutoplay.exe
2014-01-20 13:46 - 2009-10-01 02:01 - 00350208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDSp.dll
2014-01-20 13:46 - 2009-10-01 02:01 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceWMDRM.dll
2014-01-20 13:46 - 2009-10-01 02:01 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceTypes.dll
2014-01-20 13:46 - 2009-10-01 02:01 - 00100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceClassExtension.dll
2014-01-20 13:46 - 2009-10-01 02:01 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceConnectApi.dll
2014-01-20 13:46 - 2009-10-01 01:52 - 02727936 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2014-01-20 13:46 - 2009-10-01 01:52 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2014-01-20 13:46 - 2009-10-01 01:52 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\WPDShextAutoplay.exe
2014-01-20 13:46 - 2009-10-01 01:51 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2014-01-20 13:46 - 2009-10-01 01:51 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\WPDSp.dll
2014-01-20 13:46 - 2009-10-01 01:51 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWMDRM.dll
2014-01-20 13:46 - 2009-10-01 01:51 - 00214528 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceTypes.dll
2014-01-20 13:46 - 2009-10-01 01:51 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceClassExtension.dll
2014-01-20 13:46 - 2009-10-01 01:51 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll
2014-01-20 13:46 - 2009-10-01 01:51 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2014-01-20 13:46 - 2009-10-01 01:51 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceConnectApi.dll
2014-01-20 13:46 - 2009-10-01 01:51 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\BthMtpContextHandler.dll
2014-01-20 12:28 - 2012-07-26 04:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-01-20 12:28 - 2012-07-26 04:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-01-20 12:28 - 2012-07-26 04:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-01-20 12:28 - 2012-07-26 04:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-01-20 12:28 - 2012-07-26 04:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-01-20 12:28 - 2012-07-26 03:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-01-20 12:28 - 2012-07-26 03:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-01-20 12:28 - 2012-06-02 15:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-01-20 12:28 - 2009-07-14 13:19 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\winusb.dll
2014-01-20 12:28 - 2009-07-14 13:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winusb.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-01-20 12:20 - 2014-01-20 12:20 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-01-20 12:20 - 2014-01-20 12:20 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-01-20 12:20 - 2014-01-20 12:20 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-01-20 12:20 - 2014-01-20 12:20 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\advpack.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-01-20 12:20 - 2014-01-20 12:20 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-01-20 12:20 - 2014-01-20 12:20 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-01-20 12:18 - 2014-01-20 12:18 - 03548672 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 03068416 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 01554432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsservices.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\MFH264Dec.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 01075712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 01032192 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe
2014-01-20 12:18 - 2014-01-20 12:18 - 00979456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFH264Dec.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00847360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00625152 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00586240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00428544 _____ (Microsoft Corporation) C:\Windows\system32\MFHEAACdec.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4src.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2014-01-20 12:18 - 2014-01-20 12:18 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFHEAACdec.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00345088 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00302592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4src.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00258048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2014-01-20 12:18 - 2014-01-20 12:18 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00135680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelineprxy.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-01-20 12:17 - 2014-01-20 12:17 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00449024 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00369664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\dxdiag.exe
2014-01-20 12:17 - 2014-01-20 12:17 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\dxdiagn.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiag.exe
2014-01-20 12:17 - 2014-01-20 12:17 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiagn.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00189440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-01-20 12:16 - 2014-01-20 12:21 - 00004287 _____ () C:\Windows\IE9_main.log
2014-01-20 11:44 - 2009-09-10 03:07 - 03815424 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll
2014-01-20 11:44 - 2009-09-10 03:06 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2014-01-20 11:44 - 2009-09-10 03:05 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-01-20 11:44 - 2009-09-10 03:01 - 03023360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbon.dll
2014-01-20 11:44 - 2009-09-10 03:00 - 01164800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll
2014-01-20 11:44 - 2009-09-10 03:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2014-01-20 11:43 - 2012-02-29 16:37 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2014-01-20 11:43 - 2012-02-29 16:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2014-01-20 11:43 - 2012-02-29 14:52 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2014-01-20 11:33 - 2014-02-17 15:58 - 00002088 _____ () C:\Windows\system32\spsys.log
2014-01-20 11:20 - 2013-10-11 05:23 - 00781824 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-01-20 11:20 - 2013-10-11 05:23 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-01-20 11:20 - 2013-10-11 03:29 - 00217074 _____ () C:\Windows\system32\WFP.TMF
2014-01-20 11:20 - 2013-10-11 03:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-01-20 11:20 - 2013-08-02 15:06 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-01-20 11:20 - 2013-08-02 05:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-01-20 11:20 - 2013-07-09 13:04 - 01585256 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-01-20 11:20 - 2013-07-09 13:04 - 01168088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-01-20 11:20 - 2013-07-08 05:51 - 04691904 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-01-20 11:20 - 2013-07-08 05:20 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-01-20 11:20 - 2013-07-08 05:18 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-01-20 11:20 - 2013-07-08 05:15 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-01-20 11:20 - 2013-07-08 05:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-01-20 11:20 - 2013-07-08 02:39 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-01-20 11:20 - 2013-07-08 02:39 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-01-20 11:20 - 2013-07-08 02:39 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-01-20 11:20 - 2013-03-09 05:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-01-20 11:20 - 2013-03-09 02:48 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-01-20 11:20 - 2013-03-03 20:13 - 01513320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-01-20 11:20 - 2012-09-25 17:31 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2014-01-20 11:20 - 2012-09-25 17:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2014-01-20 11:20 - 2012-05-01 15:29 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-01-20 11:20 - 2011-12-14 17:38 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2014-01-20 11:20 - 2011-12-14 17:17 - 00680448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2014-01-20 11:20 - 2011-02-22 15:47 - 00479744 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-01-20 11:20 - 2011-02-22 15:13 - 00288768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-01-20 11:18 - 2013-07-10 10:47 - 00677888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-01-20 11:18 - 2013-07-10 10:42 - 01303552 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-01-20 11:18 - 2013-04-24 05:09 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2014-01-20 11:18 - 2013-04-24 05:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2014-01-20 11:18 - 2013-04-24 03:10 - 01078272 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-01-20 11:18 - 2013-04-24 02:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2014-01-20 11:18 - 2011-10-25 17:13 - 00352256 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-01-20 11:18 - 2011-10-25 16:58 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-01-20 11:17 - 2013-10-11 05:27 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-01-20 11:17 - 2013-10-11 05:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-01-20 11:17 - 2013-10-11 03:19 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-01-20 11:17 - 2013-10-11 03:19 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-01-20 11:17 - 2013-10-11 03:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-01-20 11:17 - 2013-10-11 03:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-01-20 11:17 - 2013-10-11 03:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshcon.dll
2014-01-20 11:17 - 2013-10-11 01:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-01-20 11:17 - 2013-10-11 01:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-01-20 11:17 - 2013-07-08 05:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-01-20 11:17 - 2013-07-08 05:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-01-20 11:17 - 2013-07-08 05:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2014-01-20 11:17 - 2013-07-08 05:15 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-01-20 11:17 - 2013-07-08 05:12 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-01-20 11:17 - 2013-07-08 05:12 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-01-20 11:17 - 2013-04-17 14:04 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-01-20 11:17 - 2013-04-17 13:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2014-01-20 11:17 - 2013-02-12 03:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2014-01-20 11:17 - 2012-11-02 11:47 - 01794560 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-01-20 11:17 - 2012-11-02 11:19 - 01400832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-01-20 11:17 - 2012-06-08 18:59 - 12899840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-01-20 11:17 - 2012-06-08 18:47 - 11586048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-01-20 11:17 - 2012-05-11 17:34 - 00788480 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-01-20 11:17 - 2012-05-11 16:57 - 00623616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\localspl.dll
2014-01-20 11:17 - 2012-02-01 16:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2014-01-20 11:17 - 2011-08-25 17:20 - 00735744 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2014-01-20 11:17 - 2011-08-25 17:19 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-01-20 11:17 - 2011-08-25 17:19 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2014-01-20 11:17 - 2011-08-25 17:15 - 00555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2014-01-20 11:17 - 2011-08-25 17:14 - 00563712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-01-20 11:17 - 2011-08-25 17:14 - 00238080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2014-01-20 11:17 - 2011-08-25 14:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\oleaccrc.dll
2014-01-20 11:17 - 2011-08-25 14:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaccrc.dll
2014-01-20 11:16 - 2013-10-03 16:02 - 01278976 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-01-20 11:16 - 2013-10-03 13:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-01-20 11:16 - 2013-07-20 11:45 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-01-20 11:16 - 2013-07-20 11:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-01-20 11:16 - 2013-07-17 21:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-01-20 11:16 - 2013-07-17 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-01-20 11:16 - 2013-07-16 10:25 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2014-01-20 11:16 - 2013-07-16 05:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2014-01-20 11:16 - 2013-07-03 03:22 - 00031616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-01-20 11:16 - 2013-06-01 05:19 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-01-20 11:16 - 2013-06-01 05:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-01-20 11:16 - 2013-05-02 05:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-01-20 11:16 - 2013-05-02 05:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2014-01-20 11:16 - 2013-05-02 05:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printcom.dll
2014-01-20 11:16 - 2013-03-08 05:17 - 02425344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-01-20 11:16 - 2013-03-08 04:52 - 02067968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-01-20 11:16 - 2012-11-22 05:22 - 00456192 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2014-01-20 11:16 - 2012-11-22 04:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shlwapi.dll
2014-01-20 11:16 - 2012-09-28 17:34 - 01210368 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-01-20 11:16 - 2012-09-28 17:13 - 00860160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-01-20 11:16 - 2012-06-04 16:29 - 00516480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-01-20 11:16 - 2012-06-02 01:22 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-01-20 11:16 - 2012-06-02 01:05 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-01-20 11:16 - 2012-06-02 01:04 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-01-20 11:16 - 2011-11-16 17:43 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2014-01-20 11:16 - 2011-11-16 17:42 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-01-20 11:16 - 2011-11-16 17:41 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-01-20 11:16 - 2011-11-16 17:23 - 00377344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2014-01-20 11:16 - 2011-11-16 15:34 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-01-20 11:16 - 2011-07-29 17:08 - 00375808 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2014-01-20 11:16 - 2011-07-29 17:08 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2014-01-20 11:16 - 2011-07-29 17:06 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\Mpeg2Data.ax
2014-01-20 11:16 - 2011-07-29 17:06 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax
2014-01-20 11:16 - 2011-07-29 17:01 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2014-01-20 11:16 - 2011-07-29 17:01 - 00217088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2014-01-20 11:16 - 2011-07-29 17:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax
2014-01-20 11:16 - 2011-07-29 17:00 - 00057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax
2014-01-20 11:14 - 2013-08-01 05:10 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-01-20 11:14 - 2013-08-01 04:37 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-01-20 11:13 - 2013-10-30 03:10 - 02776064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-20 11:13 - 2013-09-04 03:31 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-01-20 11:13 - 2013-07-05 05:45 - 01423808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-01-20 11:13 - 2013-07-04 05:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-01-20 11:13 - 2013-07-04 05:13 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-01-20 11:13 - 2013-06-29 03:25 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-20 11:13 - 2013-06-29 03:25 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-20 11:13 - 2013-06-29 03:25 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-20 11:13 - 2013-06-29 03:25 - 00007552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-20 11:13 - 2013-06-27 00:00 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-01-20 11:13 - 2013-06-27 00:00 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-01-20 11:13 - 2013-06-27 00:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2014-01-20 11:13 - 2013-06-15 14:27 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2014-01-20 11:13 - 2013-06-15 12:38 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-01-20 11:13 - 2013-06-04 05:16 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-01-20 11:13 - 2013-06-04 05:16 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-01-20 11:13 - 2013-06-04 03:01 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-01-20 11:13 - 2013-06-04 02:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-01-20 11:13 - 2011-10-14 18:31 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2014-01-20 11:13 - 2011-10-14 18:27 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\mcicda.dll
2014-01-20 11:13 - 2011-10-14 18:27 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\mciwave.dll
2014-01-20 11:13 - 2011-10-14 18:27 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\mciseq.dll
2014-01-20 11:13 - 2011-10-14 17:03 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2014-01-20 11:13 - 2011-10-14 17:00 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mciseq.dll
2014-01-20 11:13 - 2011-05-05 15:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-20 11:13 - 2011-05-05 15:17 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-20 11:12 - 2013-10-30 05:34 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2014-01-20 11:12 - 2013-10-30 04:55 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-01-20 11:12 - 2013-10-30 03:33 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-01-20 11:12 - 2013-10-22 10:31 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-01-20 11:12 - 2013-10-22 08:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-01-20 11:12 - 2013-10-03 16:03 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-01-20 11:12 - 2013-10-03 13:46 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-01-20 11:12 - 2013-07-12 10:19 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2014-01-20 11:12 - 2013-03-08 05:18 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-01-20 11:12 - 2012-11-20 05:22 - 00204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-01-20 11:12 - 2012-11-20 05:21 - 00253952 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-01-20 11:12 - 2012-11-08 05:26 - 01570816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-01-20 11:12 - 2012-11-08 04:48 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-01-20 11:12 - 2012-11-02 11:45 - 00477696 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2014-01-20 11:12 - 2012-11-02 11:45 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll
2014-01-20 11:12 - 2012-11-02 11:18 - 00376320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2014-01-20 11:12 - 2012-11-02 09:59 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2014-01-20 11:12 - 2012-11-02 09:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
2014-01-20 11:12 - 2012-08-21 12:50 - 00267648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-01-20 11:12 - 2012-06-29 17:20 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2014-01-20 11:12 - 2012-06-29 17:01 - 00467968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2014-01-20 11:12 - 2012-03-21 00:34 - 00072576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2014-01-20 11:12 - 2011-11-18 19:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-01-20 11:12 - 2011-11-18 18:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-01-20 11:12 - 2011-10-14 18:30 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2014-01-20 11:12 - 2011-10-14 17:02 - 00429056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2014-01-20 11:12 - 2011-06-15 17:16 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2014-01-20 11:12 - 2011-06-15 17:12 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2014-01-20 11:12 - 2010-05-04 20:40 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msshsq.dll
2014-01-20 11:12 - 2010-05-04 20:13 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshsq.dll
2014-01-20 10:52 - 2012-01-09 17:16 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2014-01-20 10:52 - 2012-01-09 16:54 - 00613376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2014-01-20 10:25 - 2012-06-02 23:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-01-20 10:25 - 2012-06-02 23:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-01-20 10:25 - 2012-06-02 23:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-01-20 10:25 - 2012-06-02 23:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-01-20 10:24 - 2012-06-02 23:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-01-20 10:24 - 2012-06-02 23:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-01-20 10:24 - 2012-06-02 23:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-01-20 10:24 - 2012-06-02 23:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-01-20 10:24 - 2012-06-02 23:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-01-20 10:24 - 2012-06-02 23:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-01-20 10:23 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-01-20 10:23 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-01-20 10:23 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-01-20 10:23 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

2014-02-19 11:30 - 2014-02-17 17:28 - 00000000 ____D () C:\Users\Regina\Desktop\FRST-OlderVersion
2014-02-19 11:30 - 2014-02-12 12:41 - 00006792 _____ () C:\Users\Regina\Desktop\FRST.txt
2014-02-19 11:30 - 2014-02-12 12:41 - 00000000 ____D () C:\FRST
2014-02-19 11:30 - 2014-02-12 12:39 - 02153472 _____ (Farbar) C:\Users\Regina\Desktop\FRST64.exe
2014-02-19 11:29 - 2014-01-24 20:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-19 11:26 - 2014-02-19 11:26 - 00000891 _____ () C:\Users\Regina\Desktop\checkup.txt
2014-02-19 11:21 - 2008-01-21 12:10 - 01565124 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-19 11:21 - 2008-01-21 12:09 - 00673502 _____ () C:\Windows\system32\perfh007.dat
2014-02-19 11:21 - 2008-01-21 12:09 - 00145482 _____ () C:\Windows\system32\perfc007.dat
2014-02-19 11:18 - 2008-01-21 02:53 - 01765292 _____ () C:\Windows\WindowsUpdate.log
2014-02-19 11:17 - 2014-02-19 11:17 - 00000000 ____D () C:\Users\Regina\Desktop\Trojaner_Board Sweet Page Entfernung
2014-02-19 11:15 - 2014-01-26 17:13 - 00000000 ___RD () C:\Users\Regina\Dropbox
2014-02-19 11:15 - 2014-01-26 17:08 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Dropbox
2014-02-19 11:14 - 2006-11-02 16:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-19 11:14 - 2006-11-02 16:22 - 00004576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-19 11:14 - 2006-11-02 16:22 - 00004576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-18 19:50 - 2006-11-02 16:42 - 00021636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-18 17:40 - 2014-02-18 17:40 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-18 17:34 - 2014-02-18 17:34 - 00987425 _____ () C:\Users\Regina\Desktop\SecurityCheck.exe
2014-02-18 17:33 - 2014-02-18 17:33 - 02347384 _____ (ESET) C:\Users\Regina\Desktop\esetsmartinstaller_enu.exe
2014-02-18 17:15 - 2014-01-17 15:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-18 17:14 - 2006-11-02 13:35 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-18 17:10 - 2014-01-17 17:43 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-17 17:01 - 2014-02-17 17:01 - 00000768 _____ () C:\Users\Regina\Desktop\JRT.txt
2014-02-17 16:50 - 2014-02-17 16:50 - 00000000 ____D () C:\Windows\ERUNT
2014-02-17 16:39 - 2014-02-17 16:27 - 00000000 ____D () C:\AdwCleaner
2014-02-17 16:39 - 2014-01-23 20:16 - 00000791 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-17 16:39 - 2014-01-17 11:10 - 00000907 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-17 16:39 - 2014-01-17 11:10 - 00000907 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-02-17 16:38 - 2014-02-17 16:38 - 00003747 _____ () C:\Users\Regina\Desktop\AdwCleaner[R0].txt
2014-02-17 16:27 - 2014-02-17 14:34 - 01241888 _____ () C:\Users\Regina\Desktop\adwcleaner.exe
2014-02-17 16:21 - 2014-02-17 16:21 - 01037530 _____ (Thisisu) C:\Users\Regina\Desktop\JRT.exe
2014-02-17 15:58 - 2014-01-20 11:33 - 00002088 _____ () C:\Windows\system32\spsys.log
2014-02-17 15:57 - 2008-01-21 04:26 - 00041218 _____ () C:\Windows\PFRO.log
2014-02-17 14:42 - 2014-02-17 14:42 - 00000948 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-17 14:42 - 2014-02-17 14:42 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Malwarebytes
2014-02-17 14:42 - 2014-02-17 14:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-17 14:42 - 2014-02-17 14:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-17 14:35 - 2014-02-17 14:35 - 01037530 _____ (Thisisu) C:\Users\Regina\Desktop\JRT.exe.part
2014-02-17 14:29 - 2014-02-17 14:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Regina\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-16 18:40 - 2014-02-16 18:33 - 00018432 _____ () C:\Users\Regina\Desktop\Ausgaben Steffi+Regi_2014.xls
2014-02-16 18:34 - 2014-02-16 18:34 - 00031744 _____ () C:\Users\Regina\Desktop\Ausgaben Steffi+Regi_2013.xls
2014-02-16 12:08 - 2014-02-16 12:08 - 00018100 _____ () C:\ComboFix.txt
2014-02-16 12:08 - 2014-02-16 11:48 - 00000000 ____D () C:\Qoobox
2014-02-16 12:06 - 2014-02-16 11:47 - 00000000 ____D () C:\Windows\erdnt
2014-02-16 12:04 - 2006-11-02 13:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-16 11:51 - 2014-02-16 11:47 - 00000000 ____D () C:\32788R22FWJFW
2014-02-16 11:47 - 2014-02-16 11:46 - 05183211 ____R (Swearware) C:\Users\Regina\Desktop\ComboFix.exe
2014-02-16 11:24 - 2014-02-06 14:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-14 11:22 - 2014-02-14 11:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 10:10 - 2014-01-20 14:46 - 01541636 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-13 10:03 - 2014-02-13 01:08 - 00055767 _____ () C:\Users\Regina\Downloads\7z920.exe
2014-02-13 01:08 - 2014-02-13 01:08 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-02-12 14:45 - 2014-02-12 14:44 - 00414571 _____ () C:\Users\Regina\Desktop\gmer.txt.txt
2014-02-12 13:07 - 2014-02-12 13:07 - 00380416 _____ () C:\Users\Regina\Desktop\Gmer-19357.exe
2014-02-12 12:44 - 2014-02-12 12:43 - 00014496 _____ () C:\Users\Regina\Desktop\Addition.txt
2014-02-12 12:38 - 2014-02-12 12:37 - 00000474 _____ () C:\Users\Regina\Desktop\defogger_disable.log
2014-02-12 12:37 - 2014-02-12 12:37 - 00000000 _____ () C:\Users\Regina\defogger_reenable
2014-02-12 12:37 - 2014-01-17 11:09 - 00000000 ____D () C:\Users\Regina
2014-02-11 23:03 - 2014-02-11 23:03 - 00010506 _____ () C:\Users\Regina\Desktop\prefs.js
2014-02-11 15:29 - 2014-02-11 15:28 - 00277280 _____ () C:\Windows\Minidump\Mini021114-02.dmp
2014-02-11 15:28 - 2014-02-11 15:00 - 390989177 _____ () C:\Windows\MEMORY.DMP
2014-02-11 15:28 - 2014-02-11 15:00 - 00000000 ____D () C:\Windows\Minidump
2014-02-11 15:00 - 2014-02-11 15:00 - 00277256 _____ () C:\Windows\Minidump\Mini021114-01.dmp
2014-02-10 17:43 - 2014-02-10 17:43 - 00050477 _____ () C:\Users\Regina\Desktop\Defogger.exe
2014-02-06 14:29 - 2014-01-24 20:26 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-06 14:29 - 2014-01-24 20:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-06 14:29 - 2014-01-24 20:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-06 14:18 - 2014-02-06 14:18 - 00000000 ____D () C:\ProgramData\Mozilla
2014-02-06 14:18 - 2014-01-23 20:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-05 11:19 - 2014-02-13 10:20 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 11:02 - 2014-02-13 10:20 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 11:00 - 2014-02-13 10:20 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 10:54 - 2014-02-13 10:20 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 10:54 - 2014-02-13 10:20 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 10:52 - 2014-02-13 10:20 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 10:52 - 2014-02-13 10:20 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 10:52 - 2014-02-13 10:20 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 10:51 - 2014-02-13 10:20 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 10:51 - 2014-02-13 10:20 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 10:51 - 2014-02-13 10:20 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 10:51 - 2014-02-13 10:20 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 10:51 - 2014-02-13 10:20 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 10:50 - 2014-02-13 10:20 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 10:50 - 2014-02-13 10:20 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-05 10:50 - 2014-02-13 10:20 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 09:58 - 2014-02-13 10:20 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-05 09:56 - 2014-02-13 10:20 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-05 09:53 - 2014-02-13 10:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-05 09:51 - 2014-02-13 10:20 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-05 09:50 - 2014-02-13 10:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-05 09:49 - 2014-02-13 10:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-05 09:49 - 2014-02-13 10:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-05 09:48 - 2014-02-13 10:20 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-05 09:48 - 2014-02-13 10:20 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-05 09:48 - 2014-02-13 10:20 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-05 09:48 - 2014-02-13 10:20 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-05 09:48 - 2014-02-13 10:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-05 09:47 - 2014-02-13 10:20 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-05 09:47 - 2014-02-13 10:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-05 09:47 - 2014-02-13 10:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-05 09:46 - 2014-02-13 10:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-04 18:32 - 2014-01-23 20:46 - 00000000 ____D () C:\Users\Regina\AppData\Local\Thunderbird
2014-02-02 19:41 - 2014-01-24 22:01 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\vlc
2014-02-02 19:40 - 2014-02-02 19:40 - 00000000 ____D () C:\Users\Regina\Desktop\Bilder 2014
2014-02-02 19:35 - 2006-11-02 16:27 - 00090574 _____ () C:\Windows\setupact.log
2014-02-02 14:37 - 2014-01-26 17:45 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Skype
2014-01-31 18:15 - 2014-01-28 21:33 - 00000000 ____D () C:\Users\Regina\Desktop\Jobs
2014-01-30 23:35 - 2014-01-24 20:08 - 00000000 ____D () C:\ProgramData\Adobe
2014-01-29 21:59 - 2014-01-28 22:45 - 00000000 ___RD () C:\Users\Regina\Desktop\Projekte
2014-01-29 21:59 - 2014-01-28 21:45 - 00000000 ___RD () C:\Users\Regina\Desktop\Freizeit
2014-01-29 12:25 - 2014-01-29 12:25 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-01-29 00:17 - 2014-01-28 23:04 - 00000000 ___RD () C:\Users\Regina\Desktop\Fotos_Videos_ReginaBerthold_2005-2014
2014-01-28 22:58 - 2014-01-28 22:57 - 00000000 ____D () C:\Users\Regina\Desktop\Uni BA MA
2014-01-28 22:56 - 2014-01-28 22:56 - 00003584 _____ () C:\Users\Regina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-28 22:56 - 2014-01-28 22:56 - 00000000 ____D () C:\Users\Regina\Desktop\Ungeordnete Dateien Regina
2014-01-28 22:53 - 2014-01-28 22:46 - 00000000 ____D () C:\Users\Regina\Desktop\Musik von Regina
2014-01-28 21:34 - 2014-01-28 21:34 - 00000000 ____D () C:\Users\Regina\Desktop\Bewerbung
2014-01-27 10:57 - 2014-01-17 11:10 - 00000000 ___RD () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-26 17:45 - 2014-01-26 17:45 - 00000000 ____D () C:\Users\Regina\AppData\Local\Skype
2014-01-26 17:44 - 2014-01-26 17:44 - 00001892 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-01-26 17:44 - 2014-01-26 17:44 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-01-26 17:44 - 2014-01-26 17:44 - 00000000 ____D () C:\ProgramData\Skype
2014-01-26 17:43 - 2014-01-26 17:42 - 35671200 _____ (Skype Technologies S.A.) C:\Users\Regina\Downloads\SkypeSetupFull.exe
2014-01-26 17:17 - 2014-01-24 20:10 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Adobe
2014-01-26 17:17 - 2014-01-24 20:00 - 00000000 ____D () C:\Users\Regina\AppData\Local\Adobe
2014-01-26 17:13 - 2014-01-26 17:13 - 00000942 _____ () C:\Users\Regina\Desktop\Dropbox.lnk
2014-01-26 17:13 - 2014-01-26 17:11 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\DropboxMaster
2014-01-26 17:11 - 2014-01-26 17:11 - 00000000 ____D () C:\Program Files (x86)\Dropbox
2014-01-26 17:10 - 2014-01-26 17:10 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-26 17:06 - 2014-01-26 17:05 - 37660568 _____ (Dropbox, Inc.) C:\Users\Regina\Downloads\Dropbox 2.6.2.exe
2014-01-26 13:15 - 2014-01-26 13:15 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\0F1F1C2Y1H1P1C0I0T
2014-01-26 13:14 - 2014-01-26 13:13 - 00437118 _____ () C:\Users\Regina\AppData\Local\dd_vcredistMSI4E0F.txt
2014-01-26 13:14 - 2014-01-26 13:13 - 00012072 _____ () C:\Users\Regina\AppData\Local\dd_vcredistUI4E0F.txt
2014-01-26 13:13 - 2006-11-02 14:33 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-01-26 13:11 - 2014-01-26 13:12 - 00608840 _____ () C:\Users\Regina\Downloads\adblock-plus.xpi
2014-01-24 21:49 - 2014-01-24 21:49 - 00000901 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-01-24 21:49 - 2014-01-24 21:49 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-01-24 21:39 - 2014-01-24 21:38 - 24097311 _____ () C:\Users\Regina\Downloads\vlc-2.1.2-win32.exe
2014-01-24 20:10 - 2014-01-24 20:10 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Macromedia
2014-01-24 20:10 - 2014-01-24 20:10 - 00000000 ____D () C:\Users\Regina\AppData\Local\Macromedia
2014-01-24 20:09 - 2014-01-24 20:09 - 00001922 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-01-24 20:09 - 2014-01-24 20:09 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-01-24 20:02 - 2014-01-24 20:02 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-01-24 20:02 - 2014-01-24 20:02 - 00000000 ____D () C:\Windows\system32\Macromed
2014-01-24 01:24 - 2014-01-17 17:43 - 00001829 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-24 01:23 - 2014-01-17 17:42 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-24 01:23 - 2014-01-17 17:42 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-24 01:23 - 2014-01-17 17:42 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-24 01:23 - 2014-01-17 17:42 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-24 01:23 - 2014-01-17 17:42 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-01-24 01:23 - 2014-01-17 17:42 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-01-24 01:23 - 2014-01-17 17:42 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-23 21:02 - 2014-01-23 21:02 - 00001003 _____ () C:\Users\Regina\Documents\MailShield.der
2014-01-23 20:46 - 2014-01-23 20:46 - 00001844 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-01-23 20:46 - 2014-01-23 20:46 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Thunderbird
2014-01-23 20:18 - 2014-01-23 20:17 - 21981704 _____ (Mozilla) C:\Users\Regina\Downloads\Thunderbird Setup 24.2.0.exe
2014-01-23 20:16 - 2014-01-23 20:16 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Mozilla
2014-01-23 20:16 - 2014-01-23 20:16 - 00000000 ____D () C:\Users\Regina\AppData\Local\Mozilla
2014-01-20 16:09 - 2014-01-20 16:09 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\LibreOffice
2014-01-20 15:06 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\rescache
2014-01-20 14:04 - 2014-01-20 14:04 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-01-20 14:01 - 2006-11-02 16:21 - 00290832 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-20 13:58 - 2014-01-20 13:58 - 00000000 ____D () C:\Windows\SysWOW64\spool
2014-01-20 13:58 - 2014-01-20 13:58 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-01-20 13:58 - 2014-01-20 13:58 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2014-01-20 13:58 - 2006-11-02 16:07 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-01-20 13:58 - 2006-11-02 16:07 - 00000000 ____D () C:\Program Files\Windows Journal
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\uk-UA
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\th-TH
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\sr-Latn-CS
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\sl-SI
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\ro-RO
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\lv-LV
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\lt-LT
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\hr-HR
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\he-IL
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\et-EE
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\uk-UA
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\th-TH
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\sl-SI
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\sk-SK
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\ro-RO
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\lv-LV
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\lt-LT
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\hr-HR
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\he-IL
2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\et-EE
2014-01-20 13:58 - 2006-11-02 14:33 - 00000000 ___RD () C:\Windows\Offline Web Pages
2014-01-20 13:58 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\system32\bg-BG
2014-01-20 13:58 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-01-20 13:58 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-01-20 13:58 - 2006-11-02 14:33 - 00000000 ____D () C:\Program Files\Common Files\System
2014-01-20 13:57 - 2014-01-20 13:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_07_00.Wdf
2014-01-20 12:21 - 2014-01-20 12:16 - 00004287 _____ () C:\Windows\IE9_main.log
2014-01-20 12:20 - 2014-01-20 12:20 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-01-20 12:20 - 2014-01-20 12:20 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-01-20 12:20 - 2014-01-20 12:20 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-01-20 12:20 - 2014-01-20 12:20 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-01-20 12:20 - 2014-01-20 12:20 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\advpack.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-01-20 12:20 - 2014-01-20 12:20 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-01-20 12:20 - 2014-01-20 12:20 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-01-20 12:20 - 2014-01-20 12:20 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-01-20 12:20 - 2014-01-20 12:20 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-01-20 12:20 - 2006-11-02 13:16 - 00008798 _____ () C:\Windows\SysWOW64\icrav03.rat
2014-01-20 12:20 - 2006-11-02 13:16 - 00001988 _____ () C:\Windows\SysWOW64\ticrf.rat
2014-01-20 12:20 - 2006-11-02 07:36 - 00008798 _____ () C:\Windows\system32\icrav03.rat
2014-01-20 12:20 - 2006-11-02 07:36 - 00001988 _____ () C:\Windows\system32\ticrf.rat
2014-01-20 12:18 - 2014-01-20 12:18 - 03548672 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 03068416 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 01554432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsservices.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\MFH264Dec.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 01075712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 01032192 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe
2014-01-20 12:18 - 2014-01-20 12:18 - 00979456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFH264Dec.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00847360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00625152 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00586240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00428544 _____ (Microsoft Corporation) C:\Windows\system32\MFHEAACdec.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4src.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2014-01-20 12:18 - 2014-01-20 12:18 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFHEAACdec.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00345088 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00302592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4src.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00258048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2014-01-20 12:18 - 2014-01-20 12:18 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00135680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelineprxy.dll
2014-01-20 12:18 - 2014-01-20 12:18 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-01-20 12:17 - 2014-01-20 12:17 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00449024 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00369664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\dxdiag.exe
2014-01-20 12:17 - 2014-01-20 12:17 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\dxdiagn.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiag.exe
2014-01-20 12:17 - 2014-01-20 12:17 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiagn.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00189440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-01-20 10:15 - 2014-01-17 11:10 - 00062768 _____ () C:\Users\Regina\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-20 10:14 - 2014-01-17 11:09 - 00000915 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk

Some content of TEMP:
====================
C:\Users\Regina\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpy7zz0h.dll
C:\Users\Regina\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-19 11:20

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Hallo Schrauber,
vielen Dank für deine Hilfe bisher. Die Sweet Page ist nun zum Glück beim Öffnen des Firefox nicht mehr da!
Ein Problem ibesteht leider noch:
Beim Öffnen eines neuen leeren Tabs steht folgendes in der Adresszeile oben:
chrome://lightning/content/newtab.html
Da weiß ich absolut nicht was das bedeuten soll.
Ich verwende auc gar kein Chrome.
Gibt es da noch einen Weg das wegzubekommen?
Viele Grüße