Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Virus erstellt voip im Router

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.08.2014, 21:54   #1
Swaley
 
Virus erstellt voip im Router - Standard

Virus erstellt voip im Router



Hallo zusammen,

Wie schon im Titel erwähnt, habe ich das Problem, dass in meinem Router (Vodafone Easybox 803) ein Virus dauernd versucht meinen Router auszulesen.
Es erscheint im Ereignislogbuch ein loop Befehl, weshalb der Router öfters abstürzt. Danach erscheint [VoIP] SIP account 1 register timeout und If(PPPoE2) PPP fail : CHAP authentication failure.
Irgendwann schafft er anscheinend aber den login, weshalb meine Bandbreite von 16000 auf 5000 sinkt. Danach klingelt einmal das Telefon.
Ich selber habe schon versucht den Router auf Werkseinstellung zurückzusetzen und alle Passwörter danach geändert, hat leider bis jetzt nichts gebracht.

Als Anhang habe ich den Addition und GMER log hinzugefügt, da das Thema sonst zu lang wäre.
Ich hoffe sehr, dass mir hier jemand weiterhelfen kann

mfg Swaley


Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014
Ran by Thorben (administrator) on THORBEN-PC on 27-08-2014 19:25:17
Running from C:\Users\Thorben\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\SysWOW64\ASGT.exe
() C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe
() C:\Users\Thorben\Downloads\Core Temp\Core Temp.exe
() C:\Program Files (x86)\ASRock Utility\HDMISwitch\Bin\HDMISwitch.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Spotify Ltd) C:\Users\Thorben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Razer USA Ltd) C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7406392 2012-11-29] (Logitech Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-03] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [6226624 2014-05-03] (FNet Co., Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-07-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Imperator Driver] => C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe [979360 2012-02-09] (Razer USA Ltd)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-761638862-2947245423-882755344-1000\...\Run: [Fatal1tySTU] => [X]
HKU\S-1-5-21-761638862-2947245423-882755344-1000\...\Run: [ASRockHDMISwitch] => [X]
HKU\S-1-5-21-761638862-2947245423-882755344-1000\...\Run: [Spotify Web Helper] => C:\Users\Thorben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-10] (Spotify Ltd)
HKU\S-1-5-21-761638862-2947245423-882755344-1000\...\MountPoints2: {4b9e3eaf-d2cf-11e3-be53-806e6f6e6963} - D:\Setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1C23934DE566CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Thorben\AppData\Roaming\Mozilla\Firefox\Profiles\1dthd3mz.default-1399824096976
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: YouTube Unblocker - C:\Users\Thorben\AppData\Roaming\Mozilla\Firefox\Profiles\1dthd3mz.default-1399824096976\Extensions\youtubeunblocker@unblocker.yt [2014-06-02]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-05-11]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSearchURL: Default -> hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3320324&octid=EB_ORIGINAL_CTID&ISID=M9FEC8BBC-1EBC-407B-80E9-96701BEF61BF&SearchSource=58&CUI=&UM=6&UP=SP09328ECB-F0F2-45D3-9CFD-4122C82E6F2E&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\Thorben\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Thorben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-03]
CHR Extension: (Google Drive) - C:\Users\Thorben\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-03]
CHR Extension: (YouTube) - C:\Users\Thorben\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-03]
CHR Extension: (Google-Suche) - C:\Users\Thorben\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-03]
CHR Extension: (Tampermonkey) - C:\Users\Thorben\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-05-03]
CHR Extension: (CnC TA Script Collection) - C:\Users\Thorben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmhpmdclklpgfcpoiomjofgfagenmgeo [2014-05-03]
CHR Extension: (Google Wallet) - C:\Users\Thorben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-03]
CHR Extension: (Google Mail) - C:\Users\Thorben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-30] (Avira Operations GmbH & Co. KG)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-08-12] (Perfect World Entertainment Inc)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 ASRockIOMon; C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe [454656 2013-05-28] () [File not signed]
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-08-27] (SurfRight B.V.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [182248 2013-03-14] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 nlsvc; C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe [328832 2014-07-09] (Locktime Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-07-25] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2014-05-03] (ASRock Incorporation)
S3 AsrHidFilter; C:\Windows\System32\DRIVERS\AsrHidFilter.sys [20232 2013-09-09] (ASRock Inc.)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [40200 2013-05-09] (ASRock Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-06-18] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2014-05-03] (FNet Co., Ltd.)
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-08-27] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21048 2013-03-14] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21048 2013-03-14] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-03-14] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R2 nldrv; C:\Program Files\Locktime Software\NetLimiter 4\nldrv.sys [107952 2014-07-09] (Locktime Software)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-08-27] ()
R3 ALSysIO; \??\C:\Users\Thorben\AppData\Local\Temp\ALSysIO64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-27 19:25 - 2014-08-27 19:25 - 00018779 _____ () C:\Users\Thorben\Desktop\FRST.txt
2014-08-27 19:25 - 2014-08-27 19:25 - 00000000 ____D () C:\FRST
2014-08-27 19:23 - 2014-08-27 19:23 - 02103296 _____ (Farbar) C:\Users\Thorben\Desktop\FRST64.exe
2014-08-27 18:48 - 2014-08-27 18:48 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-08-26 20:42 - 2014-08-27 18:49 - 00000000 ____D () C:\Windows\CryptoGuard
2014-08-26 20:42 - 2014-08-27 18:37 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2014-08-26 20:42 - 2014-08-27 03:16 - 00548424 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2014-08-26 20:42 - 2014-08-27 03:16 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2014-08-26 20:42 - 2014-08-27 03:16 - 00093144 _____ () C:\Windows\system32\Drivers\hmpalert.sys
2014-08-26 20:42 - 2014-08-26 20:42 - 01889616 _____ (SurfRight B.V.) C:\Users\Thorben\Downloads\hmpalert.exe
2014-08-26 20:42 - 2014-08-26 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2014-08-26 20:42 - 2014-08-26 20:42 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2014-08-26 10:31 - 2014-08-26 10:31 - 629869856 _____ () C:\Windows\MEMORY.DMP
2014-08-26 10:31 - 2014-08-26 10:31 - 00291984 _____ () C:\Windows\Minidump\082614-14289-01.dmp
2014-08-26 10:31 - 2014-08-26 10:31 - 00000000 ____D () C:\Windows\Minidump
2014-08-26 10:29 - 2014-08-26 10:29 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-08-24 19:20 - 2014-08-24 19:20 - 00000000 ____D () C:\Users\Thorben\AppData\Local\Adobe
2014-08-21 19:42 - 2014-08-21 19:42 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-08-21 19:14 - 2014-08-21 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2014-08-21 19:13 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-08-21 19:09 - 2014-08-21 19:09 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-21 19:09 - 2014-08-21 19:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-21 19:09 - 2014-08-21 19:09 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-21 19:09 - 2014-08-21 19:09 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-21 19:09 - 2014-08-21 19:09 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-08-21 19:09 - 2014-08-21 19:09 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-08-21 19:09 - 2014-08-21 19:09 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-08-21 19:09 - 2014-08-21 19:09 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-08-21 19:09 - 2014-08-21 19:09 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-08-21 19:09 - 2014-08-21 19:09 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-08-21 19:09 - 2014-08-21 19:09 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-21 19:07 - 2014-08-21 19:13 - 00012611 _____ () C:\Windows\IE11_main.log
2014-08-21 18:46 - 2014-08-21 18:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-21 18:46 - 2014-07-31 23:41 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-21 18:43 - 2014-08-21 19:42 - 00289976 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-08-21 18:40 - 2010-02-23 10:16 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2014-08-21 18:33 - 2012-07-26 05:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-08-21 18:33 - 2012-07-26 05:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-08-21 18:33 - 2012-07-26 05:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-08-21 18:33 - 2012-07-26 05:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-08-21 18:33 - 2012-07-26 05:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-08-21 18:33 - 2012-07-26 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-08-21 18:33 - 2012-07-26 04:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-08-21 18:33 - 2012-06-02 16:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-08-21 18:21 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-21 18:21 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-21 18:21 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-21 18:21 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-21 18:21 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-21 18:21 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-21 18:20 - 2014-08-21 18:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-21 18:20 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-21 18:20 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-21 18:17 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-08-21 18:17 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-08-21 18:17 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-08-21 18:17 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-08-21 18:17 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-08-21 18:17 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-08-21 18:17 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-08-21 18:17 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-08-21 18:17 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-08-21 18:17 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-08-21 18:17 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-08-21 18:17 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-08-21 18:17 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-08-21 18:17 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-08-21 18:17 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-08-21 18:17 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-08-21 18:17 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-08-21 18:17 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-08-21 18:17 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-08-21 18:17 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-08-21 18:17 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-08-21 18:17 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2014-08-21 18:17 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-08-21 18:17 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-08-21 17:57 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-08-21 17:57 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-08-21 17:57 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 17:57 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-08-21 17:57 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-08-21 17:57 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-08-21 17:57 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-08-21 17:57 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-08-21 17:57 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-08-21 17:57 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-08-21 17:57 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-08-21 17:57 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-08-21 17:57 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-08-21 17:57 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-08-21 17:57 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-08-21 17:57 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-08-21 17:57 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-08-21 17:57 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-08-21 17:57 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-08-21 17:57 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-08-21 17:57 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-08-21 17:57 - 2014-01-01 01:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-21 17:57 - 2014-01-01 01:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-08-21 17:57 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-08-21 17:57 - 2013-11-23 20:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-08-21 17:57 - 2013-11-23 19:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-08-21 17:57 - 2013-10-04 04:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-08-21 17:57 - 2013-10-04 04:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-08-21 17:57 - 2013-10-04 03:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2014-08-21 17:57 - 2013-10-04 03:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2014-08-21 17:57 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-08-21 17:57 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-08-21 17:57 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-08-21 17:57 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-08-21 17:57 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-08-21 17:57 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2014-08-21 17:57 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2014-08-21 17:57 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2014-08-21 17:57 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-08-21 17:57 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-08-21 17:57 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-08-21 17:57 - 2013-04-26 01:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-08-21 17:57 - 2013-04-01 00:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-08-21 17:57 - 2012-01-04 12:44 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2014-08-21 17:57 - 2012-01-04 10:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2014-08-21 17:57 - 2011-12-30 08:26 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2014-08-21 17:57 - 2011-12-30 07:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2014-08-21 17:57 - 2011-07-09 04:46 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-08-21 17:57 - 2011-05-04 07:25 - 02315776 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2014-08-21 17:57 - 2011-05-04 07:22 - 02223616 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2014-08-21 17:57 - 2011-05-04 07:22 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2014-08-21 17:57 - 2011-05-04 07:22 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2014-08-21 17:57 - 2011-05-04 07:22 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2014-08-21 17:57 - 2011-05-04 07:22 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2014-08-21 17:57 - 2011-05-04 07:19 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2014-08-21 17:57 - 2011-05-04 07:19 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2014-08-21 17:57 - 2011-05-04 07:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2014-08-21 17:57 - 2011-05-04 06:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2014-08-21 17:57 - 2011-05-04 06:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2014-08-21 17:57 - 2011-05-04 06:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2014-08-21 17:57 - 2011-05-04 06:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2014-08-21 17:57 - 2011-05-04 06:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2014-08-21 17:57 - 2011-05-04 06:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2014-08-21 17:57 - 2011-05-04 06:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2014-08-21 17:57 - 2011-05-04 06:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2014-08-21 17:57 - 2011-05-04 06:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2014-08-21 17:57 - 2011-04-27 04:40 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-08-21 17:57 - 2011-04-27 04:39 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-08-21 17:57 - 2011-03-11 08:34 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2014-08-21 17:57 - 2011-03-11 08:34 - 01359872 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2014-08-21 17:57 - 2011-03-11 07:33 - 01164288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2014-08-21 17:57 - 2011-03-11 07:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2014-08-21 17:57 - 2010-12-23 12:42 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2014-08-21 17:57 - 2010-12-23 12:42 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2014-08-21 17:57 - 2010-12-23 12:36 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2014-08-21 17:57 - 2010-12-23 07:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2014-08-21 17:57 - 2010-12-23 07:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2014-08-21 17:57 - 2010-12-23 07:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2014-08-21 17:56 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-21 17:56 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-21 17:56 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-21 17:56 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-21 17:56 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-21 17:56 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-21 17:56 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-21 17:56 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-21 17:56 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-21 17:56 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-21 17:56 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-08-21 17:56 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-08-21 17:56 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-08-21 17:56 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-08-21 17:56 - 2013-12-25 00:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-08-21 17:56 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-08-21 17:56 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-08-21 17:56 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-08-21 17:56 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-08-21 17:56 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-08-21 17:56 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-08-21 17:56 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-08-21 17:56 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-08-21 17:56 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-08-21 17:56 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-08-21 17:56 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-08-21 17:56 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-08-21 17:56 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-08-21 17:56 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2014-08-21 17:56 - 2012-11-02 07:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2014-08-21 17:56 - 2012-11-02 07:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2014-08-21 17:56 - 2012-10-03 19:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2014-08-21 17:56 - 2012-10-03 19:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2014-08-21 17:56 - 2012-10-03 19:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2014-08-21 17:56 - 2012-10-03 19:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2014-08-21 17:56 - 2012-10-03 19:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2014-08-21 17:56 - 2012-10-03 19:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-08-21 17:56 - 2012-10-03 18:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2014-08-21 17:56 - 2012-10-03 18:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2014-08-21 17:56 - 2012-10-03 18:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2014-08-21 17:56 - 2012-10-03 18:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-08-21 17:56 - 2012-05-01 07:40 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-08-21 17:56 - 2012-03-17 09:58 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2014-08-21 17:56 - 2012-01-13 09:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2014-08-21 17:56 - 2011-08-17 07:26 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2014-08-21 17:56 - 2011-08-17 07:25 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2014-08-21 17:56 - 2011-08-17 06:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2014-08-21 17:56 - 2011-08-17 06:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2014-08-21 17:56 - 2011-03-03 08:24 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-08-21 17:56 - 2011-03-03 08:24 - 00183296 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-08-21 17:56 - 2011-03-03 08:21 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2014-08-21 17:56 - 2011-03-03 07:38 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2014-08-21 17:56 - 2011-03-03 07:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2014-08-21 17:55 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-21 17:55 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-21 17:55 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-08-21 17:55 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-08-21 17:55 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-08-21 17:55 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-08-21 17:55 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-08-21 17:55 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-08-21 17:55 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-08-21 17:55 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-08-21 17:55 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-08-21 17:55 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-08-21 17:55 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-08-21 17:55 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-08-21 17:55 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-08-21 17:55 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-08-21 17:55 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-08-21 17:55 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-08-21 17:55 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-08-21 17:55 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-08-21 17:55 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-08-21 17:55 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-08-21 17:55 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-08-21 17:55 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-08-21 17:55 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-08-21 17:55 - 2013-10-03 04:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-21 17:55 - 2013-10-03 04:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-21 17:55 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-08-21 17:55 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-08-21 17:55 - 2013-07-04 14:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-08-21 17:55 - 2013-05-10 07:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-08-21 17:55 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2014-08-21 17:55 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-08-21 17:55 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2014-08-21 17:55 - 2012-09-26 00:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2014-08-21 17:55 - 2012-09-26 00:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2014-08-21 17:55 - 2011-03-11 08:41 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2014-08-21 17:55 - 2011-03-11 08:41 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2014-08-21 17:55 - 2011-03-11 08:41 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2014-08-21 17:55 - 2011-03-11 08:41 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2014-08-21 17:55 - 2011-03-11 08:41 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2014-08-21 17:55 - 2011-03-11 08:33 - 02565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2014-08-21 17:55 - 2011-03-11 08:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2014-08-21 17:55 - 2011-03-11 07:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2014-08-21 17:55 - 2011-03-11 07:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2014-08-21 17:55 - 2011-03-11 06:37 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-08-21 17:55 - 2011-02-05 19:10 - 00642944 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-08-21 17:55 - 2011-02-05 19:10 - 00020352 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll
2014-08-21 17:55 - 2011-02-05 19:10 - 00019328 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll
2014-08-21 17:55 - 2011-02-05 19:10 - 00017792 _____ (Microsoft Corporation) C:\Windows\system32\kdcom.dll
2014-08-21 17:55 - 2011-02-05 19:06 - 00605552 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-08-21 17:55 - 2011-02-05 19:06 - 00566208 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-08-21 17:55 - 2011-02-05 19:06 - 00518672 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-08-21 17:54 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-08-21 17:54 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-08-21 17:53 - 2014-07-02 19:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-08-21 17:51 - 2014-07-02 22:48 - 24196896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 13922752 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 12866008 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-08-21 17:51 - 2014-07-02 22:48 - 11283344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 00944928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 00907096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 00903624 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 00869152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 00846832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 00502232 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 00391640 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 00348120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-08-21 17:50 - 2014-07-02 22:48 - 22994208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-08-21 17:50 - 2014-07-02 22:48 - 17555104 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-08-21 17:50 - 2014-07-02 22:48 - 15294296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-08-21 17:50 - 2014-07-02 22:48 - 13835208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-08-21 17:50 - 2014-07-02 22:48 - 11222048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-08-21 17:50 - 2014-07-02 22:48 - 04247000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-08-21 17:50 - 2014-07-02 22:48 - 03989960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-08-21 17:50 - 2014-07-02 22:48 - 01890080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434052.dll
2014-08-21 17:50 - 2014-07-02 22:48 - 01539928 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434052.dll
2014-08-21 17:50 - 2014-07-02 22:48 - 00418760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-08-21 17:46 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-08-21 17:46 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-08-21 17:46 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-08-21 17:46 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-08-21 17:46 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-08-21 17:46 - 2012-11-23 05:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-08-21 17:45 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-08-21 17:45 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-08-21 17:45 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-08-21 17:45 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-08-21 17:45 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-08-21 17:45 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-08-21 17:45 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-08-21 17:45 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-08-21 17:45 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-08-21 17:45 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-08-21 17:45 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-08-21 17:45 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-08-21 17:45 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-08-21 17:42 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-08-21 17:42 - 2013-10-12 04:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-08-21 17:42 - 2013-10-12 04:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-08-21 17:42 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-08-21 17:42 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-08-21 17:42 - 2013-10-12 03:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-08-21 17:42 - 2013-10-12 03:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-08-21 17:42 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-08-21 17:42 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-08-21 17:42 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2014-08-21 17:42 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-08-21 17:42 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2014-08-21 17:42 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2014-08-21 17:42 - 2012-05-05 10:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-08-21 17:42 - 2012-05-05 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-08-21 17:41 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-21 17:41 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-21 17:41 - 2012-06-06 08:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2014-08-21 17:41 - 2012-06-06 07:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2014-08-21 17:41 - 2012-05-14 07:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-08-21 17:41 - 2012-02-17 08:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-08-21 17:41 - 2012-02-17 07:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2014-08-21 17:41 - 2012-02-17 06:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-08-21 17:41 - 2011-10-15 08:31 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2014-08-21 17:41 - 2011-10-15 07:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2014-08-21 17:41 - 2011-08-27 07:37 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-08-21 17:41 - 2011-08-27 07:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2014-08-21 17:41 - 2011-08-27 06:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-08-21 17:41 - 2011-08-27 06:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2014-08-21 17:41 - 2011-02-23 06:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2014-08-21 17:40 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-21 17:40 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-21 17:40 - 2013-10-12 04:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-08-21 17:40 - 2013-10-12 04:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-08-21 17:40 - 2013-10-12 04:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-08-21 17:40 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-08-21 17:40 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-08-19 15:34 - 2014-08-21 19:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-08-19 15:34 - 2014-08-19 15:34 - 00000000 ____D () C:\Windows\PCHEALTH
2014-08-19 15:34 - 2014-08-19 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-08-19 15:32 - 2014-08-21 19:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-19 15:32 - 2014-08-19 15:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-08-19 15:32 - 2014-08-19 15:32 - 00000000 ____D () C:\Users\Thorben\AppData\Local\Microsoft Help
2014-08-19 15:32 - 2014-08-19 15:32 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-08-19 15:31 - 2014-08-19 15:31 - 00000000 __RHD () C:\MSOCache
2014-08-14 16:28 - 2014-08-14 16:28 - 00000000 ____D () C:\Users\Thorben\AppData\Local\Chromium
2014-08-14 16:20 - 2014-08-14 17:50 - 00000000 ____D () C:\Users\Thorben\AppData\Roaming\Might & Magic Heroes VI
2014-08-14 16:20 - 2014-08-14 16:48 - 00000000 ____D () C:\Users\Thorben\Documents\Might & Magic Heroes VI
2014-08-14 16:19 - 2014-08-25 04:36 - 00035140 _____ () C:\Windows\DirectX.log
2014-08-14 02:17 - 2014-08-27 18:48 - 00011014 _____ () C:\Windows\setupact.log
2014-08-14 02:17 - 2014-08-14 02:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-14 02:16 - 2014-08-27 18:48 - 00015920 _____ () C:\Windows\PFRO.log
2014-08-14 02:11 - 2014-08-14 02:11 - 00159744 _____ () C:\Windows\winhlq32.exe
2014-08-14 02:11 - 2014-08-14 02:11 - 00003612 _____ () C:\Windows\System32\Tasks\AnwendungserfahrungFunctionauf
2014-08-14 02:05 - 2014-08-27 18:47 - 00000000 ____D () C:\AdwCleaner
2014-08-14 02:05 - 2014-08-14 02:05 - 01356107 _____ () C:\Users\Thorben\Downloads\adwcleaner_3.305.exe
2014-08-14 02:05 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-13 03:48 - 2014-08-13 03:50 - 00000000 ___HD () C:\ArcTemp
2014-08-13 03:47 - 2014-08-13 03:48 - 00000000 ____D () C:\Users\Thorben\AppData\Roaming\Arc
2014-08-13 03:45 - 2014-08-13 03:50 - 00000000 ____D () C:\Program Files (x86)\Perfect World Entertainment
2014-08-13 03:45 - 2014-08-13 03:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2014-08-06 21:45 - 2014-08-06 21:45 - 00000000 ____D () C:\Users\Thorben\Documents\SimCity
2014-08-01 16:07 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 16:07 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 16:07 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 16:07 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 16:07 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 16:07 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 16:07 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 16:07 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 16:07 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 16:07 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 16:07 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 16:07 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 16:07 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 16:07 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-27 19:25 - 2014-08-27 19:25 - 00018779 _____ () C:\Users\Thorben\Desktop\FRST.txt
2014-08-27 19:25 - 2014-08-27 19:25 - 00000000 ____D () C:\FRST
2014-08-27 19:23 - 2014-08-27 19:23 - 02103296 _____ (Farbar) C:\Users\Thorben\Desktop\FRST64.exe
2014-08-27 19:22 - 2014-05-18 14:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-27 18:56 - 2009-07-14 06:45 - 00031280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-27 18:56 - 2009-07-14 06:45 - 00031280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-27 18:55 - 2010-11-21 08:50 - 00700454 _____ () C:\Windows\system32\perfh007.dat
2014-08-27 18:55 - 2010-11-21 08:50 - 00150092 _____ () C:\Windows\system32\perfc007.dat
2014-08-27 18:55 - 2009-07-14 07:13 - 01624034 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-27 18:52 - 2014-05-05 18:22 - 01206761 _____ () C:\Windows\WindowsUpdate.log
2014-08-27 18:51 - 2014-05-03 18:27 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-27 18:49 - 2014-08-26 20:42 - 00000000 ____D () C:\Windows\CryptoGuard
2014-08-27 18:49 - 2014-06-23 13:28 - 00002988 _____ () C:\Windows\System32\Tasks\HDMISwitch
2014-08-27 18:48 - 2014-08-27 18:48 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-08-27 18:48 - 2014-08-14 02:17 - 00011014 _____ () C:\Windows\setupact.log
2014-08-27 18:48 - 2014-08-14 02:16 - 00015920 _____ () C:\Windows\PFRO.log
2014-08-27 18:48 - 2014-05-03 18:27 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-27 18:48 - 2014-05-03 17:11 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-27 18:48 - 2014-05-03 16:58 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-08-27 18:48 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-27 18:47 - 2014-08-14 02:05 - 00000000 ____D () C:\AdwCleaner
2014-08-27 18:37 - 2014-08-26 20:42 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2014-08-27 05:44 - 2014-05-03 17:40 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-27 03:26 - 2014-05-03 18:57 - 00000000 ____D () C:\Users\Thorben\AppData\Local\Battle.net
2014-08-27 03:16 - 2014-08-26 20:42 - 00548424 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2014-08-27 03:16 - 2014-08-26 20:42 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2014-08-27 03:16 - 2014-08-26 20:42 - 00093144 _____ () C:\Windows\system32\Drivers\hmpalert.sys
2014-08-26 20:42 - 2014-08-26 20:42 - 01889616 _____ (SurfRight B.V.) C:\Users\Thorben\Downloads\hmpalert.exe
2014-08-26 20:42 - 2014-08-26 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2014-08-26 20:42 - 2014-08-26 20:42 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2014-08-26 10:31 - 2014-08-26 10:31 - 629869856 _____ () C:\Windows\MEMORY.DMP
2014-08-26 10:31 - 2014-08-26 10:31 - 00291984 _____ () C:\Windows\Minidump\082614-14289-01.dmp
2014-08-26 10:31 - 2014-08-26 10:31 - 00000000 ____D () C:\Windows\Minidump
2014-08-26 10:29 - 2014-08-26 10:29 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-08-26 04:22 - 2014-05-03 18:39 - 00000000 ____D () C:\Users\Thorben\AppData\Roaming\TS3Client
2014-08-25 15:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-25 05:28 - 2014-05-05 06:42 - 00000000 ____D () C:\Users\Thorben\Documents\my games
2014-08-25 04:36 - 2014-08-14 16:19 - 00035140 _____ () C:\Windows\DirectX.log
2014-08-24 19:20 - 2014-08-24 19:20 - 00000000 ____D () C:\Users\Thorben\AppData\Local\Adobe
2014-08-23 03:52 - 2014-05-03 22:41 - 00000000 ____D () C:\Users\Thorben\AppData\Local\CrashDumps
2014-08-22 23:08 - 2014-05-03 18:59 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-08-22 02:15 - 2014-05-03 18:57 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-08-21 20:36 - 2014-05-03 16:46 - 00070000 _____ () C:\Users\Thorben\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-21 20:35 - 2009-07-14 06:45 - 00314016 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-21 19:42 - 2014-08-21 19:42 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-08-21 19:42 - 2014-08-21 18:43 - 00289976 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-08-21 19:41 - 2014-08-19 15:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-21 19:40 - 2014-08-19 15:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-08-21 19:21 - 2014-05-03 16:36 - 00001305 _____ () C:\Users\Thorben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-21 19:18 - 2014-05-03 17:28 - 00000000 ____D () C:\Windows\Panther
2014-08-21 19:16 - 2010-11-21 09:01 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-21 19:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-08-21 19:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-08-21 19:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-21 19:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-08-21 19:14 - 2014-08-21 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2014-08-21 19:13 - 2014-08-21 19:07 - 00012611 _____ () C:\Windows\IE11_main.log
2014-08-21 19:09 - 2014-08-21 19:09 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-21 19:09 - 2014-08-21 19:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-21 19:09 - 2014-08-21 19:09 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-21 19:09 - 2014-08-21 19:09 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-21 19:09 - 2014-08-21 19:09 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-08-21 19:09 - 2014-08-21 19:09 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-08-21 19:09 - 2014-08-21 19:09 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-08-21 19:09 - 2014-08-21 19:09 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-08-21 19:09 - 2014-08-21 19:09 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-08-21 19:09 - 2014-08-21 19:09 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-08-21 19:09 - 2014-08-21 19:09 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-21 18:48 - 2014-08-21 18:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-21 18:40 - 2014-05-03 16:46 - 01597378 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-08-21 18:20 - 2014-08-21 18:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-21 17:54 - 2014-05-03 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-08-21 17:53 - 2014-05-03 17:11 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-08-21 17:52 - 2014-05-03 17:06 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-08-19 15:34 - 2014-08-19 15:34 - 00000000 ____D () C:\Windows\PCHEALTH
2014-08-19 15:34 - 2014-08-19 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-08-19 15:34 - 2014-08-19 15:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-08-19 15:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-19 15:32 - 2014-08-19 15:32 - 00000000 ____D () C:\Users\Thorben\AppData\Local\Microsoft Help
2014-08-19 15:32 - 2014-08-19 15:32 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-08-19 15:32 - 2010-11-21 09:00 - 00000000 ____D () C:\Windows\ShellNew
2014-08-19 15:31 - 2014-08-19 15:31 - 00000000 __RHD () C:\MSOCache
2014-08-18 19:32 - 2014-05-03 20:41 - 00000000 ____D () C:\ProgramData\Origin
2014-08-18 19:23 - 2014-05-03 20:41 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-08-14 17:50 - 2014-08-14 16:20 - 00000000 ____D () C:\Users\Thorben\AppData\Roaming\Might & Magic Heroes VI
2014-08-14 16:48 - 2014-08-14 16:20 - 00000000 ____D () C:\Users\Thorben\Documents\Might & Magic Heroes VI
2014-08-14 16:28 - 2014-08-14 16:28 - 00000000 ____D () C:\Users\Thorben\AppData\Local\Chromium
2014-08-14 02:17 - 2014-08-14 02:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-14 02:12 - 2014-05-03 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-14 02:12 - 2014-05-03 18:37 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-14 02:11 - 2014-08-14 02:11 - 00159744 _____ () C:\Windows\winhlq32.exe
2014-08-14 02:11 - 2014-08-14 02:11 - 00003612 _____ () C:\Windows\System32\Tasks\AnwendungserfahrungFunctionauf
2014-08-14 02:07 - 2014-05-03 18:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-14 02:07 - 2014-05-03 17:37 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-14 02:05 - 2014-08-14 02:05 - 01356107 _____ () C:\Users\Thorben\Downloads\adwcleaner_3.305.exe
2014-08-13 19:24 - 2014-05-18 14:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-13 19:24 - 2014-05-03 19:14 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-13 19:24 - 2014-05-03 19:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-13 03:50 - 2014-08-13 03:48 - 00000000 ___HD () C:\ArcTemp
2014-08-13 03:50 - 2014-08-13 03:45 - 00000000 ____D () C:\Program Files (x86)\Perfect World Entertainment
2014-08-13 03:48 - 2014-08-13 03:47 - 00000000 ____D () C:\Users\Thorben\AppData\Roaming\Arc
2014-08-13 03:45 - 2014-08-13 03:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2014-08-13 03:45 - 2014-05-03 16:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-07 04:06 - 2014-08-21 17:40 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-21 17:40 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 21:45 - 2014-08-06 21:45 - 00000000 ____D () C:\Users\Thorben\Documents\SimCity
2014-08-02 08:20 - 2014-05-03 18:52 - 00000000 ____D () C:\Users\Thorben\AppData\Roaming\Spotify
2014-08-02 03:39 - 2014-05-03 18:52 - 00000000 ____D () C:\Users\Thorben\AppData\Local\Spotify
2014-07-31 23:41 - 2014-08-21 18:46 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-30 13:28 - 2014-05-03 22:41 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-30 13:28 - 2014-05-03 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-30 13:28 - 2014-05-03 19:12 - 00000000 ____D () C:\ProgramData\Avira
2014-07-30 13:28 - 2014-05-03 19:12 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-28 01:05 - 2014-07-25 18:27 - 00297088 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-07-28 01:05 - 2014-07-25 17:42 - 00297088 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr

Some content of TEMP:
====================
C:\Users\Thorben\AppData\Local\Temp\avgnt.exe
C:\Users\Thorben\AppData\Local\Temp\hmpalert_update.exe
C:\Users\Thorben\AppData\Local\Temp\nsg3230.exe
C:\Users\Thorben\AppData\Local\Temp\nsg35D9.exe
C:\Users\Thorben\AppData\Local\Temp\nsgF21.exe
C:\Users\Thorben\AppData\Local\Temp\nsm39A2.exe
C:\Users\Thorben\AppData\Local\Temp\nsmC34.exe
C:\Users\Thorben\AppData\Local\Temp\nsw128C.exe
C:\Users\Thorben\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Thorben\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Thorben\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Thorben\AppData\Local\Temp\nvStInst.exe
C:\Users\Thorben\AppData\Local\Temp\ose00000.exe
C:\Users\Thorben\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-18 16:43

==================== End Of Log ============================
         
Code:
ATTFilter
Von Antivir
Beginne mit der Suche in 'C:\'
C:\AdwCleaner\Quarantine\C\Users\Thorben\AppData\Local\Temp\Security Systems\Setup.exe.vir
  [FUND]      Enthält Erkennungsmuster der Adware ADWARE/AgentCV.A.6984
C:\Users\Thorben\AppData\Local\Temp\aot3vwh4.d4c\prot.exe
    [0] Archivtyp: ZIP SFX (self extracting)
    --> Setup.exe
        [FUND]      Enthält Erkennungsmuster der Adware ADWARE/AgentCV.A.6984
        [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
         

Alt 28.08.2014, 07:36   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Virus erstellt voip im Router - Standard

Virus erstellt voip im Router



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 28.08.2014, 08:11   #3
Swaley
 
Virus erstellt voip im Router - Standard

Virus erstellt voip im Router



Addition log:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-08-2014
Ran by Thorben at 2014-08-27 19:26:18
Running from C:\Users\Thorben\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
ASRock HDMI Switch v1.0.25 (HKLM-x32\...\ASRock HDMI Switch_is1) (Version: 1.0.25 - )
ASRock Key Master v1.0.7 (HKLM-x32\...\ASRock Key Master_is1) (Version: 1.0.7 - )
ASRock XFast RAM v3.0.2 (HKLM\...\ASRock XFast RAM_is1) (Version:  - ASRock Inc.)
Assassin's Creed(R) III v1.06 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.06 - Ubisoft)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.2.6.0 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.2.6.0 - ASUSTek COMPUTER INC.) Hidden
Avira (HKLM-x32\...\{df495620-2ba9-412d-828d-b27f020d9fc8}) (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Copy (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
DJ_AIO_06_F2400_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
F2400 (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
FIFA 13 (HKLM-x32\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.8.0.0 - Electronic Arts)
F-Stream Tuning v2.0.48 (HKLM-x32\...\F-Stream Tuning_is1) (Version: 2.0.48 - )
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{819CA3BC-2FF8-4811-B42F-421F7BFD3559}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel(R) Network Connections 18.5.54.0 (Version: 18.5.54.0 - Intel) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel(R) Smart Connect Technology 4.1 x64 (HKLM\...\{1EF24D7D-7B14-4EBA-A686-9E91C9C6763D}) (Version: 4.1.40.2143 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java SE Development Kit 7 Update 55 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170550}) (Version: 1.7.0.550 - Oracle)
Logitech Gaming Software (Version: 8.40.83 - Logitech Inc.) Hidden
Logitech Gaming Software 8.40 (HKLM\...\Logitech Gaming Software) (Version: 8.40.83 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Might & Magic: Heroes VI (HKLM-x32\...\Steam App 48220) (Version:  - Blackhole)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
NetLimiter 4 (HKLM-x32\...\NetLimiter 4 4.0.7.0) (Version: 4.0.7.0 - Locktime Software)
NetLimiter 4 (Version: 4.0.7.0 - Locktime Software) Hidden
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.49.6 - Black Tree Gaming)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Razer Imperator (HKLM-x32\...\{C05905B9-775A-4894-A4DF-B57C15250958}) (Version: 2.02.00 - Razer USA Ltd.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 4.4 - Ubisoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
XFastUSB (HKLM-x32\...\XFastUSB) (Version: 3.02.38 - ASRock Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

19-08-2014 13:31:48 Installed Microsoft Office Home and Student 2007
21-08-2014 16:20:03 Windows Update
21-08-2014 17:39:21 Windows Update
25-08-2014 02:35:20 DirectX wurde installiert

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {090A4A7B-CB54-48E9-8C62-5566E8EB6D91} - System32\Tasks\Core Temp Autostart Thorben => C:\Users\Thorben\Downloads\Core Temp\Core Temp.exe [2013-10-08] ()
Task: {27360412-EFDD-4111-875F-A9ABBF47C2E0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {57FFBE51-4830-46A2-99C9-64DE9E649FA4} - System32\Tasks\HDMISwitch => C:\Program Files (x86)\ASRock Utility\HDMISwitch\Bin\HDMISwitch.exe [2013-09-04] ()
Task: {7744B267-AEBB-4F2F-B7B2-FE663ADC2D79} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-03] (Google Inc.)
Task: {B5452820-E4C1-42EE-83C1-5FE275709A85} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-13] (Adobe Systems Incorporated)
Task: {B6ED7BCE-BA67-4532-A23C-496D4FDE9E2C} - System32\Tasks\AnwendungserfahrungFunctionauf => C:\Windows\winhlq32.exe [2014-08-14] ()
Task: {CCB0B958-38C6-4EE4-8001-6A86C5EC5915} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-03] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-01-17 11:24 - 2012-01-17 11:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2014-05-03 17:02 - 2013-05-28 17:58 - 00454656 _____ () C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe
2013-03-14 14:42 - 2013-03-14 14:42 - 00182248 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-03-14 14:42 - 2013-03-14 14:42 - 00059880 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2014-05-03 17:11 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-03 17:54 - 2013-10-08 13:23 - 00890016 _____ () C:\Users\Thorben\Downloads\Core Temp\Core Temp.exe
2014-05-03 17:02 - 2013-09-04 17:26 - 02217224 _____ () C:\Program Files (x86)\ASRock Utility\HDMISwitch\Bin\HDMISwitch.exe
2014-07-25 18:27 - 2014-07-25 18:27 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-07-30 13:28 - 2014-07-14 16:49 - 00049744 _____ () C:\Users\Thorben\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-07-23 18:23 - 2014-07-23 18:23 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-03 16:49 - 2013-09-03 16:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-08-13 19:24 - 2014-08-13 19:24 - 17048240 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/27/2014 06:50:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2014 06:49:48 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
   bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bei System.ComponentModel.Composition.Primitives.Export.get_Value()
   bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/27/2014 06:49:37 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
   bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bei System.ComponentModel.Composition.Primitives.Export.get_Value()
   bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/27/2014 06:49:03 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
   bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bei System.ComponentModel.Composition.Primitives.Export.get_Value()
   bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/27/2014 06:38:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2014 06:38:11 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
   bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bei System.ComponentModel.Composition.Primitives.Export.get_Value()
   bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/27/2014 06:38:01 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
   bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bei System.ComponentModel.Composition.Primitives.Export.get_Value()
   bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/27/2014 06:37:47 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
   bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bei System.ComponentModel.Composition.Primitives.Export.get_Value()
   bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/27/2014 03:14:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2014 03:13:53 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
   bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bei System.ComponentModel.Composition.Primitives.Export.get_Value()
   bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()


System errors:
=============
Error: (08/27/2014 06:49:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (08/27/2014 06:49:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/27/2014 06:49:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/27/2014 06:38:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (08/27/2014 06:38:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/27/2014 06:37:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/27/2014 03:13:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (08/27/2014 03:13:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/27/2014 03:13:32 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/26/2014 10:33:15 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-08-27 19:24:16.387
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-27 18:48:32.640
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-27 18:47:05.072
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-27 18:37:11.059
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-27 03:27:01.459
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-27 03:12:43.967
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 25%
Total physical RAM: 8111.26 MB
Available physical RAM: 6045.33 MB
Total Pagefile: 16220.7 MB
Available Pagefile: 13770.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:674.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 674E474E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Und der GMER log:

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-27 19:51:54
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000065 ST1000DM rev.CC47 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Thorben\AppData\Local\Temp\kwdirfob.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[900] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                        00000000771cfac0 5 bytes JMP 0000000174a78cf0
.text  C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[900] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                            00000000771cfb58 5 bytes JMP 0000000174a78ea0
.text  C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[900] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                         00000000771d0038 5 bytes JMP 0000000174a78d80
.text  C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                      0000000077181465 2 bytes [18, 77]
.text  C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                     00000000771814bb 2 bytes [18, 77]
.text  ...                                                                                                                                                                   * 2
.text  C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                             0000000077021430 5 bytes JMP 0000000077180010
.text  C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                 0000000077021490 5 bytes JMP 0000000077180028
.text  C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                              00000000770217b0 1 byte JMP 0000000077180040
.text  C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                          00000000770217b2 3 bytes {JMP 0x15e890}
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                       00000000771cfac0 5 bytes JMP 0000000174a78cf0
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                           00000000771cfb58 5 bytes JMP 0000000174a78ea0
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                        00000000771d0038 5 bytes JMP 0000000174a78d80
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                            0000000077021430 5 bytes JMP 0000000077180010
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                0000000077021490 5 bytes JMP 0000000077180028
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                             00000000770217b0 1 byte JMP 0000000077180040
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                         00000000770217b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                            0000000077021430 5 bytes JMP 0000000077180010
.text  C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                0000000077021490 5 bytes JMP 0000000077180028
.text  C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                             00000000770217b0 1 byte JMP 0000000077180040
.text  C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                         00000000770217b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                           0000000077021430 5 bytes JMP 0000000077180010
.text  C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                               0000000077021490 5 bytes JMP 0000000077180028
.text  C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                            00000000770217b0 1 byte JMP 0000000077180040
.text  C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                        00000000770217b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                           0000000077021430 5 bytes JMP 0000000077180010
.text  C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                               0000000077021490 5 bytes JMP 0000000077180028
.text  C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                            00000000770217b0 1 byte JMP 0000000077180040
.text  C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                        00000000770217b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                           0000000077021430 5 bytes JMP 0000000077180010
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                               0000000077021490 5 bytes JMP 0000000077180028
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                            00000000770217b0 1 byte JMP 0000000077180040
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                        00000000770217b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                           0000000077021430 5 bytes JMP 0000000077180010
.text  C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                               0000000077021490 5 bytes JMP 0000000077180028
.text  C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                            00000000770217b0 1 byte JMP 0000000077180040
.text  C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                        00000000770217b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                           0000000077021430 5 bytes JMP 0000000077180010
.text  C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                               0000000077021490 5 bytes JMP 0000000077180028
.text  C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                            00000000770217b0 1 byte JMP 0000000077180040
.text  C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                        00000000770217b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                           0000000077021430 5 bytes JMP 0000000077180010
.text  C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                               0000000077021490 5 bytes JMP 0000000077180028
.text  C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                            00000000770217b0 1 byte JMP 0000000077180040
.text  C:\Windows\system32\svchost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                        00000000770217b2 3 bytes {JMP 0x15e890}
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1724] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                              00000000771cfac0 5 bytes JMP 0000000174a78cf0
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1724] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                  00000000771cfb58 5 bytes JMP 0000000174a78ea0
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1724] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                               00000000771d0038 5 bytes JMP 0000000174a78d80
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1760] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                  00000000771cfac0 5 bytes JMP 0000000174a78cf0
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1760] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                      00000000771cfb58 5 bytes JMP 0000000174a78ea0
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1760] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                   00000000771d0038 5 bytes JMP 0000000174a78d80
.text  C:\Windows\SysWOW64\ASGT.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                              00000000771cfac0 5 bytes JMP 0000000174a78cf0
.text  C:\Windows\SysWOW64\ASGT.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                                  00000000771cfb58 5 bytes JMP 0000000174a78ea0
.text  C:\Windows\SysWOW64\ASGT.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                               00000000771d0038 5 bytes JMP 0000000174a78d80
.text  C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe[1820] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                              00000000771cfac0 5 bytes JMP 0000000174a78cf0
.text  C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe[1820] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                  00000000771cfb58 5 bytes JMP 0000000174a78ea0
.text  C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe[1820] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                               00000000771d0038 5 bytes JMP 0000000174a78d80
.text  C:\Windows\SysWOW64\svchost.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                           00000000771cfac0 5 bytes JMP 0000000174a78cf0
.text  C:\Windows\SysWOW64\svchost.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                               00000000771cfb58 5 bytes JMP 0000000174a78ea0
.text  C:\Windows\SysWOW64\svchost.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                            00000000771d0038 5 bytes JMP 0000000174a78d80
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                         0000000077021430 5 bytes JMP 0000000077180010
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                             0000000077021490 5 bytes JMP 0000000077180028
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                          00000000770217b0 1 byte JMP 0000000077180040
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                      00000000770217b2 3 bytes {JMP 0x15e890}
.text  C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                               0000000077021430 5 bytes JMP 0000000077180010
.text  C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                   0000000077021490 5 bytes JMP 0000000077180028
.text  C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                00000000770217b0 1 byte JMP 0000000077180040
.text  C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                            00000000770217b2 3 bytes {JMP 0x15e890}
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                   0000000077021430 5 bytes JMP 0000000077180010
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                       0000000077021490 5 bytes JMP 0000000077180028
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                    00000000770217b0 1 byte JMP 0000000077180040
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                00000000770217b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\system32\nvvsvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                            0000000077021430 5 bytes JMP 0000000077180010
.text  C:\Windows\system32\nvvsvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                0000000077021490 5 bytes JMP 0000000077180028
.text  C:\Windows\system32\nvvsvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                             00000000770217b0 1 byte JMP 0000000077180040
.text  C:\Windows\system32\nvvsvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                         00000000770217b2 3 bytes {JMP 0x15e890}
.text  C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                 0000000077021430 5 bytes JMP 0000000077180010
.text  C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                     0000000077021490 5 bytes JMP 0000000077180028
.text  C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                  00000000770217b0 1 byte JMP 0000000077180040
.text  C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                              00000000770217b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\system32\taskhost.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                          0000000077021430 5 bytes JMP 0000000077180010
.text  C:\Windows\system32\taskhost.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                              0000000077021490 5 bytes JMP 0000000077180028
.text  C:\Windows\system32\taskhost.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                           00000000770217b0 1 byte JMP 0000000077180040
.text  C:\Windows\system32\taskhost.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                       00000000770217b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\system32\Dwm.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                               0000000077021430 5 bytes JMP 0000000077180010
.text  C:\Windows\system32\Dwm.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                   0000000077021490 5 bytes JMP 0000000077180028
.text  C:\Windows\system32\Dwm.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                00000000770217b0 1 byte JMP 0000000077180040
.text  C:\Windows\system32\Dwm.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                            00000000770217b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                           0000000077021430 5 bytes JMP 0000000077180010
.text  C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                               0000000077021490 5 bytes JMP 0000000077180028
.text  C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                            00000000770217b0 1 byte JMP 0000000077180040
.text  C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                        00000000770217b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\Explorer.EXE[2464] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                   0000000077021430 5 bytes JMP 0000000077180010
.text  C:\Windows\Explorer.EXE[2464] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                       0000000077021490 5 bytes JMP 0000000077180028
.text  C:\Windows\Explorer.EXE[2464] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                    00000000770217b0 1 byte JMP 0000000077180040
.text  C:\Windows\Explorer.EXE[2464] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                                00000000770217b2 3 bytes {JMP 0x15e890}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                           0000000077021430 5 bytes JMP 0000000077180010
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                               0000000077021490 5 bytes JMP 0000000077180028
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                            00000000770217b0 1 byte JMP 0000000077180040
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                        00000000770217b2 3 bytes {JMP 0x15e890}
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                       00000000771cfac0 5 bytes JMP 0000000174a78cf0
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                           00000000771cfb58 5 bytes JMP 0000000174a78ea0
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                        00000000771d0038 5 bytes JMP 0000000174a78d80
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                       0000000077021430 5 bytes JMP 0000000077180010
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                           0000000077021490 5 bytes JMP 0000000077180028
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                        00000000770217b0 1 byte JMP 0000000077180040
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                    00000000770217b2 3 bytes {JMP 0x15e890}
.text  C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                              0000000077021430 5 bytes JMP 0000000077180010
.text  C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                  0000000077021490 5 bytes JMP 0000000077180028
.text  C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                               00000000770217b0 1 byte JMP 0000000077180040
.text  C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                           00000000770217b2 3 bytes {JMP 0x15e890}
.text  C:\Users\Thorben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2896] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                        00000000771cfac0 5 bytes JMP 0000000174a78cf0
.text  C:\Users\Thorben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2896] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                            00000000771cfb58 5 bytes JMP 0000000174a78ea0
.text  C:\Users\Thorben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2896] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                         00000000771d0038 5 bytes JMP 0000000174a78d80
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                00000000771cfac0 5 bytes JMP 0000000174a78cf0
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                    00000000771cfb58 5 bytes JMP 0000000174a78ea0
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                 00000000771d0038 5 bytes JMP 0000000174a78d80
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory  00000000771cfac0 5 bytes JMP 0000000174a78cf0
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory      00000000771cfb58 5 bytes JMP 0000000174a78ea0
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory   00000000771d0038 5 bytes JMP 0000000174a78d80
.text  C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[2976] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                           00000000771cfac0 5 bytes JMP 0000000174a78cf0
.text  C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[2976] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                               00000000771cfb58 5 bytes JMP 0000000174a78ea0
.text  C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[2976] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                            00000000771d0038 5 bytes JMP 0000000174a78d80
.text  C:\Program Files (x86)\XFastUSB\XFastUsb.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                              00000000771cfac0 5 bytes JMP 0000000174a78cf0
.text  C:\Program Files (x86)\XFastUSB\XFastUsb.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                  00000000771cfb58 5 bytes JMP 0000000174a78ea0
.text  C:\Program Files (x86)\XFastUSB\XFastUsb.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                               00000000771d0038 5 bytes JMP 0000000174a78d80
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                00000000771cfac0 5 bytes JMP 0000000174a78cf0
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                    00000000771cfb58 5 bytes JMP 0000000174a78ea0
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                 00000000771d0038 5 bytes JMP 0000000174a78d80
.text  C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                          00000000771cfac0 5 bytes JMP 0000000174a78cf0
.text  C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                              00000000771cfb58 5 bytes JMP 0000000174a78ea0
.text  C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                           00000000771d0038 5 bytes JMP 0000000174a78d80
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                    0000000077021430 5 bytes JMP 0000000077180010
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                        0000000077021490 5 bytes JMP 0000000077180028
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                     00000000770217b0 1 byte JMP 0000000077180040
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2032] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                 00000000770217b2 3 bytes {JMP 0x15e890}
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3156] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                 00000000771cfac0 5 bytes JMP 0000000174a78cf0
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3156] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                     00000000771cfb58 5 bytes JMP 0000000174a78ea0
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3156] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                  00000000771d0038 5 bytes JMP 0000000174a78d80
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                           0000000077021430 5 bytes JMP 0000000077180010
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                               0000000077021490 5 bytes JMP 0000000077180028
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                            00000000770217b0 1 byte JMP 0000000077180040
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                        00000000770217b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\system32\conhost.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                           0000000077021430 5 bytes JMP 0000000077180010
.text  C:\Windows\system32\conhost.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                               0000000077021490 5 bytes JMP 0000000077180028
.text  C:\Windows\system32\conhost.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                            00000000770217b0 1 byte JMP 0000000077180040
.text  C:\Windows\system32\conhost.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                        00000000770217b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\SysWOW64\PnkBstrA.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                          00000000771cfac0 5 bytes JMP 0000000174a78cf0
.text  C:\Windows\SysWOW64\PnkBstrA.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                              00000000771cfb58 5 bytes JMP 0000000174a78ea0
.text  C:\Windows\SysWOW64\PnkBstrA.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                           00000000771d0038 5 bytes JMP 0000000174a78d80
.text  C:\Windows\SysWOW64\PnkBstrA.exe[3412] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                               00000000734e1a22 2 bytes [4E, 73]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[3412] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                               00000000734e1ad0 2 bytes [4E, 73]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[3412] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                               00000000734e1b08 2 bytes [4E, 73]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[3412] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                               00000000734e1bba 2 bytes [4E, 73]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[3412] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                               00000000734e1bda 2 bytes [4E, 73]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[3412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                        0000000077181465 2 bytes [18, 77]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[3412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                       00000000771814bb 2 bytes [18, 77]
.text  ...                                                                                                                                                                   * 2
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                 0000000077021430 5 bytes JMP 0000000077180010
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                     0000000077021490 5 bytes JMP 0000000077180028
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                  00000000770217b0 1 byte JMP 0000000077180040
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                              00000000770217b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                     0000000077021430 5 bytes JMP 0000000077180010
.text  C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                         0000000077021490 5 bytes JMP 0000000077180028
.text  C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                      00000000770217b0 1 byte JMP 0000000077180040
.text  C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                  00000000770217b2 3 bytes {JMP 0x15e890}
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                            0000000077021430 5 bytes JMP 0000000077180010
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                0000000077021490 5 bytes JMP 0000000077180028
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                             00000000770217b0 1 byte JMP 0000000077180040
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                         00000000770217b2 3 bytes {JMP 0x15e890}
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                        0000000077021430 5 bytes JMP 0000000077180010
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                            0000000077021490 5 bytes JMP 0000000077180028
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                         00000000770217b0 1 byte JMP 0000000077180040
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                     00000000770217b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\system32\svchost.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                           0000000077021430 5 bytes JMP 0000000077180010
.text  C:\Windows\system32\svchost.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                               0000000077021490 5 bytes JMP 0000000077180028
.text  C:\Windows\system32\svchost.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                            00000000770217b0 1 byte JMP 0000000077180040
.text  C:\Windows\system32\svchost.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                        00000000770217b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\System32\svchost.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                           0000000077021430 5 bytes JMP 0000000077180010
.text  C:\Windows\System32\svchost.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                               0000000077021490 5 bytes JMP 0000000077180028
.text  C:\Windows\System32\svchost.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                            00000000770217b0 1 byte JMP 0000000077180040
.text  C:\Windows\System32\svchost.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                        00000000770217b2 3 bytes {JMP 0x15e890}
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                00000000771cfac0 5 bytes JMP 0000000174a78cf0
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                    00000000771cfb58 5 bytes JMP 0000000174a78ea0
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                 00000000771d0038 5 bytes JMP 0000000174a78d80
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5892] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                00000000771cfac0 5 bytes JMP 0000000174a78cf0
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5892] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                    00000000771cfb58 5 bytes JMP 0000000174a78ea0
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5892] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                 00000000771d0038 5 bytes JMP 0000000174a78d80
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5952] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                00000000771cfac0 5 bytes JMP 0000000174a78cf0
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5952] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                    00000000771cfb58 5 bytes JMP 0000000174a78ea0
.text  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5952] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                 00000000771d0038 5 bytes JMP 0000000174a78d80
.text  C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2384] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                   00000000771cfac0 5 bytes JMP 0000000174a78cf0
.text  C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2384] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                       00000000771cfb58 5 bytes JMP 0000000174a78ea0
.text  C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2384] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                    00000000771d0038 5 bytes JMP 0000000174a78d80
.text  C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5776] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                             00000000771cfac0 5 bytes JMP 0000000174a78cf0
.text  C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5776] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                 00000000771cfb58 5 bytes JMP 0000000174a78ea0
.text  C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5776] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                              00000000771d0038 5 bytes JMP 0000000174a78d80
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5840] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                    00000000771cfac0 5 bytes JMP 0000000174a78cf0
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5840] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                        00000000771cfb58 5 bytes JMP 0000000174a78ea0
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5840] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                     00000000771d0038 5 bytes JMP 0000000174a78d80
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5224] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                            00000000771cfac0 5 bytes JMP 0000000174a78cf0
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5224] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                00000000771cfb58 5 bytes JMP 0000000174a78ea0
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5224] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                             00000000771d0038 5 bytes JMP 0000000174a78d80
.text  C:\Windows\system32\msiexec.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                           0000000077021430 5 bytes JMP 0000000077180010
.text  C:\Windows\system32\msiexec.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                               0000000077021490 5 bytes JMP 0000000077180028
.text  C:\Windows\system32\msiexec.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                            00000000770217b0 1 byte JMP 0000000077180040
.text  C:\Windows\system32\msiexec.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                        00000000770217b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\system32\wuauclt.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                           0000000077021430 5 bytes JMP 0000000077180010
.text  C:\Windows\system32\wuauclt.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                               0000000077021490 5 bytes JMP 0000000077180028
.text  C:\Windows\system32\wuauclt.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                            00000000770217b0 1 byte JMP 0000000077180040
.text  C:\Windows\system32\wuauclt.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                        00000000770217b2 3 bytes {JMP 0x15e890}
.text  C:\Users\Thorben\Desktop\Gmer-19357.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                   00000000771cfac0 5 bytes JMP 0000000174a78cf0
.text  C:\Users\Thorben\Desktop\Gmer-19357.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                       00000000771cfb58 5 bytes JMP 0000000174a78ea0
.text  C:\Users\Thorben\Desktop\Gmer-19357.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                    00000000771d0038 5 bytes JMP 0000000174a78d80

---- EOF - GMER 2.1 ----
         
Vielen Dank für die schnelle Antwort.
__________________

Alt 28.08.2014, 13:59   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Virus erstellt voip im Router - Standard

Virus erstellt voip im Router



hi,

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.08.2014, 23:54   #5
Swaley
 
Virus erstellt voip im Router - Standard

Virus erstellt voip im Router



Der TdssKiller log:
Code:
ATTFilter
23:19:08.0628 0x16d4  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
23:19:24.0072 0x16d4  ============================================================
23:19:24.0072 0x16d4  Current date / time: 2014/08/28 23:19:24.0072
23:19:24.0072 0x16d4  SystemInfo:
23:19:24.0072 0x16d4  
23:19:24.0072 0x16d4  OS Version: 6.1.7601 ServicePack: 1.0
23:19:24.0072 0x16d4  Product type: Workstation
23:19:24.0072 0x16d4  ComputerName: THORBEN-PC
23:19:24.0072 0x16d4  UserName: Thorben
23:19:24.0072 0x16d4  Windows directory: C:\Windows
23:19:24.0072 0x16d4  System windows directory: C:\Windows
23:19:24.0072 0x16d4  Running under WOW64
23:19:24.0072 0x16d4  Processor architecture: Intel x64
23:19:24.0072 0x16d4  Number of processors: 4
23:19:24.0072 0x16d4  Page size: 0x1000
23:19:24.0072 0x16d4  Boot type: Normal boot
23:19:24.0072 0x16d4  ============================================================
23:19:25.0601 0x16d4  KLMD registered as C:\Windows\system32\drivers\82428390.sys
23:19:25.0804 0x16d4  System UUID: {DDF68E80-6706-73BE-6747-BE34B6ED8358}
23:19:26.0147 0x16d4  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:19:26.0147 0x16d4  ============================================================
23:19:26.0147 0x16d4  \Device\Harddisk0\DR0:
23:19:26.0147 0x16d4  MBR partitions:
23:19:26.0147 0x16d4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:19:26.0147 0x16d4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
23:19:26.0147 0x16d4  ============================================================
23:19:26.0178 0x16d4  C: <-> \Device\Harddisk0\DR0\Partition2
23:19:26.0178 0x16d4  ============================================================
23:19:26.0178 0x16d4  Initialize success
23:19:26.0178 0x16d4  ============================================================
23:20:38.0841 0x14b8  ============================================================
23:20:38.0841 0x14b8  Scan started
23:20:38.0841 0x14b8  Mode: Manual; SigCheck; TDLFS; 
23:20:38.0841 0x14b8  ============================================================
23:20:38.0841 0x14b8  KSN ping started
23:20:52.0678 0x14b8  KSN ping finished: true
23:20:53.0286 0x14b8  ================ Scan system memory ========================
23:20:53.0286 0x14b8  System memory - ok
23:20:53.0286 0x14b8  ================ Scan services =============================
23:20:53.0411 0x14b8  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
23:20:53.0536 0x14b8  1394ohci - ok
23:20:53.0567 0x14b8  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:20:53.0583 0x14b8  ACPI - ok
23:20:53.0583 0x14b8  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
23:20:53.0614 0x14b8  AcpiPmi - ok
23:20:53.0676 0x14b8  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:20:53.0723 0x14b8  AdobeARMservice - ok
23:20:53.0817 0x14b8  [ F4BF3ADDDDC1AD372604F13C2B0C1F65, FA37ED5014336A72F778C485226B61BEFECEB861AB754862738795C167F0BAB7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:20:53.0832 0x14b8  AdobeFlashPlayerUpdateSvc - ok
23:20:53.0864 0x14b8  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
23:20:53.0895 0x14b8  adp94xx - ok
23:20:53.0895 0x14b8  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
23:20:53.0910 0x14b8  adpahci - ok
23:20:53.0926 0x14b8  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
23:20:53.0942 0x14b8  adpu320 - ok
23:20:53.0957 0x14b8  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:20:54.0051 0x14b8  AeLookupSvc - ok
23:20:54.0129 0x14b8  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
23:20:54.0176 0x14b8  AFD - ok
23:20:54.0207 0x14b8  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
23:20:54.0222 0x14b8  agp440 - ok
23:20:54.0254 0x14b8  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
23:20:54.0300 0x14b8  ALG - ok
23:20:54.0347 0x14b8  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:20:54.0378 0x14b8  aliide - ok
23:20:54.0441 0x14b8  ALSysIO - ok
23:20:54.0472 0x14b8  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
23:20:54.0488 0x14b8  amdide - ok
23:20:54.0503 0x14b8  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
23:20:54.0534 0x14b8  AmdK8 - ok
23:20:54.0534 0x14b8  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
23:20:54.0581 0x14b8  AmdPPM - ok
23:20:54.0612 0x14b8  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
23:20:54.0644 0x14b8  amdsata - ok
23:20:54.0675 0x14b8  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
23:20:54.0706 0x14b8  amdsbs - ok
23:20:54.0722 0x14b8  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
23:20:54.0737 0x14b8  amdxata - ok
23:20:54.0831 0x14b8  [ 0327A6CE0934C324E3E82920E9EC0EE4, B4A1E6A77032F7DF97FED3C01E76E2BD3270A3FFC500C7C9A118C0E2EB675D75 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:20:54.0846 0x14b8  AntiVirSchedulerService - ok
23:20:54.0878 0x14b8  [ 0327A6CE0934C324E3E82920E9EC0EE4, B4A1E6A77032F7DF97FED3C01E76E2BD3270A3FFC500C7C9A118C0E2EB675D75 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:20:54.0893 0x14b8  AntiVirService - ok
23:20:54.0924 0x14b8  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
23:20:55.0034 0x14b8  AppID - ok
23:20:55.0065 0x14b8  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:20:55.0127 0x14b8  AppIDSvc - ok
23:20:55.0158 0x14b8  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
23:20:55.0174 0x14b8  Appinfo - ok
23:20:55.0205 0x14b8  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
23:20:55.0252 0x14b8  AppMgmt - ok
23:20:55.0283 0x14b8  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
23:20:55.0299 0x14b8  arc - ok
23:20:55.0314 0x14b8  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
23:20:55.0330 0x14b8  arcsas - ok
23:20:55.0439 0x14b8  [ 431C68133D43560ACCA0A2042F66562D, D95FA5EEDCC31A712C9C2C9BA746F609364991FE55A93071BA63BDC603974F2C ] ArcService      C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe
23:20:55.0470 0x14b8  ArcService - ok
23:20:55.0486 0x14b8  [ E536856E96A7605EBF580D62A868E5FE, 70D0F6ECB05E923C1B274605CB3320091D35D7622003FF7E4806645519C70F01 ] ASGT            C:\Windows\SysWOW64\ASGT.exe
23:20:55.0502 0x14b8  ASGT - detected UnsignedFile.Multi.Generic ( 1 )
23:20:58.0325 0x14b8  Detect skipped due to KSN trusted
23:20:58.0325 0x14b8  ASGT - ok
23:20:58.0419 0x14b8  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:20:58.0481 0x14b8  aspnet_state - ok
23:20:58.0528 0x14b8  [ 1A234F4643F5658BAB07BFA611282267, F40435488389B4FB3B945CA21A8325A51E1B5F80F045AB019748D0EC66056A8B ] AsrDrv101       C:\Windows\SysWOW64\Drivers\AsrDrv101.sys
23:20:58.0544 0x14b8  AsrDrv101 - ok
23:20:58.0575 0x14b8  [ FABB2170C9ED83DBB7CCD0E12C78AE2B, A8E6ED73FB30B45948DCE3F16108FC6473AB49BF9CE549145FA6BA479194F065 ] AsrHidFilter    C:\Windows\system32\DRIVERS\AsrHidFilter.sys
23:20:58.0606 0x14b8  AsrHidFilter - ok
23:20:58.0637 0x14b8  [ D208B82330EB0CA9E1285520630183F1, 1122E08493BFDF639ECB80A7F3BD640971FF3639154F4130434F98E1831E004A ] ASRockIOMon     C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe
23:20:58.0684 0x14b8  ASRockIOMon - detected UnsignedFile.Multi.Generic ( 1 )
23:21:01.0492 0x14b8  Detect skipped due to KSN trusted
23:21:01.0492 0x14b8  ASRockIOMon - ok
23:21:01.0508 0x14b8  [ A149C93231945A5118C63AEACA6D1E72, 60B28184585B389751FCF71651A139D74018DE04AEBF4A497835AF727B64BD53 ] AsrRamDisk      C:\Windows\system32\DRIVERS\AsrRamDisk.sys
23:21:01.0539 0x14b8  AsrRamDisk - ok
23:21:01.0570 0x14b8  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:21:01.0632 0x14b8  AsyncMac - ok
23:21:01.0679 0x14b8  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
23:21:01.0695 0x14b8  atapi - ok
23:21:01.0773 0x14b8  [ 0ACC06FCF46F64ED4F11E57EE461C1F4, F2AB7198C7F7D36AB1D6D03C1FEFD929ED402002AC835B909FC14938BC0EE24B ] athr            C:\Windows\system32\DRIVERS\athrx.sys
23:21:01.0835 0x14b8  athr - ok
23:21:01.0882 0x14b8  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:21:01.0913 0x14b8  AudioEndpointBuilder - ok
23:21:01.0929 0x14b8  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
23:21:01.0960 0x14b8  AudioSrv - ok
23:21:02.0007 0x14b8  [ 4663C5AD76FE8E19592DE808156FA07D, 605827B4A9D6930BC752D124BF75D55D4927B0ABEF881CDE66F3C5CC1DB215FE ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
23:21:02.0022 0x14b8  avgntflt - ok
23:21:02.0054 0x14b8  [ 8902AEC2382A37E9E99A4E0D52DBD42B, 138F2D7E7430132B2C527D413BC845CC467F084F39C232EC3A17DD2A74EE401E ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
23:21:02.0085 0x14b8  avipbb - ok
23:21:02.0132 0x14b8  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
23:21:02.0147 0x14b8  avkmgr - ok
23:21:02.0163 0x14b8  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:21:02.0225 0x14b8  AxInstSV - ok
23:21:02.0256 0x14b8  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
23:21:02.0303 0x14b8  b06bdrv - ok
23:21:02.0334 0x14b8  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
23:21:02.0366 0x14b8  b57nd60a - ok
23:21:02.0381 0x14b8  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:21:02.0412 0x14b8  BDESVC - ok
23:21:02.0428 0x14b8  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:21:02.0475 0x14b8  Beep - ok
23:21:02.0506 0x14b8  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
23:21:02.0537 0x14b8  BFE - ok
23:21:02.0568 0x14b8  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
23:21:02.0615 0x14b8  BITS - ok
23:21:02.0631 0x14b8  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:21:02.0631 0x14b8  blbdrive - ok
23:21:02.0678 0x14b8  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:21:02.0709 0x14b8  bowser - ok
23:21:02.0724 0x14b8  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
23:21:02.0740 0x14b8  BrFiltLo - ok
23:21:02.0740 0x14b8  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
23:21:02.0771 0x14b8  BrFiltUp - ok
23:21:02.0802 0x14b8  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
23:21:02.0834 0x14b8  Browser - ok
23:21:02.0865 0x14b8  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:21:02.0912 0x14b8  Brserid - ok
23:21:02.0912 0x14b8  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:21:02.0943 0x14b8  BrSerWdm - ok
23:21:02.0958 0x14b8  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:21:02.0990 0x14b8  BrUsbMdm - ok
23:21:02.0990 0x14b8  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:21:03.0005 0x14b8  BrUsbSer - ok
23:21:03.0005 0x14b8  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
23:21:03.0021 0x14b8  BTHMODEM - ok
23:21:03.0036 0x14b8  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
23:21:03.0068 0x14b8  bthserv - ok
23:21:03.0083 0x14b8  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:21:03.0099 0x14b8  cdfs - ok
23:21:03.0130 0x14b8  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:21:03.0146 0x14b8  cdrom - ok
23:21:03.0161 0x14b8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
23:21:03.0177 0x14b8  CertPropSvc - ok
23:21:03.0177 0x14b8  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
23:21:03.0192 0x14b8  circlass - ok
23:21:03.0208 0x14b8  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
23:21:03.0224 0x14b8  CLFS - ok
23:21:03.0286 0x14b8  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:21:03.0317 0x14b8  clr_optimization_v2.0.50727_32 - ok
23:21:03.0364 0x14b8  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:21:03.0395 0x14b8  clr_optimization_v2.0.50727_64 - ok
23:21:03.0489 0x14b8  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:21:03.0551 0x14b8  clr_optimization_v4.0.30319_32 - ok
23:21:03.0582 0x14b8  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:21:03.0629 0x14b8  clr_optimization_v4.0.30319_64 - ok
23:21:03.0629 0x14b8  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
23:21:03.0660 0x14b8  CmBatt - ok
23:21:03.0707 0x14b8  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:21:03.0723 0x14b8  cmdide - ok
23:21:03.0770 0x14b8  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
23:21:03.0816 0x14b8  CNG - ok
23:21:03.0832 0x14b8  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
23:21:03.0863 0x14b8  Compbatt - ok
23:21:03.0879 0x14b8  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
23:21:03.0941 0x14b8  CompositeBus - ok
23:21:03.0941 0x14b8  COMSysApp - ok
23:21:03.0957 0x14b8  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
23:21:03.0972 0x14b8  crcdisk - ok
23:21:04.0019 0x14b8  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:21:04.0050 0x14b8  CryptSvc - ok
23:21:04.0097 0x14b8  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
23:21:04.0160 0x14b8  CSC - ok
23:21:04.0191 0x14b8  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
23:21:04.0206 0x14b8  CscService - ok
23:21:04.0238 0x14b8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:21:04.0269 0x14b8  DcomLaunch - ok
23:21:04.0284 0x14b8  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
23:21:04.0316 0x14b8  defragsvc - ok
23:21:04.0331 0x14b8  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:21:04.0362 0x14b8  DfsC - ok
23:21:04.0394 0x14b8  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:21:04.0440 0x14b8  Dhcp - ok
23:21:04.0456 0x14b8  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
23:21:04.0487 0x14b8  discache - ok
23:21:04.0503 0x14b8  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
23:21:04.0518 0x14b8  Disk - ok
23:21:04.0534 0x14b8  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
23:21:04.0550 0x14b8  dmvsc - ok
23:21:04.0596 0x14b8  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:21:04.0659 0x14b8  Dnscache - ok
23:21:04.0690 0x14b8  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:21:04.0784 0x14b8  dot3svc - ok
23:21:04.0815 0x14b8  [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
23:21:04.0862 0x14b8  Dot4 - ok
23:21:04.0908 0x14b8  [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:21:04.0940 0x14b8  Dot4Print - ok
23:21:04.0955 0x14b8  [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
23:21:04.0971 0x14b8  dot4usb - ok
23:21:04.0986 0x14b8  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
23:21:05.0049 0x14b8  DPS - ok
23:21:05.0064 0x14b8  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:21:05.0111 0x14b8  drmkaud - ok
23:21:05.0189 0x14b8  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:21:05.0236 0x14b8  DXGKrnl - ok
23:21:05.0267 0x14b8  [ 73F8DE25B04A66CE3BE5D09A10DE56E6, ABA5AA50D936897CC71D710BBCF9A1B1CCCAC290FCD10A710E4471C1CDDE1093 ] e1dexpress      C:\Windows\system32\DRIVERS\e1d62x64.sys
23:21:05.0283 0x14b8  e1dexpress - ok
23:21:05.0298 0x14b8  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
23:21:05.0330 0x14b8  EapHost - ok
23:21:05.0392 0x14b8  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
23:21:05.0486 0x14b8  ebdrv - ok
23:21:05.0517 0x14b8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
23:21:05.0532 0x14b8  EFS - ok
23:21:05.0595 0x14b8  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:21:05.0673 0x14b8  ehRecvr - ok
23:21:05.0673 0x14b8  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
23:21:05.0704 0x14b8  ehSched - ok
23:21:05.0720 0x14b8  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
23:21:05.0751 0x14b8  elxstor - ok
23:21:05.0751 0x14b8  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:21:05.0766 0x14b8  ErrDev - ok
23:21:05.0798 0x14b8  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
23:21:05.0844 0x14b8  EventSystem - ok
23:21:05.0844 0x14b8  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
23:21:05.0876 0x14b8  exfat - ok
23:21:05.0876 0x14b8  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:21:05.0922 0x14b8  fastfat - ok
23:21:05.0938 0x14b8  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
23:21:05.0985 0x14b8  Fax - ok
23:21:05.0985 0x14b8  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
23:21:06.0000 0x14b8  fdc - ok
23:21:06.0016 0x14b8  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
23:21:06.0047 0x14b8  fdPHost - ok
23:21:06.0063 0x14b8  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:21:06.0125 0x14b8  FDResPub - ok
23:21:06.0141 0x14b8  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:21:06.0156 0x14b8  FileInfo - ok
23:21:06.0172 0x14b8  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:21:06.0219 0x14b8  Filetrace - ok
23:21:06.0234 0x14b8  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
23:21:06.0234 0x14b8  flpydisk - ok
23:21:06.0250 0x14b8  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:21:06.0266 0x14b8  FltMgr - ok
23:21:06.0312 0x14b8  [ 508401A63E6B1CBF0B9C9A011498731F, F636B0A9C0EB6AE7EC04E5C5FD8A0578AEB76A1B0D974F355BCE6B6091901725 ] FNETTBOH_305    C:\Windows\system32\drivers\FNETTBOH_305.SYS
23:21:06.0344 0x14b8  FNETTBOH_305 - ok
23:21:06.0359 0x14b8  [ E341178C116DAC6A3A764587E68DFA7B, 91B4C79057908A622666FF069CF1C7ECA42952A6587432F5E99E33E8B19D29AF ] FNETURPX        C:\Windows\system32\drivers\FNETURPX.SYS
23:21:06.0375 0x14b8  FNETURPX - ok
23:21:06.0453 0x14b8  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
23:21:06.0500 0x14b8  FontCache - ok
23:21:06.0531 0x14b8  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:21:06.0546 0x14b8  FontCache3.0.0.0 - ok
23:21:06.0562 0x14b8  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:21:06.0593 0x14b8  FsDepends - ok
23:21:06.0624 0x14b8  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:21:06.0656 0x14b8  Fs_Rec - ok
23:21:06.0702 0x14b8  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:21:06.0734 0x14b8  fvevol - ok
23:21:06.0749 0x14b8  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
23:21:06.0765 0x14b8  gagp30kx - ok
23:21:06.0827 0x14b8  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
23:21:06.0858 0x14b8  gpsvc - ok
23:21:06.0921 0x14b8  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:21:06.0936 0x14b8  gupdate - ok
23:21:06.0952 0x14b8  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:21:06.0968 0x14b8  gupdatem - ok
23:21:06.0983 0x14b8  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:21:07.0014 0x14b8  hcw85cir - ok
23:21:07.0061 0x14b8  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:21:07.0124 0x14b8  HdAudAddService - ok
23:21:07.0124 0x14b8  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:21:07.0139 0x14b8  HDAudBus - ok
23:21:07.0155 0x14b8  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
23:21:07.0170 0x14b8  HidBatt - ok
23:21:07.0170 0x14b8  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
23:21:07.0186 0x14b8  HidBth - ok
23:21:07.0202 0x14b8  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
23:21:07.0217 0x14b8  HidIr - ok
23:21:07.0233 0x14b8  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
23:21:07.0264 0x14b8  hidserv - ok
23:21:07.0295 0x14b8  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:21:07.0326 0x14b8  HidUsb - ok
23:21:07.0358 0x14b8  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:21:07.0404 0x14b8  hkmsvc - ok
23:21:07.0467 0x14b8  [ CF07C0A9D38A248D036DD9C47E4D0D6E, 6952DA6466DAE2E378F92934E1925887DD122A511BC5D6A0EF2194108E320126 ] hmpalert        C:\Windows\system32\drivers\hmpalert.sys
23:21:07.0498 0x14b8  hmpalert - ok
23:21:07.0576 0x14b8  [ 2638395F6E61889D75C363A80A0E17F4, D61FD993DA6605F32E6CDAC889285EB67F1A112BB9A294838BB90FCBF5FA11C1 ] hmpalertsvc     C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
23:21:07.0607 0x14b8  hmpalertsvc - ok
23:21:07.0623 0x14b8  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:21:07.0638 0x14b8  HomeGroupListener - ok
23:21:07.0654 0x14b8  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:21:07.0670 0x14b8  HomeGroupProvider - ok
23:21:07.0779 0x14b8  [ 5DA42D24712E00728CEA2342A65009B2, 73EC5250DCFD556525B24B3CA66C64AC7747E77652A2AD6119936A59A9E8562A ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
23:21:07.0810 0x14b8  hpqcxs08 - ok
23:21:07.0826 0x14b8  [ D86A39BF100069444D026D22D9A6E555, 7B24D48D5BA67704C88697FADB64364E0E64D26259408E3C219820C5404C5EEC ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
23:21:07.0857 0x14b8  hpqddsvc - ok
23:21:07.0872 0x14b8  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:21:07.0888 0x14b8  HpSAMD - ok
23:21:07.0935 0x14b8  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:21:07.0982 0x14b8  HTTP - ok
23:21:07.0997 0x14b8  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:21:08.0013 0x14b8  hwpolicy - ok
23:21:08.0013 0x14b8  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
23:21:08.0028 0x14b8  i8042prt - ok
23:21:08.0044 0x14b8  [ 57CD95DEB3529181BCC931DD2DFB2341, 03ACF906E4C3CF954F503900F42C7A60FCD5624772B90A956F032484146E42B7 ] iaStorA         C:\Windows\system32\DRIVERS\iaStorA.sys
23:21:08.0060 0x14b8  iaStorA - ok
23:21:08.0138 0x14b8  [ 20E83F4632E15A5E9E716FF2E8AC7FAE, 7CA1A4924F432AD30ED7FA6247C6513DA173EE31132AE115E85C0ED7E5971029 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
23:21:08.0153 0x14b8  IAStorDataMgrSvc - ok
23:21:08.0169 0x14b8  [ CE5CD8CBE940965867D507AB8EA2795A, 1CC2C23A1436E4C911DD3B942D8F6DABB7249AB04426F9AB6B6045034226DD25 ] iaStorF         C:\Windows\system32\DRIVERS\iaStorF.sys
23:21:08.0200 0x14b8  iaStorF - ok
23:21:08.0262 0x14b8  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
23:21:08.0309 0x14b8  iaStorV - ok
23:21:08.0356 0x14b8  [ E199288F016C354255C39A84378A48F6, 881B41D64D73F7A3A1680EDD68201E14AC5C60B848374EEAE44CCDDE46010E81 ] ICCS            C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
23:21:08.0403 0x14b8  ICCS - ok
23:21:08.0481 0x14b8  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:21:08.0528 0x14b8  idsvc - ok
23:21:08.0543 0x14b8  IEEtwCollectorService - ok
23:21:08.0559 0x14b8  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
23:21:08.0574 0x14b8  iirsp - ok
23:21:08.0606 0x14b8  [ E18725531054FE222115873AC1CCB02B, 0FC4B9D5DF77E19E4732759B848B4BCBBD44A124304FA8333BB3B7BC37E15FB8 ] ikbevent        C:\Windows\system32\DRIVERS\ikbevent.sys
23:21:08.0606 0x14b8  ikbevent - ok
23:21:08.0684 0x14b8  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
23:21:08.0715 0x14b8  IKEEXT - ok
23:21:08.0730 0x14b8  [ 45060257BCA3D60204FEC29F6E6DE458, C9FB92FEEFC0DC5386B545A8E429D60B932360B9044A920F6F2EDD5CF3B7B5A0 ] imsevent        C:\Windows\system32\DRIVERS\imsevent.sys
23:21:08.0730 0x14b8  imsevent - ok
23:21:08.0855 0x14b8  [ E9740A3BC0AE6EA035FF7ECE3A1B27B6, 4CA3E094B0057E143955DE5D41C3344688B6D2C4FFC0417235FF46312B600F99 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:21:08.0918 0x14b8  IntcAzAudAddService - ok
23:21:08.0964 0x14b8  [ 0DB1E3F6189C628675F855C0EB510419, 989F539E82105019D2D81255369B96DC65826CD2A421DA09809155B26F69C555 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
23:21:08.0996 0x14b8  Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
23:21:11.0819 0x14b8  Detect skipped due to KSN trusted
23:21:11.0819 0x14b8  Intel(R) Capability Licensing Service Interface - ok
23:21:11.0866 0x14b8  [ 492AAF2FF66F437F0E796574B116EFC3, 6BF21C61ED05705DD58203952A750D1AB4D4B62F3A2B640BBBD9B85D1ECC3E5C ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
23:21:11.0913 0x14b8  Intel(R) Capability Licensing Service TCP IP Interface - ok
23:21:11.0944 0x14b8  [ CBF7341E55A8348C7AB01A9870C7D948, A5084DF3C6321788C88A9E6B5F43FE5BCFDBB579BDE3A4D5F55558C6D13035A5 ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
23:21:11.0944 0x14b8  Intel(R) PROSet Monitoring Service - ok
23:21:11.0975 0x14b8  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
23:21:11.0991 0x14b8  intelide - ok
23:21:12.0006 0x14b8  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:21:12.0006 0x14b8  intelppm - ok
23:21:12.0038 0x14b8  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:21:12.0069 0x14b8  IPBusEnum - ok
23:21:12.0084 0x14b8  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:21:12.0100 0x14b8  IpFilterDriver - ok
23:21:12.0147 0x14b8  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:21:12.0194 0x14b8  iphlpsvc - ok
23:21:12.0194 0x14b8  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
23:21:12.0240 0x14b8  IPMIDRV - ok
23:21:12.0240 0x14b8  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:21:12.0287 0x14b8  IPNAT - ok
23:21:12.0287 0x14b8  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:21:12.0303 0x14b8  IRENUM - ok
23:21:12.0318 0x14b8  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:21:12.0318 0x14b8  isapnp - ok
23:21:12.0365 0x14b8  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
23:21:12.0365 0x14b8  iScsiPrt - ok
23:21:12.0396 0x14b8  [ 4EE2423C38F43D37F8497A672FD10BDC, 031C5272DD28809255CF4FA8E6DE45DBFBD9A363BBD5156D0AEE0787C4297980 ] ISCT            C:\Windows\system32\DRIVERS\ISCTD64.sys
23:21:12.0412 0x14b8  ISCT - ok
23:21:12.0428 0x14b8  [ 88CCCCFA8269973C3C3C06F94DA03BAB, A88BF3397466C40C7D4BE94288A88FF1FB7103E92FBA4E17A16AB6A04F909F29 ] ISCTAgent       C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
23:21:12.0428 0x14b8  ISCTAgent - ok
23:21:12.0459 0x14b8  [ 78D369F8A81A341109FBA1DB64B4C512, E584F693255CCBF7006E7D35984149CF599BB0849A8F02EFDD6223DF0D606049 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
23:21:12.0474 0x14b8  iusb3hcs - ok
23:21:12.0474 0x14b8  [ 5B632ABA038CE2E2D5D2D1115C6B26D1, 605A8FFA704E4369CF9D17DF8630DC9E196B8920D47F1CC5151759E60B234C1F ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
23:21:12.0490 0x14b8  iusb3hub - ok
23:21:12.0521 0x14b8  [ EA841584EF59528D11F20355770E427E, 515737761BB2A0A233F4AD141E28D93E3B9789320A15B7D5FB3DB5AC3CD8E249 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
23:21:12.0552 0x14b8  iusb3xhc - ok
23:21:12.0615 0x14b8  [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
23:21:12.0630 0x14b8  jhi_service - ok
23:21:12.0646 0x14b8  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:21:12.0662 0x14b8  kbdclass - ok
23:21:12.0677 0x14b8  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:21:12.0693 0x14b8  kbdhid - ok
23:21:12.0708 0x14b8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
23:21:12.0724 0x14b8  KeyIso - ok
23:21:12.0771 0x14b8  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:21:12.0786 0x14b8  KSecDD - ok
23:21:12.0786 0x14b8  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:21:12.0818 0x14b8  KSecPkg - ok
23:21:12.0818 0x14b8  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
23:21:12.0880 0x14b8  ksthunk - ok
23:21:12.0896 0x14b8  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:21:12.0942 0x14b8  KtmRm - ok
23:21:12.0989 0x14b8  [ CE4347E2D90DB2E5517B6F2BC720A862, C5E1E1BDE4C2375639416B173E1035F709BE710C50812789D8BC75E0F7E2AE75 ] LADF_CaptureOnly C:\Windows\system32\DRIVERS\ladfGSCamd64.sys
23:21:13.0005 0x14b8  LADF_CaptureOnly - ok
23:21:13.0020 0x14b8  [ 85A9D21D3AE2EA963E111CB150895877, 3ACB75028E86C0842814FF84D8A31D38B6D8060C86004F9B6410691EE1F0D153 ] LADF_RenderOnly C:\Windows\system32\DRIVERS\ladfGSRamd64.sys
23:21:13.0020 0x14b8  LADF_RenderOnly - ok
23:21:13.0052 0x14b8  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:21:13.0083 0x14b8  LanmanServer - ok
23:21:13.0098 0x14b8  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:21:13.0130 0x14b8  LanmanWorkstation - ok
23:21:13.0145 0x14b8  [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
23:21:13.0145 0x14b8  LGBusEnum - ok
23:21:13.0192 0x14b8  [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
23:21:13.0208 0x14b8  LGVirHid - ok
23:21:13.0223 0x14b8  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:21:13.0301 0x14b8  lltdio - ok
23:21:13.0317 0x14b8  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:21:13.0348 0x14b8  lltdsvc - ok
23:21:13.0364 0x14b8  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:21:13.0410 0x14b8  lmhosts - ok
23:21:13.0442 0x14b8  [ 90C864827E1722F5BB6EEA8896A4E8EF, 6F9D96B7A65BD79ED5A384025393F36A5DEAC4EE01CA173874906B54F57150EF ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:21:13.0457 0x14b8  LMS - ok
23:21:13.0473 0x14b8  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
23:21:13.0488 0x14b8  LSI_FC - ok
23:21:13.0504 0x14b8  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
23:21:13.0520 0x14b8  LSI_SAS - ok
23:21:13.0551 0x14b8  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
23:21:13.0551 0x14b8  LSI_SAS2 - ok
23:21:13.0566 0x14b8  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
23:21:13.0582 0x14b8  LSI_SCSI - ok
23:21:13.0598 0x14b8  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
23:21:13.0629 0x14b8  luafv - ok
23:21:13.0660 0x14b8  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:21:13.0676 0x14b8  Mcx2Svc - ok
23:21:13.0691 0x14b8  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
23:21:13.0691 0x14b8  megasas - ok
23:21:13.0707 0x14b8  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
23:21:13.0738 0x14b8  MegaSR - ok
23:21:13.0754 0x14b8  [ 926C135CFB0C75B32FB714B5C0C58FAA, AF627CD125794B69D450D298D5608D357F2C91FB89EBFAA0DA2A0F07C6A304A8 ] MEIx64          C:\Windows\system32\DRIVERS\TeeDriverx64.sys
23:21:13.0754 0x14b8  MEIx64 - ok
23:21:13.0785 0x14b8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
23:21:13.0816 0x14b8  MMCSS - ok
23:21:13.0832 0x14b8  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
23:21:13.0863 0x14b8  Modem - ok
23:21:13.0878 0x14b8  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:21:13.0894 0x14b8  monitor - ok
23:21:13.0910 0x14b8  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:21:13.0925 0x14b8  mouclass - ok
23:21:13.0941 0x14b8  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:21:13.0956 0x14b8  mouhid - ok
23:21:13.0972 0x14b8  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:21:13.0988 0x14b8  mountmgr - ok
23:21:14.0019 0x14b8  [ 4E9D8041D352A33332FD6F59A3A78B03, D4E6229B07EF9866993EEE4F6223DC7F1FF1108273FE14A3DC74E65C181DE56A ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:21:14.0034 0x14b8  MozillaMaintenance - ok
23:21:14.0034 0x14b8  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:21:14.0050 0x14b8  mpio - ok
23:21:14.0066 0x14b8  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:21:14.0097 0x14b8  mpsdrv - ok
23:21:14.0128 0x14b8  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:21:14.0159 0x14b8  MpsSvc - ok
23:21:14.0190 0x14b8  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:21:14.0206 0x14b8  MRxDAV - ok
23:21:14.0222 0x14b8  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:21:14.0268 0x14b8  mrxsmb - ok
23:21:14.0300 0x14b8  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:21:14.0331 0x14b8  mrxsmb10 - ok
23:21:14.0362 0x14b8  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:21:14.0378 0x14b8  mrxsmb20 - ok
23:21:14.0409 0x14b8  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
23:21:14.0424 0x14b8  msahci - ok
23:21:14.0424 0x14b8  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:21:14.0440 0x14b8  msdsm - ok
23:21:14.0456 0x14b8  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
23:21:14.0487 0x14b8  MSDTC - ok
23:21:14.0502 0x14b8  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:21:14.0549 0x14b8  Msfs - ok
23:21:14.0565 0x14b8  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:21:14.0580 0x14b8  mshidkmdf - ok
23:21:14.0596 0x14b8  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:21:14.0612 0x14b8  msisadrv - ok
23:21:14.0627 0x14b8  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:21:14.0674 0x14b8  MSiSCSI - ok
23:21:14.0674 0x14b8  msiserver - ok
23:21:14.0674 0x14b8  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:21:14.0736 0x14b8  MSKSSRV - ok
23:21:14.0736 0x14b8  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:21:14.0768 0x14b8  MSPCLOCK - ok
23:21:14.0768 0x14b8  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:21:14.0783 0x14b8  MSPQM - ok
23:21:14.0799 0x14b8  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:21:14.0814 0x14b8  MsRPC - ok
23:21:14.0830 0x14b8  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
23:21:14.0830 0x14b8  mssmbios - ok
23:21:14.0846 0x14b8  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:21:14.0861 0x14b8  MSTEE - ok
23:21:14.0861 0x14b8  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
23:21:14.0877 0x14b8  MTConfig - ok
23:21:14.0892 0x14b8  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
23:21:14.0892 0x14b8  Mup - ok
23:21:14.0924 0x14b8  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
23:21:14.0955 0x14b8  napagent - ok
23:21:14.0970 0x14b8  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:21:15.0002 0x14b8  NativeWifiP - ok
23:21:15.0064 0x14b8  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:21:15.0095 0x14b8  NDIS - ok
23:21:15.0111 0x14b8  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:21:15.0142 0x14b8  NdisCap - ok
23:21:15.0173 0x14b8  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:21:15.0189 0x14b8  NdisTapi - ok
23:21:15.0204 0x14b8  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:21:15.0220 0x14b8  Ndisuio - ok
23:21:15.0220 0x14b8  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:21:15.0251 0x14b8  NdisWan - ok
23:21:15.0267 0x14b8  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:21:15.0298 0x14b8  NDProxy - ok
23:21:15.0360 0x14b8  [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
23:21:15.0376 0x14b8  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
23:21:18.0200 0x14b8  Detect skipped due to KSN trusted
23:21:18.0200 0x14b8  Net Driver HPZ12 - ok
23:21:18.0200 0x14b8  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:21:18.0293 0x14b8  NetBIOS - ok
23:21:18.0325 0x14b8  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:21:18.0371 0x14b8  NetBT - ok
23:21:18.0387 0x14b8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
23:21:18.0403 0x14b8  Netlogon - ok
23:21:18.0434 0x14b8  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
23:21:18.0481 0x14b8  Netman - ok
23:21:18.0512 0x14b8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:21:18.0559 0x14b8  NetMsmqActivator - ok
23:21:18.0590 0x14b8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:21:18.0590 0x14b8  NetPipeActivator - ok
23:21:18.0605 0x14b8  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
23:21:18.0652 0x14b8  netprofm - ok
23:21:18.0652 0x14b8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:21:18.0668 0x14b8  NetTcpActivator - ok
23:21:18.0668 0x14b8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:21:18.0668 0x14b8  NetTcpPortSharing - ok
23:21:18.0683 0x14b8  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
23:21:18.0699 0x14b8  nfrd960 - ok
23:21:18.0715 0x14b8  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:21:18.0746 0x14b8  NlaSvc - ok
23:21:18.0808 0x14b8  [ 84E64EF447EB16CAC6CC1544DDC9AB57, DE80CD1C73F1EDE72513358FFDDD332CCE960A836A376683269CC8144CCF11AB ] nldrv           C:\Program Files\Locktime Software\NetLimiter 4\nldrv.sys
23:21:18.0839 0x14b8  nldrv - ok
23:21:18.0886 0x14b8  [ F69ED1878460C4460D780EA24B15C479, 2ADA35A9BEFC9C6AA7E161A1F0B49020FDE6DB34ECCB08B5B7D721EAB226396E ] nlsvc           C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe
23:21:18.0933 0x14b8  nlsvc - ok
23:21:18.0933 0x14b8  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:21:18.0964 0x14b8  Npfs - ok
23:21:18.0980 0x14b8  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
23:21:18.0995 0x14b8  nsi - ok
23:21:19.0011 0x14b8  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:21:19.0042 0x14b8  nsiproxy - ok
23:21:19.0151 0x14b8  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:21:19.0198 0x14b8  Ntfs - ok
23:21:19.0214 0x14b8  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
23:21:19.0245 0x14b8  Null - ok
23:21:19.0261 0x14b8  [ E366A5681C50785D4ED04FCFD65C3415, 7FF7B4B8F09E773401AE879897E60BF494B57B9ACEE990204A4C98A3FB183A33 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
23:21:19.0261 0x14b8  NVHDA - ok
23:21:19.0604 0x14b8  [ 2232AE1BB51A96A7381A2CA17DF12E24, 4813E27BC14EB3CBD55AF89B098EA5C8DA4C7FF0B6CCB7AACFC43BC0E578C988 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:21:19.0807 0x14b8  nvlddmkm - ok
23:21:19.0947 0x14b8  [ D2FE0376285A783693469422678E878B, 9F0B1A6694CA7BDAAA3B26BE1D344A3FC7B98162518A259C273360EFF075CD75 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
23:21:20.0009 0x14b8  NvNetworkService - ok
23:21:20.0056 0x14b8  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:21:20.0087 0x14b8  nvraid - ok
23:21:20.0103 0x14b8  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:21:20.0119 0x14b8  nvstor - ok
23:21:20.0555 0x14b8  [ 4F0E2990DB12849D428DE7B0AC5D92B9, 77A058EFFE07E46F0DFF419DC1C204C245598E6A6F6EDFF545802D9C1573EAA0 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
23:21:20.0930 0x14b8  NvStreamSvc - ok
23:21:20.0977 0x14b8  [ 2C8DD5A34A81715865D66D7AF39362A6, 62F9D873127921EE2EAA80B73E8994C4BF6DA7EEDACAEA030B8D58E086FD3850 ] nvsvc           C:\Windows\system32\nvvsvc.exe
23:21:21.0008 0x14b8  nvsvc - ok
23:21:21.0023 0x14b8  [ 939C0FAE9CC0CDD69E6508BDE4C11FE5, 1E82FF4A8797A0EC5DF0E54DE7F358542C73FFFBECADDF86ED66839182E3B55D ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
23:21:21.0023 0x14b8  nvvad_WaveExtensible - ok
23:21:21.0055 0x14b8  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:21:21.0055 0x14b8  nv_agp - ok
23:21:21.0148 0x14b8  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:21:21.0195 0x14b8  odserv - ok
23:21:21.0195 0x14b8  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:21:21.0226 0x14b8  ohci1394 - ok
23:21:21.0273 0x14b8  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:21:21.0289 0x14b8  ose - ok
23:21:21.0304 0x14b8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:21:21.0351 0x14b8  p2pimsvc - ok
23:21:21.0382 0x14b8  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
23:21:21.0398 0x14b8  p2psvc - ok
23:21:21.0398 0x14b8  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
23:21:21.0413 0x14b8  Parport - ok
23:21:21.0445 0x14b8  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:21:21.0476 0x14b8  partmgr - ok
23:21:21.0491 0x14b8  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:21:21.0523 0x14b8  PcaSvc - ok
23:21:21.0538 0x14b8  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
23:21:21.0554 0x14b8  pci - ok
23:21:21.0585 0x14b8  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
23:21:21.0616 0x14b8  pciide - ok
23:21:21.0616 0x14b8  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
23:21:21.0647 0x14b8  pcmcia - ok
23:21:21.0647 0x14b8  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
23:21:21.0663 0x14b8  pcw - ok
23:21:21.0679 0x14b8  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:21:21.0725 0x14b8  PEAUTH - ok
23:21:21.0772 0x14b8  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
23:21:21.0819 0x14b8  PeerDistSvc - ok
23:21:21.0866 0x14b8  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
23:21:21.0897 0x14b8  PerfHost - ok
23:21:21.0944 0x14b8  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
23:21:22.0006 0x14b8  pla - ok
23:21:22.0069 0x14b8  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:21:22.0115 0x14b8  PlugPlay - ok
23:21:22.0162 0x14b8  [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
23:21:22.0178 0x14b8  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
23:21:25.0017 0x14b8  Detect skipped due to KSN trusted
23:21:25.0017 0x14b8  Pml Driver HPZ12 - ok
23:21:25.0033 0x14b8  PnkBstrA - ok
23:21:25.0033 0x14b8  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:21:25.0079 0x14b8  PNRPAutoReg - ok
23:21:25.0111 0x14b8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:21:25.0157 0x14b8  PNRPsvc - ok
23:21:25.0204 0x14b8  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:21:25.0267 0x14b8  PolicyAgent - ok
23:21:25.0282 0x14b8  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
23:21:25.0313 0x14b8  Power - ok
23:21:25.0329 0x14b8  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:21:25.0360 0x14b8  PptpMiniport - ok
23:21:25.0376 0x14b8  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
23:21:25.0391 0x14b8  Processor - ok
23:21:25.0423 0x14b8  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
23:21:25.0454 0x14b8  ProfSvc - ok
23:21:25.0469 0x14b8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:21:25.0485 0x14b8  ProtectedStorage - ok
23:21:25.0516 0x14b8  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:21:25.0547 0x14b8  Psched - ok
23:21:25.0594 0x14b8  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
23:21:25.0625 0x14b8  ql2300 - ok
23:21:25.0625 0x14b8  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
23:21:25.0641 0x14b8  ql40xx - ok
23:21:25.0657 0x14b8  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
23:21:25.0672 0x14b8  QWAVE - ok
23:21:25.0672 0x14b8  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:21:25.0688 0x14b8  QWAVEdrv - ok
23:21:25.0703 0x14b8  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:21:25.0719 0x14b8  RasAcd - ok
23:21:25.0750 0x14b8  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:21:25.0766 0x14b8  RasAgileVpn - ok
23:21:25.0781 0x14b8  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
23:21:25.0797 0x14b8  RasAuto - ok
23:21:25.0813 0x14b8  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:21:25.0844 0x14b8  Rasl2tp - ok
23:21:25.0859 0x14b8  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
23:21:25.0891 0x14b8  RasMan - ok
23:21:25.0906 0x14b8  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:21:25.0937 0x14b8  RasPppoe - ok
23:21:25.0953 0x14b8  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:21:25.0969 0x14b8  RasSstp - ok
23:21:25.0984 0x14b8  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:21:26.0015 0x14b8  rdbss - ok
23:21:26.0031 0x14b8  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
23:21:26.0031 0x14b8  rdpbus - ok
23:21:26.0047 0x14b8  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:21:26.0062 0x14b8  RDPCDD - ok
23:21:26.0093 0x14b8  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
23:21:26.0125 0x14b8  RDPDR - ok
23:21:26.0125 0x14b8  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:21:26.0171 0x14b8  RDPENCDD - ok
23:21:26.0171 0x14b8  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:21:26.0187 0x14b8  RDPREFMP - ok
23:21:26.0234 0x14b8  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
23:21:26.0281 0x14b8  RdpVideoMiniport - ok
23:21:26.0327 0x14b8  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:21:26.0374 0x14b8  RDPWD - ok
23:21:26.0390 0x14b8  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:21:26.0421 0x14b8  rdyboost - ok
23:21:26.0437 0x14b8  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:21:26.0468 0x14b8  RemoteAccess - ok
23:21:26.0499 0x14b8  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:21:26.0530 0x14b8  RemoteRegistry - ok
23:21:26.0546 0x14b8  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:21:26.0561 0x14b8  RpcEptMapper - ok
23:21:26.0593 0x14b8  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
23:21:26.0608 0x14b8  RpcLocator - ok
23:21:26.0624 0x14b8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
23:21:26.0655 0x14b8  RpcSs - ok
23:21:26.0671 0x14b8  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:21:26.0686 0x14b8  rspndr - ok
23:21:26.0702 0x14b8  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
23:21:26.0717 0x14b8  s3cap - ok
23:21:26.0733 0x14b8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
23:21:26.0733 0x14b8  SamSs - ok
23:21:26.0749 0x14b8  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:21:26.0764 0x14b8  sbp2port - ok
23:21:26.0780 0x14b8  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:21:26.0811 0x14b8  SCardSvr - ok
23:21:26.0811 0x14b8  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:21:26.0842 0x14b8  scfilter - ok
23:21:26.0858 0x14b8  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
23:21:26.0920 0x14b8  Schedule - ok
23:21:26.0920 0x14b8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:21:26.0936 0x14b8  SCPolicySvc - ok
23:21:26.0951 0x14b8  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:21:26.0983 0x14b8  SDRSVC - ok
23:21:26.0983 0x14b8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:21:27.0014 0x14b8  secdrv - ok
23:21:27.0029 0x14b8  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
23:21:27.0045 0x14b8  seclogon - ok
23:21:27.0061 0x14b8  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
23:21:27.0092 0x14b8  SENS - ok
23:21:27.0092 0x14b8  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:21:27.0123 0x14b8  SensrSvc - ok
23:21:27.0154 0x14b8  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
23:21:27.0170 0x14b8  Serenum - ok
23:21:27.0185 0x14b8  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
23:21:27.0217 0x14b8  Serial - ok
23:21:27.0232 0x14b8  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
23:21:27.0263 0x14b8  sermouse - ok
23:21:27.0279 0x14b8  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
23:21:27.0326 0x14b8  SessionEnv - ok
23:21:27.0326 0x14b8  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:21:27.0341 0x14b8  sffdisk - ok
23:21:27.0341 0x14b8  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:21:27.0357 0x14b8  sffp_mmc - ok
23:21:27.0357 0x14b8  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:21:27.0373 0x14b8  sffp_sd - ok
23:21:27.0373 0x14b8  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
23:21:27.0373 0x14b8  sfloppy - ok
23:21:27.0388 0x14b8  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:21:27.0435 0x14b8  SharedAccess - ok
23:21:27.0482 0x14b8  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:21:27.0529 0x14b8  ShellHWDetection - ok
23:21:27.0560 0x14b8  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
23:21:27.0560 0x14b8  SiSRaid2 - ok
23:21:27.0575 0x14b8  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
23:21:27.0591 0x14b8  SiSRaid4 - ok
23:21:27.0622 0x14b8  [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
23:21:27.0653 0x14b8  SkypeUpdate - ok
23:21:27.0653 0x14b8  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:21:27.0669 0x14b8  Smb - ok
23:21:27.0700 0x14b8  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:21:27.0716 0x14b8  SNMPTRAP - ok
23:21:27.0731 0x14b8  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:21:27.0747 0x14b8  spldr - ok
23:21:27.0763 0x14b8  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
23:21:27.0794 0x14b8  Spooler - ok
23:21:27.0856 0x14b8  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
23:21:27.0950 0x14b8  sppsvc - ok
23:21:27.0965 0x14b8  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:21:27.0981 0x14b8  sppuinotify - ok
23:21:27.0997 0x14b8  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:21:28.0043 0x14b8  srv - ok
23:21:28.0075 0x14b8  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:21:28.0090 0x14b8  srv2 - ok
23:21:28.0106 0x14b8  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:21:28.0121 0x14b8  srvnet - ok
23:21:28.0137 0x14b8  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:21:28.0168 0x14b8  SSDPSRV - ok
23:21:28.0184 0x14b8  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:21:28.0199 0x14b8  SstpSvc - ok
23:21:28.0246 0x14b8  [ 6E1A473DD2A4714EAF7D11E2315DF794, 4460546191072C7DF8B2E5A00577BA8E4FF5A1B2EA399DDF65EBE1AE4A5A5C84 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
23:21:28.0293 0x14b8  Steam Client Service - ok
23:21:28.0355 0x14b8  [ D2230317777033CD0456990BFC4994E5, 0F2F559593EAD7AB4596E67E9AE56E5ABF5C945201366CFC972357C22A4F776A ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
23:21:28.0387 0x14b8  Stereo Service - ok
23:21:28.0418 0x14b8  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
23:21:28.0433 0x14b8  stexstor - ok
23:21:28.0465 0x14b8  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
23:21:28.0527 0x14b8  stisvc - ok
23:21:28.0543 0x14b8  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
23:21:28.0558 0x14b8  storflt - ok
23:21:28.0574 0x14b8  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
23:21:28.0605 0x14b8  StorSvc - ok
23:21:28.0636 0x14b8  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
23:21:28.0652 0x14b8  storvsc - ok
23:21:28.0667 0x14b8  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
23:21:28.0683 0x14b8  swenum - ok
23:21:28.0699 0x14b8  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
23:21:28.0730 0x14b8  swprv - ok
23:21:28.0761 0x14b8  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
23:21:28.0808 0x14b8  SysMain - ok
23:21:28.0823 0x14b8  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:21:28.0839 0x14b8  TabletInputService - ok
23:21:28.0839 0x14b8  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:21:28.0886 0x14b8  TapiSrv - ok
23:21:28.0901 0x14b8  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
23:21:28.0917 0x14b8  TBS - ok
23:21:29.0026 0x14b8  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:21:29.0073 0x14b8  Tcpip - ok
23:21:29.0104 0x14b8  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:21:29.0135 0x14b8  TCPIP6 - ok
23:21:29.0167 0x14b8  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:21:29.0182 0x14b8  tcpipreg - ok
23:21:29.0182 0x14b8  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:21:29.0213 0x14b8  TDPIPE - ok
23:21:29.0245 0x14b8  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:21:29.0276 0x14b8  TDTCP - ok
23:21:29.0291 0x14b8  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:21:29.0354 0x14b8  tdx - ok
23:21:29.0369 0x14b8  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
23:21:29.0369 0x14b8  TermDD - ok
23:21:29.0401 0x14b8  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
23:21:29.0416 0x14b8  TermService - ok
23:21:29.0432 0x14b8  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
23:21:29.0447 0x14b8  Themes - ok
23:21:29.0463 0x14b8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
23:21:29.0494 0x14b8  THREADORDER - ok
23:21:29.0510 0x14b8  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
23:21:29.0541 0x14b8  TrkWks - ok
23:21:29.0572 0x14b8  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:21:29.0588 0x14b8  TrustedInstaller - ok
23:21:29.0619 0x14b8  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:21:29.0666 0x14b8  tssecsrv - ok
23:21:29.0713 0x14b8  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23:21:29.0775 0x14b8  TsUsbFlt - ok
23:21:29.0791 0x14b8  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
23:21:29.0837 0x14b8  TsUsbGD - ok
23:21:29.0869 0x14b8  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:21:29.0931 0x14b8  tunnel - ok
23:21:29.0931 0x14b8  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
23:21:29.0962 0x14b8  uagp35 - ok
23:21:29.0978 0x14b8  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:21:30.0025 0x14b8  udfs - ok
23:21:30.0040 0x14b8  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:21:30.0056 0x14b8  UI0Detect - ok
23:21:30.0071 0x14b8  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:21:30.0087 0x14b8  uliagpkx - ok
23:21:30.0087 0x14b8  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:21:30.0118 0x14b8  umbus - ok
23:21:30.0118 0x14b8  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
23:21:30.0134 0x14b8  UmPass - ok
23:21:30.0149 0x14b8  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
23:21:30.0181 0x14b8  UmRdpService - ok
23:21:30.0196 0x14b8  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
23:21:30.0227 0x14b8  upnphost - ok
23:21:30.0274 0x14b8  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
23:21:30.0337 0x14b8  usbaudio - ok
23:21:30.0352 0x14b8  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:21:30.0399 0x14b8  usbccgp - ok
23:21:30.0415 0x14b8  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:21:30.0477 0x14b8  usbcir - ok
23:21:30.0477 0x14b8  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
23:21:30.0508 0x14b8  usbehci - ok
23:21:30.0555 0x14b8  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:21:30.0617 0x14b8  usbhub - ok
23:21:30.0633 0x14b8  [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
23:21:30.0664 0x14b8  usbohci - ok
23:21:30.0664 0x14b8  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:21:30.0695 0x14b8  usbprint - ok
23:21:30.0727 0x14b8  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
23:21:30.0758 0x14b8  usbscan - ok
23:21:30.0789 0x14b8  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
23:21:30.0820 0x14b8  USBSTOR - ok
23:21:30.0836 0x14b8  [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
23:21:30.0851 0x14b8  usbuhci - ok
23:21:30.0883 0x14b8  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
23:21:30.0929 0x14b8  UxSms - ok
23:21:30.0945 0x14b8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
23:21:30.0945 0x14b8  VaultSvc - ok
23:21:30.0976 0x14b8  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:21:30.0992 0x14b8  vdrvroot - ok
23:21:31.0007 0x14b8  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
23:21:31.0039 0x14b8  vds - ok
23:21:31.0039 0x14b8  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:21:31.0054 0x14b8  vga - ok
23:21:31.0070 0x14b8  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:21:31.0101 0x14b8  VgaSave - ok
23:21:31.0101 0x14b8  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
23:21:31.0117 0x14b8  vhdmp - ok
23:21:31.0163 0x14b8  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
23:21:31.0163 0x14b8  viaide - ok
23:21:31.0195 0x14b8  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
23:21:31.0210 0x14b8  vmbus - ok
23:21:31.0226 0x14b8  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
23:21:31.0241 0x14b8  VMBusHID - ok
23:21:31.0273 0x14b8  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:21:31.0273 0x14b8  volmgr - ok
23:21:31.0288 0x14b8  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:21:31.0304 0x14b8  volmgrx - ok
23:21:31.0319 0x14b8  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:21:31.0335 0x14b8  volsnap - ok
23:21:31.0366 0x14b8  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
23:21:31.0382 0x14b8  vsmraid - ok
23:21:31.0429 0x14b8  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
23:21:31.0475 0x14b8  VSS - ok
23:21:31.0491 0x14b8  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
23:21:31.0507 0x14b8  vwifibus - ok
23:21:31.0522 0x14b8  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
23:21:31.0538 0x14b8  vwififlt - ok
23:21:31.0569 0x14b8  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
23:21:31.0585 0x14b8  W32Time - ok
23:21:31.0600 0x14b8  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
23:21:31.0616 0x14b8  WacomPen - ok
23:21:31.0647 0x14b8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:21:31.0663 0x14b8  WANARP - ok
23:21:31.0678 0x14b8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:21:31.0694 0x14b8  Wanarpv6 - ok
23:21:31.0741 0x14b8  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
23:21:31.0819 0x14b8  wbengine - ok
23:21:31.0834 0x14b8  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:21:31.0865 0x14b8  WbioSrvc - ok
23:21:31.0881 0x14b8  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:21:31.0912 0x14b8  wcncsvc - ok
23:21:31.0928 0x14b8  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:21:31.0959 0x14b8  WcsPlugInService - ok
23:21:31.0959 0x14b8  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
23:21:31.0975 0x14b8  Wd - ok
23:21:32.0006 0x14b8  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:21:32.0037 0x14b8  Wdf01000 - ok
23:21:32.0053 0x14b8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:21:32.0115 0x14b8  WdiServiceHost - ok
23:21:32.0131 0x14b8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:21:32.0146 0x14b8  WdiSystemHost - ok
23:21:32.0177 0x14b8  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
23:21:32.0193 0x14b8  WebClient - ok
23:21:32.0209 0x14b8  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:21:32.0240 0x14b8  Wecsvc - ok
23:21:32.0255 0x14b8  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:21:32.0287 0x14b8  wercplsupport - ok
23:21:32.0287 0x14b8  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:21:32.0318 0x14b8  WerSvc - ok
23:21:32.0333 0x14b8  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:21:32.0349 0x14b8  WfpLwf - ok
23:21:32.0365 0x14b8  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:21:32.0365 0x14b8  WIMMount - ok
23:21:32.0396 0x14b8  WinDefend - ok
23:21:32.0396 0x14b8  WinHttpAutoProxySvc - ok
23:21:32.0443 0x14b8  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:21:32.0474 0x14b8  Winmgmt - ok
23:21:32.0505 0x14b8  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
23:21:32.0567 0x14b8  WinRM - ok
23:21:32.0630 0x14b8  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
23:21:32.0661 0x14b8  WinUsb - ok
23:21:32.0692 0x14b8  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:21:32.0723 0x14b8  Wlansvc - ok
23:21:32.0723 0x14b8  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
23:21:32.0723 0x14b8  WmiAcpi - ok
23:21:32.0739 0x14b8  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:21:32.0770 0x14b8  wmiApSrv - ok
23:21:32.0786 0x14b8  WMPNetworkSvc - ok
23:21:32.0801 0x14b8  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:21:32.0833 0x14b8  WPCSvc - ok
23:21:32.0833 0x14b8  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:21:32.0864 0x14b8  WPDBusEnum - ok
23:21:32.0879 0x14b8  [ 7CA09731EB7FC99B910C7F239E57720F, 502F8917A0811F37C39B2B3F5E9B4F38A0E899C30CB29D3ECD87A50FF228E536 ] WPRO_41_2001    C:\Windows\system32\drivers\WPRO_41_2001.sys
23:21:32.0879 0x14b8  WPRO_41_2001 - ok
23:21:32.0911 0x14b8  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:21:32.0973 0x14b8  ws2ifsl - ok
23:21:32.0989 0x14b8  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
23:21:33.0004 0x14b8  wscsvc - ok
23:21:33.0004 0x14b8  WSearch - ok
23:21:33.0082 0x14b8  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:21:33.0145 0x14b8  wuauserv - ok
23:21:33.0176 0x14b8  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:21:33.0207 0x14b8  WudfPf - ok
23:21:33.0254 0x14b8  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:21:33.0285 0x14b8  WUDFRd - ok
23:21:33.0332 0x14b8  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:21:33.0347 0x14b8  wudfsvc - ok
23:21:33.0394 0x14b8  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:21:33.0457 0x14b8  WwanSvc - ok
23:21:33.0519 0x14b8  [ 2EE48CFCE7CA8E0DB4C44C7476C0943B, 2C324592F3F2D50BABA7123B6F9FC922667CC132777E019FF615F2D6F273A45E ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
23:21:33.0550 0x14b8  xusb21 - ok
23:21:33.0566 0x14b8  ================ Scan global ===============================
23:21:33.0581 0x14b8  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
23:21:33.0644 0x14b8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
23:21:33.0659 0x14b8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
23:21:33.0691 0x14b8  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
23:21:33.0737 0x14b8  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
23:21:33.0737 0x14b8  [ Global ] - ok
23:21:33.0737 0x14b8  ================ Scan MBR ==================================
23:21:33.0753 0x14b8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:21:34.0049 0x14b8  \Device\Harddisk0\DR0 - ok
23:21:34.0049 0x14b8  ================ Scan VBR ==================================
23:21:34.0049 0x14b8  [ A84EC378D1B68EFB66F79DD1B37DA2D9 ] \Device\Harddisk0\DR0\Partition1
23:21:34.0096 0x14b8  \Device\Harddisk0\DR0\Partition1 - ok
23:21:34.0096 0x14b8  [ AC0183CBFEDF55B7AB79FA40B977C338 ] \Device\Harddisk0\DR0\Partition2
23:21:34.0127 0x14b8  \Device\Harddisk0\DR0\Partition2 - ok
23:21:34.0127 0x14b8  ================ Scan generic autorun ======================
23:21:34.0439 0x14b8  [ 324B8DDDF70D28B7A767E0608256DF36, 2FA4AA3F5E6D9C16A50F986027708AF657ADE9AE2A286E4F7686A1DF510FC2C1 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
23:21:34.0939 0x14b8  RTHDVCPL - ok
23:21:34.0970 0x14b8  [ 4A0477ADCD07EC9D21257A2E456B16C5, CEF9C81730C12283A7600C3D921D89A62B14D1C46544B493F3AF7520DD2D1F79 ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
23:21:34.0985 0x14b8  IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 )
23:21:37.0809 0x14b8  Detect skipped due to KSN trusted
23:21:37.0809 0x14b8  IAStorIcon - ok
23:21:37.0903 0x14b8  [ EE73B56ED71EB6383F25FA5468923BB2, 0A13F25C55D97A3F86766BED449265514147D41ABB392C9451B9FB070EC7E8E4 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
23:21:37.0949 0x14b8  NvBackend - ok
23:21:37.0949 0x14b8  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
23:21:37.0965 0x14b8  ShadowPlay - ok
23:21:38.0168 0x14b8  [ 430FEA290AC80AB313D54AC5718219FB, 81254380E2C0E1AFEA0F447B6C19C2F2A7A87641CA81E2F55611E5E319730BFA ] C:\Program Files\Logitech Gaming Software\LCore.exe
23:21:38.0277 0x14b8  Launch LCore - ok
23:21:38.0558 0x14b8  [ ED43758BF94B8A5221D69F1B7F63F13D, F6E7418823E45085F4D4F50DD25A55ED517C0A335C6C2F69A1139B30677D3DA9 ] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
23:21:38.0620 0x14b8  XboxStat - ok
23:21:38.0651 0x14b8  [ 1907517A11D41C24BD3A8F9137E334B7, 18AC567D9F1284B5CF60D5E98759D691E1BB1DE2637E55CEBEE88C1B68C10CD9 ] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
23:21:38.0667 0x14b8  IMSS - ok
23:21:38.0714 0x14b8  [ 094E4E76FB9AB960A73F841BC6733F42, 01C1BFF17BEC6588E192EC4D7ACB74FC9B95ECA7CB8BB9585B04FC8EA73C3B43 ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
23:21:38.0761 0x14b8  USB3MON - ok
23:21:38.0885 0x14b8  [ 94F295B0A3182F6D4657372525FCEDED, BA31D107566BB0BB87AAE64D5C629F578FDAFA67AFAFD1DCF7E9B3C9C651E021 ] C:\Program Files (x86)\XFastUSB\XFastUsb.exe
23:21:38.0979 0x14b8  XFastUSB - ok
23:21:39.0026 0x14b8  [ 2AA5DD75EA1281432C40D22B5FD87D3A, 9868D4176C8F08EB72B0B992D3E2A480C587930CA025B4FDF3212F99B79C3017 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
23:21:39.0041 0x14b8  avgnt - ok
23:21:39.0104 0x14b8  [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
23:21:39.0119 0x14b8  Adobe ARM - ok
23:21:39.0182 0x14b8  [ 5516C26A6AF8EB4E2CAB48EC98A74398, 2BF161DE944090B3B3792AE8F5985FCB09744B3EE626E8253A3861D86284652D ] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
23:21:39.0197 0x14b8  HP Software Update - ok
23:21:39.0244 0x14b8  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:21:39.0338 0x14b8  Sidebar - ok
23:21:39.0385 0x14b8  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:21:39.0431 0x14b8  mctadmin - ok
23:21:39.0463 0x14b8  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:21:39.0494 0x14b8  Sidebar - ok
23:21:39.0509 0x14b8  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:21:39.0509 0x14b8  mctadmin - ok
23:21:39.0665 0x14b8  [ 6FA1F6B8090F04D581E16212886BD861, 1A0D90C6BC9EBE319BF4524FA0EA326073A256252377B860AF48AECE46B6DAC2 ] C:\Users\Thorben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
23:21:39.0697 0x14b8  Spotify Web Helper - ok
23:21:39.0697 0x14b8  Waiting for KSN requests completion. In queue: 223
23:21:40.0711 0x14b8  Waiting for KSN requests completion. In queue: 223
23:21:41.0725 0x14b8  Waiting for KSN requests completion. In queue: 15
23:21:42.0785 0x14b8  AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.6.548 ), 0x41000 ( enabled : updated )
23:21:42.0785 0x14b8  Win FW state via NFP2: enabled
23:21:45.0562 0x14b8  ============================================================
23:21:45.0562 0x14b8  Scan finished
23:21:45.0562 0x14b8  ============================================================
23:21:45.0562 0x1348  Detected object count: 0
23:21:45.0562 0x1348  Actual detected object count: 0
         
mbar log:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.08.28.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17207
Thorben :: THORBEN-PC [administrator]

28.08.2014 23:32:52
mbar-log-2014-08-28 (23-32-52).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 299267
Time elapsed: 6 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         


Alt 29.08.2014, 13:41   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Virus erstellt voip im Router - Standard

Virus erstellt voip im Router



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Virus erstellt voip im Router

Alt 30.08.2014, 17:05   #7
Swaley
 
Virus erstellt voip im Router - Standard

Virus erstellt voip im Router



Der Combofix log:

Code:
ATTFilter
ComboFix 14-08-29.03 - Thorben 30.08.2014  16:54:06.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8111.6307 [GMT 2:00]
ausgeführt von:: c:\users\Thorben\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Thorben\AppData\Roaming\Mozilla\Firefox\Profiles\1dthd3mz.default-1399824096976\search-metadata.json
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-07-28 bis 2014-08-30  ))))))))))))))))))))))))))))))
.
.
2014-08-30 14:58 . 2014-08-30 14:58	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-08-30 14:47 . 2014-08-30 14:47	94656	----a-w-	c:\windows\system32\WPRO_41_2001woem.tmp
2014-08-28 21:32 . 2014-08-28 21:42	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-08-27 21:13 . 2014-08-29 07:17	--------	d-----w-	c:\users\Thorben\Bewerbung
2014-08-27 17:25 . 2014-08-27 17:26	--------	d-----w-	C:\FRST
2014-08-26 18:42 . 2014-08-26 18:42	--------	d-----w-	c:\programdata\HitmanPro.Alert
2014-08-26 18:42 . 2014-08-30 14:27	--------	d-----w-	c:\windows\CryptoGuard
2014-08-26 09:58 . 2014-08-26 09:58	--------	d-----w-	c:\users\Thorben\AppData\Local\ElevatedDiagnostics
2014-08-26 08:29 . 2014-08-26 08:29	--------	d-----w-	c:\program files (x86)\StarCraft II
2014-08-24 17:20 . 2014-08-24 17:20	--------	d-----w-	c:\users\Thorben\AppData\Local\Adobe
2014-08-21 17:42 . 2014-08-21 17:42	--------	d-----w-	c:\program files (x86)\MSXML 4.0
2014-08-21 17:16 . 2014-08-21 17:16	--------	d-----w-	c:\windows\SysWow64\wbem\en-US
2014-08-21 17:16 . 2014-08-21 17:16	--------	d-----w-	c:\windows\system32\wbem\en-US
2014-08-21 17:14 . 2014-08-21 17:14	--------	d-----w-	c:\program files (x86)\Microsoft
2014-08-21 17:13 . 2013-10-14 16:00	28368	----a-w-	c:\windows\system32\IEUDINIT.EXE
2014-08-21 16:46 . 2014-08-21 16:48	--------	d-----w-	c:\windows\system32\MRT
2014-08-21 16:40 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2014-08-21 16:33 . 2012-07-26 03:08	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2014-08-21 16:33 . 2012-07-26 03:08	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2014-08-21 16:33 . 2012-07-26 03:08	744448	----a-w-	c:\windows\system32\WUDFx.dll
2014-08-21 16:33 . 2012-07-26 03:08	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2014-08-21 16:33 . 2012-07-26 03:08	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2014-08-21 16:33 . 2012-07-26 02:26	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2014-08-21 16:33 . 2012-07-26 02:26	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2014-08-21 16:21 . 2014-03-09 21:48	171160	----a-w-	c:\windows\system32\infocardapi.dll
2014-08-21 16:21 . 2014-03-09 21:48	1389208	----a-w-	c:\windows\system32\icardagt.exe
2014-08-21 16:21 . 2014-03-09 21:47	99480	----a-w-	c:\windows\SysWow64\infocardapi.dll
2014-08-21 16:21 . 2014-03-09 21:47	619672	----a-w-	c:\windows\SysWow64\icardagt.exe
2014-08-21 16:21 . 2014-06-30 22:24	8856	----a-w-	c:\windows\system32\icardres.dll
2014-08-21 16:21 . 2014-06-30 22:14	8856	----a-w-	c:\windows\SysWow64\icardres.dll
2014-08-21 16:20 . 2014-06-06 06:16	35480	----a-w-	c:\windows\SysWow64\TsWpfWrp.exe
2014-08-21 16:20 . 2014-06-06 06:12	35480	----a-w-	c:\windows\system32\TsWpfWrp.exe
2014-08-21 16:20 . 2014-08-21 16:20	--------	d-s---w-	c:\windows\system32\CompatTel
2014-08-21 15:57 . 2011-10-01 05:45	886784	----a-w-	c:\program files\Common Files\System\wab32.dll
2014-08-21 15:56 . 2013-07-25 09:25	1888768	----a-w-	c:\windows\system32\WMVDECOD.DLL
2014-08-21 15:55 . 2014-05-30 08:08	340992	----a-w-	c:\windows\system32\schannel.dll
2014-08-21 15:54 . 2014-02-04 02:32	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-08-21 15:54 . 2014-02-04 02:04	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2014-08-21 15:53 . 2014-07-02 17:44	609240	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2014-08-21 15:50 . 2014-07-02 20:48	4247000	----a-w-	c:\windows\system32\nvcuvid.dll
2014-08-21 15:50 . 2014-07-02 20:48	418760	----a-w-	c:\windows\SysWow64\nvEncodeAPI.dll
2014-08-21 15:50 . 2014-07-02 20:48	3989960	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2014-08-21 15:50 . 2014-07-02 20:48	22994208	----a-w-	c:\windows\system32\nvcompiler.dll
2014-08-21 15:50 . 2014-07-02 20:48	1890080	----a-w-	c:\windows\system32\nvdispco6434052.dll
2014-08-21 15:50 . 2014-07-02 20:48	17555104	----a-w-	c:\windows\system32\nvd3dumx.dll
2014-08-21 15:50 . 2014-07-02 20:48	1539928	----a-w-	c:\windows\system32\nvdispgenco6434052.dll
2014-08-21 15:50 . 2014-07-02 20:48	15294296	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2014-08-21 15:50 . 2014-07-02 20:48	13835208	----a-w-	c:\windows\system32\nvcuda.dll
2014-08-21 15:50 . 2014-07-02 20:48	11222048	----a-w-	c:\windows\SysWow64\nvcuda.dll
2014-08-21 15:46 . 2014-02-04 02:35	190912	----a-w-	c:\windows\system32\drivers\storport.sys
2014-08-21 15:46 . 2014-02-04 02:35	274880	----a-w-	c:\windows\system32\drivers\msiscsi.sys
2014-08-21 15:46 . 2014-02-04 02:35	27584	----a-w-	c:\windows\system32\drivers\Diskdump.sys
2014-08-21 15:46 . 2014-02-04 02:28	2048	----a-w-	c:\windows\system32\iologmsg.dll
2014-08-21 15:46 . 2014-02-04 02:00	2048	----a-w-	c:\windows\SysWow64\iologmsg.dll
2014-08-21 15:46 . 2012-11-23 03:13	68608	----a-w-	c:\windows\system32\taskhost.exe
2014-08-21 15:42 . 2012-05-05 08:36	503808	----a-w-	c:\windows\system32\srcore.dll
2014-08-21 15:41 . 2012-05-14 05:26	956928	----a-w-	c:\windows\system32\localspl.dll
2014-08-21 15:40 . 2014-08-07 02:06	529920	----a-w-	c:\windows\system32\aepdu.dll
2014-08-21 15:40 . 2014-08-07 02:01	424448	----a-w-	c:\windows\system32\aeinv.dll
2014-08-21 15:40 . 2013-10-12 02:30	830464	----a-w-	c:\windows\system32\nshwfp.dll
2014-08-21 15:40 . 2013-10-12 02:29	859648	----a-w-	c:\windows\system32\IKEEXT.DLL
2014-08-21 15:40 . 2013-10-12 02:29	324096	----a-w-	c:\windows\system32\FWPUCLNT.DLL
2014-08-21 15:40 . 2013-10-12 02:03	656896	----a-w-	c:\windows\SysWow64\nshwfp.dll
2014-08-21 15:40 . 2013-10-12 02:01	216576	----a-w-	c:\windows\SysWow64\FWPUCLNT.DLL
2014-08-19 13:34 . 2014-08-21 17:40	--------	d-----w-	c:\program files (x86)\Microsoft Works
2014-08-19 13:34 . 2014-08-19 13:34	--------	d-----w-	c:\windows\PCHEALTH
2014-08-19 13:32 . 2014-08-19 13:32	--------	d-----w-	c:\program files\Microsoft Office
2014-08-19 13:32 . 2014-08-19 13:32	--------	d-----w-	c:\users\Thorben\AppData\Local\Microsoft Help
2014-08-19 13:32 . 2014-08-21 17:41	--------	d-----w-	c:\programdata\Microsoft Help
2014-08-19 13:31 . 2014-08-19 13:31	--------	d-----r-	C:\MSOCache
2014-08-14 14:28 . 2014-08-14 14:28	--------	d-----w-	c:\users\Thorben\AppData\Local\Chromium
2014-08-14 14:20 . 2014-08-14 15:50	--------	d-----w-	c:\users\Thorben\AppData\Roaming\Might & Magic Heroes VI
2014-08-14 00:11 . 2014-08-14 00:11	159744	----a-w-	c:\windows\winhlq32.exe
2014-08-14 00:05 . 2010-08-30 06:34	536576	----a-w-	c:\windows\SysWow64\sqlite3.dll
2014-08-14 00:05 . 2014-08-27 16:47	--------	d-----w-	C:\AdwCleaner
2014-08-13 01:48 . 2014-08-13 01:50	--------	d-----w-	C:\ArcTemp
2014-08-13 01:47 . 2014-08-13 01:48	--------	d-----w-	c:\users\Thorben\AppData\Roaming\Arc
2014-08-13 01:45 . 2014-08-13 01:50	--------	d-----w-	c:\program files (x86)\Perfect World Entertainment
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-30 14:47 . 2014-05-03 14:58	34752	----a-w-	c:\windows\system32\drivers\WPRO_41_2001.sys
2014-08-28 21:32 . 2014-05-05 17:33	128728	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-28 21:31 . 2014-05-05 16:45	92888	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-08-13 17:24 . 2014-05-03 17:14	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-13 17:24 . 2014-05-03 17:14	699568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-06 08:07 . 2014-08-06 08:07	232896	----a-w-	c:\windows\apppatch\AppPatch64\SPVCLdr64.dll
2014-07-27 23:05 . 2014-07-25 16:27	297088	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2014-07-27 23:05 . 2014-07-25 15:42	297088	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2014-07-25 22:44 . 2014-07-25 16:27	297088	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2014-07-25 16:27 . 2014-07-25 16:27	76152	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2014-07-02 20:48 . 2014-05-03 20:24	31512520	----a-w-	c:\windows\system32\nvoglv64.dll
2014-07-02 20:48 . 2014-05-03 20:24	2814656	----a-w-	c:\windows\SysWow64\nvapi.dll
2014-07-02 20:48 . 2014-05-03 15:11	75040	----a-w-	c:\windows\system32\OpenCL.dll
2014-07-02 20:48 . 2014-05-03 15:11	61912	----a-w-	c:\windows\SysWow64\OpenCL.dll
2014-07-02 20:48 . 2014-05-03 15:07	18626304	----a-w-	c:\windows\system32\nvwgf2umx.dll
2014-07-02 20:48 . 2014-05-03 15:07	16122344	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2014-07-02 20:48 . 2014-05-03 15:07	965312	----a-w-	c:\windows\system32\nvumdshimx.dll
2014-07-02 20:48 . 2014-05-03 15:07	14498552	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2014-07-02 20:48 . 2014-05-03 15:07	3196816	----a-w-	c:\windows\system32\nvapi64.dll
2014-07-02 18:55 . 2014-05-03 15:11	6783776	----a-w-	c:\windows\system32\nvcpl.dll
2014-07-02 18:55 . 2014-05-03 15:11	3522392	----a-w-	c:\windows\system32\nvsvc64.dll
2014-07-02 18:55 . 2014-05-03 15:11	935368	----a-w-	c:\windows\system32\nvvsvc.exe
2014-07-02 18:55 . 2014-05-03 15:11	62808	----a-w-	c:\windows\system32\nvshext.dll
2014-07-02 18:55 . 2014-05-03 15:11	386520	----a-w-	c:\windows\system32\nvmctray.dll
2014-07-02 18:55 . 2014-05-03 15:11	2559960	----a-w-	c:\windows\system32\nvsvcr.dll
2014-07-02 10:14 . 2014-05-03 15:11	3826628	----a-w-	c:\windows\system32\nvcoproc.bin
2014-06-17 22:34 . 2014-05-03 15:19	32320	----a-w-	c:\windows\system32\drivers\FNETTBOH_305.SYS
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Thorben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-07-10 1178168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-09-03 134616]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"XFastUSB"="c:\program files (x86)\XFastUSB\XFastUsb.exe" [2014-05-03 6226624]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"Razer Imperator Driver"="c:\program files (x86)\Razer\Imperator\RazerImperatorSysTray.exe" [2012-02-09 979360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
iSCTsysTray.lnk - c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [2013-3-14 248296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe;c:\windows\SysWOW64\ASGT.exe [x]
R2 ASRockIOMon;ASRock IO Monitor Service;c:\program files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe;c:\program files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ArcService;Arc Service;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe [x]
R3 AsrHidFilter;AsrHidFilter;c:\windows\system32\DRIVERS\AsrHidFilter.sys;c:\windows\SYSNATIVE\DRIVERS\AsrHidFilter.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS;c:\windows\SYSNATIVE\drivers\FNETTBOH_305.SYS [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys;c:\windows\SYSNATIVE\DRIVERS\AsrRamDisk.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS;c:\windows\SYSNATIVE\drivers\FNETURPX.SYS [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 ISCTAgent;Intel(R) Smart Connect Technology Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe  [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 nldrv;nldrv;c:\program files\Locktime Software\NetLimiter 4\nldrv.sys;c:\program files\Locktime Software\NetLimiter 4\nldrv.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 ALSysIO;ALSysIO;c:\users\Thorben\AppData\Local\Temp\ALSysIO64.sys;c:\users\Thorben\AppData\Local\Temp\ALSysIO64.sys [x]
S3 AsrDrv101;AsrDrv101;c:\windows\SysWOW64\Drivers\AsrDrv101.sys;c:\windows\SysWOW64\Drivers\AsrDrv101.sys [x]
S3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
S4 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - avipbb
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-14 08:53	1104200	----a-w-	c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-03 17:24]
.
2014-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-03 16:27]
.
2014-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-03 16:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-07-26 13636824]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-08-07 36352]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-02-05 1179576]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 7406392]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Thorben\AppData\Roaming\Mozilla\Firefox\Profiles\1dthd3mz.default-1399824096976\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Fatal1tySTU - (no file)
Wow6432Node-HKCU-Run-ASRockHDMISwitch - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-08-30  17:00:29
ComboFix-quarantined-files.txt  2014-08-30 15:00
.
Vor Suchlauf: 12 Verzeichnis(se), 724.024.303.616 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 723.672.002.560 Bytes frei
.
- - End Of File - - D7C3833386B743B20C2CD53AA13AC1D0
A36C5E4F47E84449FF07ED3517B43A31
         
Gibt es eine Möglichkeit, dass der Virus sich auf dem Router befindet ?

Vielen Dank für deine Hilfe.

Alt 30.08.2014, 17:06   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Virus erstellt voip im Router - Standard

Virus erstellt voip im Router



Logo. Ich würde das DIng eh einmal auf Werkseinstellungen zurücksetzen.


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 31.08.2014, 10:22   #9
Swaley
 
Virus erstellt voip im Router - Standard

Virus erstellt voip im Router



Mbam log:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 31.08.2014
Suchlauf-Zeit: 09:47:54
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.31.01
Rootkit Datenbank: v2014.08.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Thorben

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 312093
Verstrichene Zeit: 7 Min, 48 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 2
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, In Quarantäne, [d4c5ffcaf48763d31ef76eea34d057a9], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, In Quarantäne, [3960facf27540e284fc55ff96f95de22], 

Registrierungswerte: 1
PUP.Optional.QuickStart.A, HKU\S-1-5-21-761638862-2947245423-882755344-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, quick_start@gmail.com, In Quarantäne, [e6b3943591ea83b36249a15a956dab55]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 2
PUP.Optional.SearchProtect.A, C:\Windows\AppPatch\AppPatch64\SPVCLdr64.dll, In Quarantäne, [7d1cf2d76d0ece68c8f91980aa571ce4], 
PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, In Quarantäne, [f1a83a8fef8c76c08890bb9d1be9a858], 

Physische Sektoren: 0
(No malicious items detected)


(end)
         
Adw log:

Code:
ATTFilter
# AdwCleaner v3.308 - Bericht erstellt am 31/08/2014 um 10:05:13
# Aktualisiert 20/08/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Thorben - THORBEN-PC
# Gestartet von : C:\Users\Thorben\Desktop\adwcleaner_3.308.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\Thorben\AppData\Roaming\Mozilla\Firefox\Profiles\1dthd3mz.default-1399824096976\prefs.js ]


-\\ Google Chrome v36.0.1985.143

[ Datei : C:\Users\Thorben\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3320324&octid=EB_ORIGINAL_CTID&ISID=M9FEC8BBC-1EBC-407B-80E9-96701BEF61BF&SearchSource=58&CUI=&UM=6&UP=SP09328ECB-F0F2-45D3-9CFD-4122C82E6F2E&q={searchTerms}&SSPV=

*************************

AdwCleaner[R0].txt - [3817 octets] - [14/08/2014 02:05:28]
AdwCleaner[R1].txt - [3706 octets] - [14/08/2014 02:15:28]
AdwCleaner[R2].txt - [1600 octets] - [26/08/2014 05:35:05]
AdwCleaner[R3].txt - [1354 octets] - [27/08/2014 18:47:14]
AdwCleaner[R4].txt - [1711 octets] - [31/08/2014 10:03:22]
AdwCleaner[S0].txt - [3036 octets] - [14/08/2014 02:07:03]
AdwCleaner[S1].txt - [3695 octets] - [14/08/2014 02:16:16]
AdwCleaner[S2].txt - [1661 octets] - [26/08/2014 05:35:54]
AdwCleaner[S3].txt - [1415 octets] - [27/08/2014 18:47:51]
AdwCleaner[S4].txt - [1632 octets] - [31/08/2014 10:05:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1692 octets] ##########
         
JRT log:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Professional x64
Ran by Thorben on 31.08.2014 at 10:11:20,05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\Thorben\AppData\Roaming\mozilla\firefox\profiles\1dthd3mz.default-1399824096976\minidumps [93 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.08.2014 at 10:12:33,63
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST Log:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-08-2014
Ran by Thorben (administrator) on THORBEN-PC on 31-08-2014 10:14:10
Running from C:\Users\Thorben\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\SysWOW64\ASGT.exe
() C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Users\Thorben\Downloads\Core Temp\Core Temp.exe
() C:\Program Files (x86)\ASRock Utility\HDMISwitch\Bin\HDMISwitch.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Spotify Ltd) C:\Users\Thorben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Razer USA Ltd) C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7406392 2012-11-29] (Logitech Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-03] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [6226624 2014-05-03] (FNet Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Imperator Driver] => C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe [979360 2012-02-09] (Razer USA Ltd)
HKU\S-1-5-21-761638862-2947245423-882755344-1000\...\Run: [Spotify Web Helper] => C:\Users\Thorben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-10] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1C23934DE566CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Thorben\AppData\Roaming\Mozilla\Firefox\Profiles\1dthd3mz.default-1399824096976
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: YouTube Unblocker - C:\Users\Thorben\AppData\Roaming\Mozilla\Firefox\Profiles\1dthd3mz.default-1399824096976\Extensions\youtubeunblocker@unblocker.yt [2014-06-02]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-05-11]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSearchURL: Default -> hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3320324&octid=EB_ORIGINAL_CTID&ISID=M9FEC8BBC-1EBC-407B-80E9-96701BEF61BF&SearchSource=58&CUI=&UM=6&UP=SP09328ECB-F0F2-45D3-9CFD-4122C82E6F2E&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\Thorben\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Thorben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-03]
CHR Extension: (Google Drive) - C:\Users\Thorben\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-03]
CHR Extension: (YouTube) - C:\Users\Thorben\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-03]
CHR Extension: (Google-Suche) - C:\Users\Thorben\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-03]
CHR Extension: (Tampermonkey) - C:\Users\Thorben\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-05-03]
CHR Extension: (CnC TA Script Collection) - C:\Users\Thorben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmhpmdclklpgfcpoiomjofgfagenmgeo [2014-05-03]
CHR Extension: (Google Wallet) - C:\Users\Thorben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-03]
CHR Extension: (Google Mail) - C:\Users\Thorben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-08-12] (Perfect World Entertainment Inc)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 ASRockIOMon; C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe [454656 2013-05-28] () [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [182248 2013-03-14] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 nlsvc; C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe [328832 2014-07-09] (Locktime Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-07-25] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2014-05-03] (ASRock Incorporation)
S3 AsrHidFilter; C:\Windows\System32\DRIVERS\AsrHidFilter.sys [20232 2013-09-09] (ASRock Inc.)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [40200 2013-05-09] (ASRock Inc.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-06-18] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2014-05-03] (FNet Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21048 2013-03-14] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21048 2013-03-14] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-03-14] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R2 nldrv; C:\Program Files\Locktime Software\NetLimiter 4\nldrv.sys [107952 2014-07-09] (Locktime Software)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-08-31] ()
R3 ALSysIO; \??\C:\Users\Thorben\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-31 10:12 - 2014-08-31 10:12 - 00000868 _____ () C:\Users\Thorben\Desktop\JRT.txt
2014-08-31 10:11 - 2014-08-31 10:11 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-08-31 10:09 - 2014-08-31 10:09 - 00000000 ____D () C:\Windows\ERUNT
2014-08-31 10:07 - 2014-08-31 10:07 - 01016261 _____ (Thisisu) C:\Users\Thorben\Desktop\JRT.exe
2014-08-31 10:02 - 2014-08-31 10:02 - 01364531 _____ () C:\Users\Thorben\Desktop\adwcleaner_3.308.exe
2014-08-31 10:01 - 2014-08-31 10:01 - 00001976 _____ () C:\Users\Thorben\Desktop\mbam.txt
2014-08-31 09:45 - 2014-08-31 09:45 - 00003136 _____ () C:\Windows\System32\Tasks\{1C6EF767-7B90-4C2A-B9F0-8AAC062DBDD6}
2014-08-31 09:43 - 2014-08-31 09:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-08-31 04:34 - 2014-08-31 04:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2014-08-31 04:24 - 2014-08-31 04:24 - 00291856 _____ () C:\Windows\Minidump\083114-20295-01.dmp
2014-08-31 04:20 - 2014-08-31 04:20 - 00291992 _____ () C:\Windows\Minidump\083114-18564-01.dmp
2014-08-31 04:17 - 2014-08-31 05:26 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-08-31 02:26 - 2014-08-31 02:26 - 00266288 _____ () C:\Windows\Minidump\083114-21418-01.dmp
2014-08-31 02:24 - 2014-08-31 04:34 - 00001156 _____ () C:\Users\Public\Desktop\Diablo III.lnk
2014-08-30 17:01 - 2014-08-30 17:03 - 149527616 _____ () C:\Users\Thorben\Downloads\avira_free_antivirus_de_14.0.6.570.exe
2014-08-30 17:00 - 2014-08-30 17:00 - 00024831 _____ () C:\ComboFix.txt
2014-08-30 16:52 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-30 16:52 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-30 16:52 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-30 16:52 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-30 16:52 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-30 16:52 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-30 16:52 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-30 16:52 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-30 16:49 - 2014-08-30 17:00 - 00000000 ____D () C:\Qoobox
2014-08-30 16:49 - 2014-08-30 16:59 - 00000000 ____D () C:\Windows\erdnt
2014-08-30 16:34 - 2014-08-30 16:35 - 05576760 ____R (Swearware) C:\Users\Thorben\Desktop\ComboFix.exe
2014-08-28 23:32 - 2014-08-31 09:58 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-28 23:31 - 2014-08-28 23:42 - 00000000 ____D () C:\Users\Thorben\Desktop\mbar
2014-08-28 23:28 - 2014-08-28 23:28 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Thorben\Desktop\mbar-1.07.0.1012.exe
2014-08-28 23:16 - 2014-08-28 23:16 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Thorben\Desktop\tdsskiller.exe
2014-08-27 23:13 - 2014-08-29 09:17 - 00000000 ____D () C:\Users\Thorben\Bewerbung
2014-08-27 21:49 - 2014-08-27 21:51 - 00011003 _____ () C:\Users\Thorben\Desktop\WinRAR-ZIP-Archiv (neu).zip
2014-08-27 19:51 - 2014-08-27 19:51 - 00047000 _____ () C:\Users\Thorben\Desktop\Gmer.txt
2014-08-27 19:35 - 2014-08-27 19:35 - 00380416 _____ () C:\Users\Thorben\Desktop\Gmer-19357.exe
2014-08-27 19:26 - 2014-08-27 19:26 - 00040480 _____ () C:\Users\Thorben\Desktop\Addition.txt
2014-08-27 19:25 - 2014-08-31 10:14 - 00016918 _____ () C:\Users\Thorben\Desktop\FRST.txt
2014-08-27 19:25 - 2014-08-31 10:14 - 00000000 ____D () C:\FRST
2014-08-27 19:23 - 2014-08-31 10:13 - 02103808 _____ (Farbar) C:\Users\Thorben\Desktop\FRST64.exe
2014-08-26 20:42 - 2014-08-30 16:27 - 00000000 ____D () C:\Windows\CryptoGuard
2014-08-26 20:42 - 2014-08-26 20:42 - 01889616 _____ (SurfRight B.V.) C:\Users\Thorben\Downloads\hmpalert.exe
2014-08-26 20:42 - 2014-08-26 20:42 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2014-08-26 10:31 - 2014-08-31 04:24 - 553393440 _____ () C:\Windows\MEMORY.DMP
2014-08-26 10:31 - 2014-08-31 04:24 - 00000000 ____D () C:\Windows\Minidump
2014-08-26 10:31 - 2014-08-26 10:31 - 00291984 _____ () C:\Windows\Minidump\082614-14289-01.dmp
2014-08-26 10:29 - 2014-08-26 10:29 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-08-24 19:20 - 2014-08-24 19:20 - 00000000 ____D () C:\Users\Thorben\AppData\Local\Adobe
2014-08-21 19:42 - 2014-08-21 19:42 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-08-21 19:14 - 2014-08-21 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2014-08-21 19:13 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-08-21 19:09 - 2014-08-21 19:09 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-21 19:09 - 2014-08-21 19:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-21 19:09 - 2014-08-21 19:09 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-21 19:09 - 2014-08-21 19:09 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-21 19:09 - 2014-08-21 19:09 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-08-21 19:09 - 2014-08-21 19:09 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-08-21 19:09 - 2014-08-21 19:09 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-08-21 19:09 - 2014-08-21 19:09 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-08-21 19:09 - 2014-08-21 19:09 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-08-21 19:09 - 2014-08-21 19:09 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-08-21 19:09 - 2014-08-21 19:09 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-21 19:07 - 2014-08-21 19:13 - 00012611 _____ () C:\Windows\IE11_main.log
2014-08-21 18:46 - 2014-08-21 18:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-21 18:46 - 2014-07-31 23:41 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-21 18:43 - 2014-08-21 19:42 - 00289976 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-08-21 18:40 - 2010-02-23 10:16 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2014-08-21 18:33 - 2012-07-26 05:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-08-21 18:33 - 2012-07-26 05:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-08-21 18:33 - 2012-07-26 05:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-08-21 18:33 - 2012-07-26 05:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-08-21 18:33 - 2012-07-26 05:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-08-21 18:33 - 2012-07-26 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-08-21 18:33 - 2012-07-26 04:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-08-21 18:33 - 2012-06-02 16:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-08-21 18:21 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-21 18:21 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-21 18:21 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-21 18:21 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-21 18:21 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-21 18:21 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-21 18:20 - 2014-08-21 18:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-21 18:20 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-21 18:20 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-21 18:17 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-08-21 18:17 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-08-21 18:17 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-08-21 18:17 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-08-21 18:17 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-08-21 18:17 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-08-21 18:17 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-08-21 18:17 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-08-21 18:17 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-08-21 18:17 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-08-21 18:17 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-08-21 18:17 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-08-21 18:17 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-08-21 18:17 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-08-21 18:17 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-08-21 18:17 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-08-21 18:17 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-08-21 18:17 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-08-21 18:17 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-08-21 18:17 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-08-21 18:17 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-08-21 18:17 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2014-08-21 18:17 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-08-21 18:17 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-08-21 17:57 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-08-21 17:57 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-08-21 17:57 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 17:57 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-08-21 17:57 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-08-21 17:57 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-08-21 17:57 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-08-21 17:57 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-08-21 17:57 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-08-21 17:57 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-08-21 17:57 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-08-21 17:57 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-08-21 17:57 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-08-21 17:57 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-08-21 17:57 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-08-21 17:57 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-08-21 17:57 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-08-21 17:57 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-08-21 17:57 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-08-21 17:57 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-08-21 17:57 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-08-21 17:57 - 2014-01-01 01:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-21 17:57 - 2014-01-01 01:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-08-21 17:57 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-08-21 17:57 - 2013-11-23 20:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-08-21 17:57 - 2013-11-23 19:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-08-21 17:57 - 2013-10-04 04:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-08-21 17:57 - 2013-10-04 04:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-08-21 17:57 - 2013-10-04 03:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2014-08-21 17:57 - 2013-10-04 03:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2014-08-21 17:57 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-08-21 17:57 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-08-21 17:57 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-08-21 17:57 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-08-21 17:57 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-08-21 17:57 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2014-08-21 17:57 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2014-08-21 17:57 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2014-08-21 17:57 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-08-21 17:57 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-08-21 17:57 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-08-21 17:57 - 2013-04-26 01:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-08-21 17:57 - 2013-04-01 00:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-08-21 17:57 - 2012-01-04 12:44 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2014-08-21 17:57 - 2012-01-04 10:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2014-08-21 17:57 - 2011-12-30 08:26 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2014-08-21 17:57 - 2011-12-30 07:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2014-08-21 17:57 - 2011-07-09 04:46 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-08-21 17:57 - 2011-05-04 07:25 - 02315776 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2014-08-21 17:57 - 2011-05-04 07:22 - 02223616 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2014-08-21 17:57 - 2011-05-04 07:22 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2014-08-21 17:57 - 2011-05-04 07:22 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2014-08-21 17:57 - 2011-05-04 07:22 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2014-08-21 17:57 - 2011-05-04 07:22 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2014-08-21 17:57 - 2011-05-04 07:19 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2014-08-21 17:57 - 2011-05-04 07:19 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2014-08-21 17:57 - 2011-05-04 07:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2014-08-21 17:57 - 2011-05-04 06:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2014-08-21 17:57 - 2011-05-04 06:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2014-08-21 17:57 - 2011-05-04 06:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2014-08-21 17:57 - 2011-05-04 06:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2014-08-21 17:57 - 2011-05-04 06:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2014-08-21 17:57 - 2011-05-04 06:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2014-08-21 17:57 - 2011-05-04 06:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2014-08-21 17:57 - 2011-05-04 06:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2014-08-21 17:57 - 2011-05-04 06:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2014-08-21 17:57 - 2011-04-27 04:40 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-08-21 17:57 - 2011-04-27 04:39 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-08-21 17:57 - 2011-03-11 08:34 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2014-08-21 17:57 - 2011-03-11 08:34 - 01359872 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2014-08-21 17:57 - 2011-03-11 07:33 - 01164288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2014-08-21 17:57 - 2011-03-11 07:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2014-08-21 17:57 - 2010-12-23 12:42 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2014-08-21 17:57 - 2010-12-23 12:42 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2014-08-21 17:57 - 2010-12-23 12:36 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2014-08-21 17:57 - 2010-12-23 07:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2014-08-21 17:57 - 2010-12-23 07:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2014-08-21 17:57 - 2010-12-23 07:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2014-08-21 17:56 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-21 17:56 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-21 17:56 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-21 17:56 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-21 17:56 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-21 17:56 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-21 17:56 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-21 17:56 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-21 17:56 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-21 17:56 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-21 17:56 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-08-21 17:56 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-08-21 17:56 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-08-21 17:56 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-08-21 17:56 - 2013-12-25 00:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-08-21 17:56 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-08-21 17:56 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-08-21 17:56 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-08-21 17:56 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-08-21 17:56 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-08-21 17:56 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-08-21 17:56 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-08-21 17:56 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-08-21 17:56 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-08-21 17:56 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-08-21 17:56 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-08-21 17:56 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-08-21 17:56 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-08-21 17:56 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2014-08-21 17:56 - 2012-11-02 07:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2014-08-21 17:56 - 2012-11-02 07:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2014-08-21 17:56 - 2012-10-03 19:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2014-08-21 17:56 - 2012-10-03 19:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2014-08-21 17:56 - 2012-10-03 19:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2014-08-21 17:56 - 2012-10-03 19:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2014-08-21 17:56 - 2012-10-03 19:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2014-08-21 17:56 - 2012-10-03 19:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-08-21 17:56 - 2012-10-03 18:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2014-08-21 17:56 - 2012-10-03 18:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2014-08-21 17:56 - 2012-10-03 18:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2014-08-21 17:56 - 2012-10-03 18:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-08-21 17:56 - 2012-05-01 07:40 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-08-21 17:56 - 2012-03-17 09:58 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2014-08-21 17:56 - 2012-01-13 09:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2014-08-21 17:56 - 2011-08-17 07:26 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2014-08-21 17:56 - 2011-08-17 07:25 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2014-08-21 17:56 - 2011-08-17 06:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2014-08-21 17:56 - 2011-08-17 06:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2014-08-21 17:56 - 2011-03-03 08:24 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-08-21 17:56 - 2011-03-03 08:24 - 00183296 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-08-21 17:56 - 2011-03-03 08:21 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2014-08-21 17:56 - 2011-03-03 07:38 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2014-08-21 17:56 - 2011-03-03 07:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2014-08-21 17:55 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-21 17:55 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-21 17:55 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-08-21 17:55 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-08-21 17:55 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-08-21 17:55 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-08-21 17:55 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-08-21 17:55 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-08-21 17:55 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-08-21 17:55 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-08-21 17:55 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-08-21 17:55 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-08-21 17:55 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-08-21 17:55 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-08-21 17:55 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-08-21 17:55 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-08-21 17:55 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-08-21 17:55 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-08-21 17:55 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-08-21 17:55 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-08-21 17:55 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-08-21 17:55 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-08-21 17:55 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-08-21 17:55 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-08-21 17:55 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-08-21 17:55 - 2013-10-03 04:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-21 17:55 - 2013-10-03 04:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-21 17:55 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-08-21 17:55 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-08-21 17:55 - 2013-07-04 14:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-08-21 17:55 - 2013-05-10 07:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-08-21 17:55 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2014-08-21 17:55 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-08-21 17:55 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2014-08-21 17:55 - 2012-09-26 00:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2014-08-21 17:55 - 2012-09-26 00:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2014-08-21 17:55 - 2011-03-11 08:41 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2014-08-21 17:55 - 2011-03-11 08:41 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2014-08-21 17:55 - 2011-03-11 08:41 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2014-08-21 17:55 - 2011-03-11 08:41 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2014-08-21 17:55 - 2011-03-11 08:41 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2014-08-21 17:55 - 2011-03-11 08:33 - 02565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2014-08-21 17:55 - 2011-03-11 08:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2014-08-21 17:55 - 2011-03-11 07:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2014-08-21 17:55 - 2011-03-11 07:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2014-08-21 17:55 - 2011-03-11 06:37 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-08-21 17:55 - 2011-02-05 19:10 - 00642944 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-08-21 17:55 - 2011-02-05 19:10 - 00020352 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll
2014-08-21 17:55 - 2011-02-05 19:10 - 00019328 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll
2014-08-21 17:55 - 2011-02-05 19:10 - 00017792 _____ (Microsoft Corporation) C:\Windows\system32\kdcom.dll
2014-08-21 17:55 - 2011-02-05 19:06 - 00605552 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-08-21 17:55 - 2011-02-05 19:06 - 00566208 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-08-21 17:55 - 2011-02-05 19:06 - 00518672 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-08-21 17:54 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-08-21 17:54 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-08-21 17:53 - 2014-07-02 19:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-08-21 17:51 - 2014-07-02 22:48 - 24196896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 13922752 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 12866008 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-08-21 17:51 - 2014-07-02 22:48 - 11283344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 00944928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 00907096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 00903624 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 00869152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 00846832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 00502232 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 00391640 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 00348120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-08-21 17:50 - 2014-07-02 22:48 - 22994208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-08-21 17:50 - 2014-07-02 22:48 - 17555104 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-08-21 17:50 - 2014-07-02 22:48 - 15294296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-08-21 17:50 - 2014-07-02 22:48 - 13835208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-08-21 17:50 - 2014-07-02 22:48 - 11222048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-08-21 17:50 - 2014-07-02 22:48 - 04247000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-08-21 17:50 - 2014-07-02 22:48 - 03989960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-08-21 17:50 - 2014-07-02 22:48 - 01890080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434052.dll
2014-08-21 17:50 - 2014-07-02 22:48 - 01539928 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434052.dll
2014-08-21 17:50 - 2014-07-02 22:48 - 00418760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-08-21 17:46 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-08-21 17:46 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-08-21 17:46 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-08-21 17:46 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-08-21 17:46 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-08-21 17:46 - 2012-11-23 05:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-08-21 17:45 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-08-21 17:45 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-08-21 17:45 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-08-21 17:45 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-08-21 17:45 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-08-21 17:45 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-08-21 17:45 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-08-21 17:45 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-08-21 17:45 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-08-21 17:45 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-08-21 17:45 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-08-21 17:45 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-08-21 17:45 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-08-21 17:42 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-08-21 17:42 - 2013-10-12 04:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-08-21 17:42 - 2013-10-12 04:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-08-21 17:42 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-08-21 17:42 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-08-21 17:42 - 2013-10-12 03:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-08-21 17:42 - 2013-10-12 03:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-08-21 17:42 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-08-21 17:42 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-08-21 17:42 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2014-08-21 17:42 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-08-21 17:42 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2014-08-21 17:42 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2014-08-21 17:42 - 2012-05-05 10:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-08-21 17:42 - 2012-05-05 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-08-21 17:41 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-21 17:41 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-21 17:41 - 2012-06-06 08:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2014-08-21 17:41 - 2012-06-06 07:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2014-08-21 17:41 - 2012-05-14 07:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-08-21 17:41 - 2012-02-17 08:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-08-21 17:41 - 2012-02-17 07:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2014-08-21 17:41 - 2012-02-17 06:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-08-21 17:41 - 2011-10-15 08:31 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2014-08-21 17:41 - 2011-10-15 07:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2014-08-21 17:41 - 2011-08-27 07:37 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-08-21 17:41 - 2011-08-27 07:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2014-08-21 17:41 - 2011-08-27 06:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-08-21 17:41 - 2011-08-27 06:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2014-08-21 17:41 - 2011-02-23 06:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2014-08-21 17:40 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-21 17:40 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-21 17:40 - 2013-10-12 04:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-08-21 17:40 - 2013-10-12 04:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-08-21 17:40 - 2013-10-12 04:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-08-21 17:40 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-08-21 17:40 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-08-19 15:34 - 2014-08-21 19:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-08-19 15:34 - 2014-08-19 15:34 - 00000000 ____D () C:\Windows\PCHEALTH
2014-08-19 15:34 - 2014-08-19 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-08-19 15:32 - 2014-08-21 19:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-19 15:32 - 2014-08-19 15:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-08-19 15:32 - 2014-08-19 15:32 - 00000000 ____D () C:\Users\Thorben\AppData\Local\Microsoft Help
2014-08-19 15:32 - 2014-08-19 15:32 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-08-19 15:31 - 2014-08-19 15:31 - 00000000 ___RD () C:\MSOCache
2014-08-14 16:28 - 2014-08-14 16:28 - 00000000 ____D () C:\Users\Thorben\AppData\Local\Chromium
2014-08-14 16:20 - 2014-08-14 17:50 - 00000000 ____D () C:\Users\Thorben\AppData\Roaming\Might & Magic Heroes VI
2014-08-14 16:20 - 2014-08-14 16:48 - 00000000 ____D () C:\Users\Thorben\Documents\Might & Magic Heroes VI
2014-08-14 16:19 - 2014-08-25 04:36 - 00035140 _____ () C:\Windows\DirectX.log
2014-08-14 02:17 - 2014-08-31 10:11 - 00019022 _____ () C:\Windows\setupact.log
2014-08-14 02:17 - 2014-08-14 02:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-14 02:16 - 2014-08-31 10:10 - 00343624 _____ () C:\Windows\PFRO.log
2014-08-14 02:11 - 2014-08-14 02:11 - 00159744 _____ () C:\Windows\winhlq32.exe
2014-08-14 02:11 - 2014-08-14 02:11 - 00003612 _____ () C:\Windows\System32\Tasks\AnwendungserfahrungFunctionauf
2014-08-14 02:05 - 2014-08-31 10:05 - 00000000 ____D () C:\AdwCleaner
2014-08-14 02:05 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-13 03:48 - 2014-08-13 03:50 - 00000000 ____D () C:\ArcTemp
2014-08-13 03:47 - 2014-08-13 03:48 - 00000000 ____D () C:\Users\Thorben\AppData\Roaming\Arc
2014-08-13 03:45 - 2014-08-13 03:50 - 00000000 ____D () C:\Program Files (x86)\Perfect World Entertainment
2014-08-13 03:45 - 2014-08-13 03:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2014-08-06 21:45 - 2014-08-06 21:45 - 00000000 ____D () C:\Users\Thorben\Documents\SimCity
2014-08-01 16:07 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 16:07 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 16:07 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 16:07 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 16:07 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 16:07 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 16:07 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 16:07 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 16:07 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 16:07 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 16:07 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 16:07 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 16:07 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 16:07 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-31 10:14 - 2014-08-27 19:25 - 00016918 _____ () C:\Users\Thorben\Desktop\FRST.txt
2014-08-31 10:14 - 2014-08-27 19:25 - 00000000 ____D () C:\FRST
2014-08-31 10:14 - 2014-05-05 18:22 - 01731469 _____ () C:\Windows\WindowsUpdate.log
2014-08-31 10:13 - 2014-08-27 19:23 - 02103808 _____ (Farbar) C:\Users\Thorben\Desktop\FRST64.exe
2014-08-31 10:12 - 2014-08-31 10:12 - 00000868 _____ () C:\Users\Thorben\Desktop\JRT.txt
2014-08-31 10:11 - 2014-08-31 10:11 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-08-31 10:11 - 2014-08-14 02:17 - 00019022 _____ () C:\Windows\setupact.log
2014-08-31 10:11 - 2014-06-23 13:28 - 00002988 _____ () C:\Windows\System32\Tasks\HDMISwitch
2014-08-31 10:11 - 2014-05-03 18:27 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-31 10:11 - 2014-05-03 16:58 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-08-31 10:10 - 2014-08-14 02:16 - 00343624 _____ () C:\Windows\PFRO.log
2014-08-31 10:10 - 2014-05-03 17:11 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-31 10:10 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-31 10:10 - 2009-07-14 06:45 - 00031280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-31 10:10 - 2009-07-14 06:45 - 00031280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-31 10:09 - 2014-08-31 10:09 - 00000000 ____D () C:\Windows\ERUNT
2014-08-31 10:07 - 2014-08-31 10:07 - 01016261 _____ (Thisisu) C:\Users\Thorben\Desktop\JRT.exe
2014-08-31 10:05 - 2014-08-14 02:05 - 00000000 ____D () C:\AdwCleaner
2014-08-31 10:04 - 2010-11-21 08:50 - 00700454 _____ () C:\Windows\system32\perfh007.dat
2014-08-31 10:04 - 2010-11-21 08:50 - 00150092 _____ () C:\Windows\system32\perfc007.dat
2014-08-31 10:04 - 2009-07-14 07:13 - 01624034 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-31 10:02 - 2014-08-31 10:02 - 01364531 _____ () C:\Users\Thorben\Desktop\adwcleaner_3.308.exe
2014-08-31 10:01 - 2014-08-31 10:01 - 00001976 _____ () C:\Users\Thorben\Desktop\mbam.txt
2014-08-31 09:59 - 2014-05-05 19:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-31 09:58 - 2014-08-28 23:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-31 09:52 - 2014-05-03 18:27 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-31 09:45 - 2014-08-31 09:45 - 00003136 _____ () C:\Windows\System32\Tasks\{1C6EF767-7B90-4C2A-B9F0-8AAC062DBDD6}
2014-08-31 09:43 - 2014-08-31 09:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-08-31 09:22 - 2014-05-18 14:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-31 09:18 - 2014-05-03 17:40 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-31 06:02 - 2014-05-03 18:57 - 00000000 ____D () C:\Users\Thorben\AppData\Local\Battle.net
2014-08-31 05:26 - 2014-08-31 04:17 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-08-31 04:34 - 2014-08-31 04:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2014-08-31 04:34 - 2014-08-31 02:24 - 00001156 _____ () C:\Users\Public\Desktop\Diablo III.lnk
2014-08-31 04:24 - 2014-08-31 04:24 - 00291856 _____ () C:\Windows\Minidump\083114-20295-01.dmp
2014-08-31 04:24 - 2014-08-26 10:31 - 553393440 _____ () C:\Windows\MEMORY.DMP
2014-08-31 04:24 - 2014-08-26 10:31 - 00000000 ____D () C:\Windows\Minidump
2014-08-31 04:20 - 2014-08-31 04:20 - 00291992 _____ () C:\Windows\Minidump\083114-18564-01.dmp
2014-08-31 02:26 - 2014-08-31 02:26 - 00266288 _____ () C:\Windows\Minidump\083114-21418-01.dmp
2014-08-31 02:07 - 2014-05-03 22:41 - 00000000 ____D () C:\Users\Thorben\AppData\Local\CrashDumps
2014-08-30 17:03 - 2014-08-30 17:01 - 149527616 _____ () C:\Users\Thorben\Downloads\avira_free_antivirus_de_14.0.6.570.exe
2014-08-30 17:00 - 2014-08-30 17:00 - 00024831 _____ () C:\ComboFix.txt
2014-08-30 17:00 - 2014-08-30 16:49 - 00000000 ____D () C:\Qoobox
2014-08-30 16:59 - 2014-08-30 16:49 - 00000000 ____D () C:\Windows\erdnt
2014-08-30 16:58 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-30 16:47 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-30 16:35 - 2014-08-30 16:34 - 05576760 ____R (Swearware) C:\Users\Thorben\Desktop\ComboFix.exe
2014-08-30 16:27 - 2014-08-26 20:42 - 00000000 ____D () C:\Windows\CryptoGuard
2014-08-29 09:17 - 2014-08-27 23:13 - 00000000 ____D () C:\Users\Thorben\Bewerbung
2014-08-28 23:42 - 2014-08-28 23:31 - 00000000 ____D () C:\Users\Thorben\Desktop\mbar
2014-08-28 23:31 - 2014-05-05 18:45 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-28 23:28 - 2014-08-28 23:28 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Thorben\Desktop\mbar-1.07.0.1012.exe
2014-08-28 23:16 - 2014-08-28 23:16 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Thorben\Desktop\tdsskiller.exe
2014-08-28 02:56 - 2014-05-03 18:39 - 00000000 ____D () C:\Users\Thorben\AppData\Roaming\TS3Client
2014-08-27 23:13 - 2014-05-03 16:35 - 00000000 ____D () C:\Users\Thorben
2014-08-27 21:51 - 2014-08-27 21:49 - 00011003 _____ () C:\Users\Thorben\Desktop\WinRAR-ZIP-Archiv (neu).zip
2014-08-27 19:51 - 2014-08-27 19:51 - 00047000 _____ () C:\Users\Thorben\Desktop\Gmer.txt
2014-08-27 19:41 - 2014-05-03 22:41 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-27 19:35 - 2014-08-27 19:35 - 00380416 _____ () C:\Users\Thorben\Desktop\Gmer-19357.exe
2014-08-27 19:26 - 2014-08-27 19:26 - 00040480 _____ () C:\Users\Thorben\Desktop\Addition.txt
2014-08-26 20:42 - 2014-08-26 20:42 - 01889616 _____ (SurfRight B.V.) C:\Users\Thorben\Downloads\hmpalert.exe
2014-08-26 20:42 - 2014-08-26 20:42 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2014-08-26 10:31 - 2014-08-26 10:31 - 00291984 _____ () C:\Windows\Minidump\082614-14289-01.dmp
2014-08-26 10:29 - 2014-08-26 10:29 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-08-25 15:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-25 05:28 - 2014-05-05 06:42 - 00000000 ____D () C:\Users\Thorben\Documents\my games
2014-08-25 04:36 - 2014-08-14 16:19 - 00035140 _____ () C:\Windows\DirectX.log
2014-08-24 19:20 - 2014-08-24 19:20 - 00000000 ____D () C:\Users\Thorben\AppData\Local\Adobe
2014-08-22 23:08 - 2014-05-03 18:59 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-08-22 02:15 - 2014-05-03 18:57 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-08-21 20:36 - 2014-05-03 16:46 - 00070000 _____ () C:\Users\Thorben\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-21 20:35 - 2009-07-14 06:45 - 00314016 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-21 19:42 - 2014-08-21 19:42 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-08-21 19:42 - 2014-08-21 18:43 - 00289976 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-08-21 19:41 - 2014-08-19 15:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-21 19:40 - 2014-08-19 15:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-08-21 19:21 - 2014-05-03 16:36 - 00001305 _____ () C:\Users\Thorben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-21 19:18 - 2014-05-03 17:28 - 00000000 ____D () C:\Windows\Panther
2014-08-21 19:16 - 2010-11-21 09:01 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-21 19:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-08-21 19:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-08-21 19:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-21 19:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-08-21 19:14 - 2014-08-21 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2014-08-21 19:13 - 2014-08-21 19:07 - 00012611 _____ () C:\Windows\IE11_main.log
2014-08-21 19:09 - 2014-08-21 19:09 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-21 19:09 - 2014-08-21 19:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-21 19:09 - 2014-08-21 19:09 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-21 19:09 - 2014-08-21 19:09 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-21 19:09 - 2014-08-21 19:09 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-08-21 19:09 - 2014-08-21 19:09 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-08-21 19:09 - 2014-08-21 19:09 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-08-21 19:09 - 2014-08-21 19:09 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-08-21 19:09 - 2014-08-21 19:09 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-08-21 19:09 - 2014-08-21 19:09 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-08-21 19:09 - 2014-08-21 19:09 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-21 18:48 - 2014-08-21 18:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-21 18:40 - 2014-05-03 16:46 - 01597378 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-08-21 18:20 - 2014-08-21 18:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-21 17:54 - 2014-05-03 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-08-21 17:53 - 2014-05-03 17:11 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-08-21 17:52 - 2014-05-03 17:06 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-08-19 15:34 - 2014-08-19 15:34 - 00000000 ____D () C:\Windows\PCHEALTH
2014-08-19 15:34 - 2014-08-19 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-08-19 15:34 - 2014-08-19 15:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-08-19 15:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-19 15:32 - 2014-08-19 15:32 - 00000000 ____D () C:\Users\Thorben\AppData\Local\Microsoft Help
2014-08-19 15:32 - 2014-08-19 15:32 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-08-19 15:32 - 2010-11-21 09:00 - 00000000 ____D () C:\Windows\ShellNew
2014-08-19 15:31 - 2014-08-19 15:31 - 00000000 ___RD () C:\MSOCache
2014-08-18 19:32 - 2014-05-03 20:41 - 00000000 ____D () C:\ProgramData\Origin
2014-08-18 19:23 - 2014-05-03 20:41 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-08-14 17:50 - 2014-08-14 16:20 - 00000000 ____D () C:\Users\Thorben\AppData\Roaming\Might & Magic Heroes VI
2014-08-14 16:48 - 2014-08-14 16:20 - 00000000 ____D () C:\Users\Thorben\Documents\Might & Magic Heroes VI
2014-08-14 16:28 - 2014-08-14 16:28 - 00000000 ____D () C:\Users\Thorben\AppData\Local\Chromium
2014-08-14 02:17 - 2014-08-14 02:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-14 02:12 - 2014-05-03 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-14 02:12 - 2014-05-03 18:37 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-14 02:11 - 2014-08-14 02:11 - 00159744 _____ () C:\Windows\winhlq32.exe
2014-08-14 02:11 - 2014-08-14 02:11 - 00003612 _____ () C:\Windows\System32\Tasks\AnwendungserfahrungFunctionauf
2014-08-14 02:07 - 2014-05-03 18:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-14 02:07 - 2014-05-03 17:37 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-13 19:24 - 2014-05-18 14:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-13 19:24 - 2014-05-03 19:14 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-13 19:24 - 2014-05-03 19:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-13 03:50 - 2014-08-13 03:48 - 00000000 ____D () C:\ArcTemp
2014-08-13 03:50 - 2014-08-13 03:45 - 00000000 ____D () C:\Program Files (x86)\Perfect World Entertainment
2014-08-13 03:48 - 2014-08-13 03:47 - 00000000 ____D () C:\Users\Thorben\AppData\Roaming\Arc
2014-08-13 03:45 - 2014-08-13 03:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2014-08-13 03:45 - 2014-05-03 16:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-07 04:06 - 2014-08-21 17:40 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-21 17:40 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 21:45 - 2014-08-06 21:45 - 00000000 ____D () C:\Users\Thorben\Documents\SimCity
2014-08-02 08:20 - 2014-05-03 18:52 - 00000000 ____D () C:\Users\Thorben\AppData\Roaming\Spotify
2014-08-02 03:39 - 2014-05-03 18:52 - 00000000 ____D () C:\Users\Thorben\AppData\Local\Spotify

Some content of TEMP:
====================
C:\Users\Thorben\AppData\Local\Temp\avgnt.exe
C:\Users\Thorben\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-27 22:15

==================== End Of Log ============================
         
--- --- ---


Zum Router:

Ich kann den Router Manuell nicht auf Werkseinstellung zurücksetzen. Das funktioniert nur, indem ich mit dem Computer übers Routerinterface auf Werkseinstellung klicke.
Dann speichert er irgendwas und führt die Werkseinstellung durch.

Alt 31.08.2014, 17:59   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Virus erstellt voip im Router - Standard

Virus erstellt voip im Router



Ja, das sollte reichen.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.09.2014, 10:14   #11
Swaley
 
Virus erstellt voip im Router - Standard

Virus erstellt voip im Router



Der Eset log:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=55732f996961e14ebe10360e41610432
# engine=19990
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-04 08:03:28
# local_time=2014-09-04 10:03:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 5962 1726405 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 10188991 161447658 0 0
# scanned=197570
# found=10
# cleaned=0
# scan_time=5492
sh=064680D54E8FBA2D06E2A5E35060BB16B3636C3B ft=1 fh=4ae2a46f410a297c vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=E6BF88B3390FEA12DB1F6F150800B531FEDADB01 ft=1 fh=4a10605500753c35 vn="möglicherweise Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir"
sh=40B63087012BF7DA70AE82BD473BCCFDD93BF8F5 ft=1 fh=027554fe6efee6bd vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
sh=584265F2BA0B47696184876335BAF6E175C81BEF ft=1 fh=2f2b206b1a22bc74 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=2D9A7EAF0637343E63C8622AA99C16E817A0F204 ft=1 fh=79672f4490f328fb vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir"
sh=6CDD189837D5C70B6F11EC1467DFC06B5B1DAB56 ft=1 fh=8d9f8b9dd40f9b55 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=295FC6612C9C97760937DF651A963A44C99CD0C0 ft=1 fh=aaec07ed4cd90b5d vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=1281BC2E05EBA5C4AEA26227C68ABBBF6ED9A2BC ft=1 fh=78661b0bb1b930fe vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll.vir"
sh=2510D5FD078002C413DAA2B68FEBA3E9AC8BDE80 ft=1 fh=b3c45eb818ca1528 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=E18E67AF494118B8B73EC4EC2269E89AA9C18237 ft=1 fh=d7d3a79201d8389a vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir"
         
Security Check log:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Flash Player 14.0.0.179  
 Adobe Reader XI  
 Mozilla Firefox (31.0) 
 Google Chrome 36.0.1985.143  
 Google Chrome 37.0.2062.103  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
FRST Log:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by Thorben (administrator) on THORBEN-PC on 04-09-2014 10:13:02
Running from C:\Users\Thorben\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Users\Thorben\Downloads\Core Temp\Core Temp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\SysWOW64\ASGT.exe
() C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Spotify Ltd) C:\Users\Thorben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Razer USA Ltd) C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7406392 2012-11-29] (Logitech Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-03] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [6226624 2014-05-03] (FNet Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Razer Imperator Driver] => C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe [979360 2012-02-09] (Razer USA Ltd)
HKU\S-1-5-21-761638862-2947245423-882755344-1000\...\Run: [Spotify Web Helper] => C:\Users\Thorben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-10] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1C23934DE566CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Thorben\AppData\Roaming\Mozilla\Firefox\Profiles\1dthd3mz.default-1399824096976
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: YouTube Unblocker - C:\Users\Thorben\AppData\Roaming\Mozilla\Firefox\Profiles\1dthd3mz.default-1399824096976\Extensions\youtubeunblocker@unblocker.yt [2014-06-02]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-05-11]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSearchProvider: Default -> Trovi search
CHR DefaultSearchURL: Default -> hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3320324&octid=EB_ORIGINAL_CTID&ISID=M9FEC8BBC-1EBC-407B-80E9-96701BEF61BF&SearchSource=58&CUI=&UM=6&UP=SP09328ECB-F0F2-45D3-9CFD-4122C82E6F2E&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\Thorben\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Thorben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-03]
CHR Extension: (Google Drive) - C:\Users\Thorben\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-03]
CHR Extension: (YouTube) - C:\Users\Thorben\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-03]
CHR Extension: (Google-Suche) - C:\Users\Thorben\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-03]
CHR Extension: (Tampermonkey) - C:\Users\Thorben\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-05-03]
CHR Extension: (CnC TA Script Collection) - C:\Users\Thorben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmhpmdclklpgfcpoiomjofgfagenmgeo [2014-05-03]
CHR Extension: (Google Wallet) - C:\Users\Thorben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-03]
CHR Extension: (Google Mail) - C:\Users\Thorben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-08-12] (Perfect World Entertainment Inc)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 ASRockIOMon; C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe [454656 2013-05-28] () [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [182248 2013-03-14] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 nlsvc; C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe [328832 2014-07-09] (Locktime Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-07-25] ()
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2014-05-03] (ASRock Incorporation)
S3 AsrHidFilter; C:\Windows\System32\DRIVERS\AsrHidFilter.sys [20232 2013-09-09] (ASRock Inc.)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [40200 2013-05-09] (ASRock Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-06-18] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2014-05-03] (FNet Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21048 2013-03-14] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21048 2013-03-14] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-03-14] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R2 nldrv; C:\Program Files\Locktime Software\NetLimiter 4\nldrv.sys [107952 2014-07-09] (Locktime Software)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-09-04] ()
R3 ALSysIO; \??\C:\Users\Thorben\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-04 10:12 - 2014-09-04 10:12 - 00000000 ____D () C:\Users\Thorben\Desktop\FRST-OlderVersion
2014-09-04 10:09 - 2014-09-04 10:09 - 00854417 _____ () C:\Users\Thorben\Desktop\SecurityCheck.exe
2014-09-04 08:29 - 2014-09-04 08:29 - 02347384 _____ (ESET) C:\Users\Thorben\Desktop\esetsmartinstaller_deu.exe
2014-09-04 08:29 - 2014-09-04 08:29 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-04 08:24 - 2014-09-04 08:24 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-09-03 12:52 - 2014-09-03 12:51 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-09-01 15:52 - 2014-09-01 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-09-01 15:52 - 2014-09-01 15:52 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-09-01 15:50 - 2014-09-01 15:50 - 25633928 _____ (Razer USA Ltd. ) C:\Users\Thorben\Downloads\Razer_Imperator_Driver_v2.02(1).exe
2014-09-01 03:29 - 2014-09-01 03:29 - 00000000 ____D () C:\Users\Thorben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-09-01 03:28 - 2014-09-01 03:28 - 00001548 _____ () C:\Users\Thorben\Desktop\EVE 2.lnk
2014-09-01 03:03 - 2014-09-01 03:03 - 00000129 _____ () C:\Users\Thorben\Desktop\Eve account wiederholen.txt
2014-09-01 01:39 - 2014-09-03 22:03 - 00000000 ____D () C:\Users\Thorben\Desktop\Eve
2014-08-31 19:41 - 2014-08-31 19:41 - 00001891 _____ () C:\Users\Thorben\Desktop\EVE 1.lnk
2014-08-31 19:41 - 2014-08-31 19:41 - 00000000 ____D () C:\Users\Thorben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVE
2014-08-31 19:35 - 2014-09-01 03:25 - 00000000 ____D () C:\Program Files (x86)\CCP
2014-08-31 17:54 - 2014-09-01 01:41 - 00000000 ____D () C:\Users\Thorben\AppData\Roaming\EVEMon
2014-08-31 17:54 - 2014-08-31 17:54 - 00000000 ____D () C:\Users\Thorben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVEMon
2014-08-31 17:54 - 2014-08-31 17:54 - 00000000 ____D () C:\Program Files (x86)\EVEMon
2014-08-31 17:52 - 2014-08-31 17:52 - 04949062 _____ (EVEMon Development Team) C:\Users\Thorben\Downloads\EVEMon-install-1.9.0.exe
2014-08-31 17:46 - 2014-08-31 17:46 - 04723184 _____ (CCP hf.) C:\Users\Thorben\Downloads\EVE_Online_Installer_821895.exe
2014-08-31 17:46 - 2014-08-31 17:46 - 00000000 ____D () C:\Users\Thorben\AppData\Local\CCP
2014-08-31 15:05 - 2014-08-31 15:05 - 00000000 ____D () C:\Users\Thorben\Documents\Diablo III
2014-08-31 10:25 - 2014-08-31 10:25 - 00000000 ____D () C:\Users\Thorben\AppData\Roaming\Avira
2014-08-31 10:24 - 2014-08-31 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-31 10:24 - 2014-08-31 10:24 - 00000000 ____D () C:\ProgramData\Avira
2014-08-31 10:24 - 2014-08-31 10:24 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-31 10:24 - 2014-08-15 10:30 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-08-31 10:24 - 2014-08-15 10:30 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-08-31 10:24 - 2014-08-15 10:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-08-31 10:12 - 2014-08-31 10:12 - 00000868 _____ () C:\Users\Thorben\Desktop\JRT.txt
2014-08-31 10:09 - 2014-08-31 10:09 - 00000000 ____D () C:\Windows\ERUNT
2014-08-31 10:07 - 2014-08-31 10:07 - 01016261 _____ (Thisisu) C:\Users\Thorben\Desktop\JRT.exe
2014-08-31 10:02 - 2014-08-31 10:02 - 01364531 _____ () C:\Users\Thorben\Desktop\adwcleaner_3.308.exe
2014-08-31 10:01 - 2014-08-31 10:01 - 00001976 _____ () C:\Users\Thorben\Desktop\mbam.txt
2014-08-31 09:45 - 2014-08-31 09:45 - 00003136 _____ () C:\Windows\System32\Tasks\{1C6EF767-7B90-4C2A-B9F0-8AAC062DBDD6}
2014-08-31 09:43 - 2014-08-31 09:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-08-31 04:34 - 2014-08-31 04:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2014-08-31 04:24 - 2014-08-31 04:24 - 00291856 _____ () C:\Windows\Minidump\083114-20295-01.dmp
2014-08-31 04:20 - 2014-08-31 04:20 - 00291992 _____ () C:\Windows\Minidump\083114-18564-01.dmp
2014-08-31 04:17 - 2014-08-31 15:04 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-08-31 02:26 - 2014-08-31 02:26 - 00266288 _____ () C:\Windows\Minidump\083114-21418-01.dmp
2014-08-30 17:01 - 2014-08-30 17:03 - 149527616 _____ () C:\Users\Thorben\Downloads\avira_free_antivirus_de_14.0.6.570.exe
2014-08-30 17:00 - 2014-08-30 17:00 - 00024831 _____ () C:\ComboFix.txt
2014-08-30 16:52 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-30 16:52 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-30 16:52 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-30 16:52 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-30 16:52 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-30 16:52 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-30 16:52 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-30 16:52 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-30 16:49 - 2014-08-30 17:00 - 00000000 ____D () C:\Qoobox
2014-08-30 16:49 - 2014-08-30 16:59 - 00000000 ____D () C:\Windows\erdnt
2014-08-30 16:34 - 2014-08-30 16:35 - 05576760 ____R (Swearware) C:\Users\Thorben\Desktop\ComboFix.exe
2014-08-28 23:32 - 2014-08-31 09:58 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-28 23:31 - 2014-08-28 23:42 - 00000000 ____D () C:\Users\Thorben\Desktop\mbar
2014-08-28 23:28 - 2014-08-28 23:28 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Thorben\Desktop\mbar-1.07.0.1012.exe
2014-08-28 23:16 - 2014-08-28 23:16 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Thorben\Desktop\tdsskiller.exe
2014-08-27 23:13 - 2014-09-01 09:25 - 00000000 ____D () C:\Users\Thorben\Bewerbung
2014-08-27 21:49 - 2014-08-27 21:51 - 00011003 _____ () C:\Users\Thorben\Desktop\WinRAR-ZIP-Archiv (neu).zip
2014-08-27 19:51 - 2014-08-27 19:51 - 00047000 _____ () C:\Users\Thorben\Desktop\Gmer.txt
2014-08-27 19:35 - 2014-08-27 19:35 - 00380416 _____ () C:\Users\Thorben\Desktop\Gmer-19357.exe
2014-08-27 19:26 - 2014-08-27 19:26 - 00040480 _____ () C:\Users\Thorben\Desktop\Addition.txt
2014-08-27 19:25 - 2014-09-04 10:13 - 00017671 _____ () C:\Users\Thorben\Desktop\FRST.txt
2014-08-27 19:25 - 2014-09-04 10:13 - 00000000 ____D () C:\FRST
2014-08-27 19:23 - 2014-09-04 10:12 - 02104832 _____ (Farbar) C:\Users\Thorben\Desktop\FRST64.exe
2014-08-26 20:42 - 2014-08-30 16:27 - 00000000 ____D () C:\Windows\CryptoGuard
2014-08-26 20:42 - 2014-08-26 20:42 - 01889616 _____ (SurfRight B.V.) C:\Users\Thorben\Downloads\hmpalert.exe
2014-08-26 20:42 - 2014-08-26 20:42 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2014-08-26 10:31 - 2014-08-31 04:24 - 553393440 _____ () C:\Windows\MEMORY.DMP
2014-08-26 10:31 - 2014-08-31 04:24 - 00000000 ____D () C:\Windows\Minidump
2014-08-26 10:31 - 2014-08-26 10:31 - 00291984 _____ () C:\Windows\Minidump\082614-14289-01.dmp
2014-08-26 10:29 - 2014-08-26 10:29 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-08-24 19:20 - 2014-08-24 19:20 - 00000000 ____D () C:\Users\Thorben\AppData\Local\Adobe
2014-08-21 19:42 - 2014-08-21 19:42 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-08-21 19:14 - 2014-08-21 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2014-08-21 19:13 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-08-21 19:09 - 2014-08-21 19:09 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-21 19:09 - 2014-08-21 19:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-21 19:09 - 2014-08-21 19:09 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-21 19:09 - 2014-08-21 19:09 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-21 19:09 - 2014-08-21 19:09 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-08-21 19:09 - 2014-08-21 19:09 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-08-21 19:09 - 2014-08-21 19:09 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-08-21 19:09 - 2014-08-21 19:09 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-08-21 19:09 - 2014-08-21 19:09 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-08-21 19:09 - 2014-08-21 19:09 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-08-21 19:09 - 2014-08-21 19:09 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-21 19:07 - 2014-08-21 19:13 - 00012611 _____ () C:\Windows\IE11_main.log
2014-08-21 18:46 - 2014-08-21 18:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-21 18:46 - 2014-07-31 23:41 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-21 18:43 - 2014-08-21 19:42 - 00289976 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-08-21 18:40 - 2010-02-23 10:16 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2014-08-21 18:33 - 2012-07-26 05:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-08-21 18:33 - 2012-07-26 05:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-08-21 18:33 - 2012-07-26 05:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-08-21 18:33 - 2012-07-26 05:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-08-21 18:33 - 2012-07-26 05:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-08-21 18:33 - 2012-07-26 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-08-21 18:33 - 2012-07-26 04:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-08-21 18:33 - 2012-06-02 16:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-08-21 18:21 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-21 18:21 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-21 18:21 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-21 18:21 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-21 18:21 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-21 18:21 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-21 18:20 - 2014-08-21 18:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-21 18:20 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-21 18:20 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-21 18:17 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-08-21 18:17 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-08-21 18:17 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-08-21 18:17 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-08-21 18:17 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-08-21 18:17 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-08-21 18:17 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-08-21 18:17 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-08-21 18:17 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-08-21 18:17 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-08-21 18:17 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-08-21 18:17 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-08-21 18:17 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-08-21 18:17 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-08-21 18:17 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-08-21 18:17 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-08-21 18:17 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-08-21 18:17 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-08-21 18:17 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-08-21 18:17 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-08-21 18:17 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-08-21 18:17 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2014-08-21 18:17 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-08-21 18:17 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-08-21 17:57 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-08-21 17:57 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-08-21 17:57 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 17:57 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-08-21 17:57 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-08-21 17:57 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-08-21 17:57 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-08-21 17:57 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-08-21 17:57 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-08-21 17:57 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-08-21 17:57 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-08-21 17:57 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-08-21 17:57 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-08-21 17:57 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-08-21 17:57 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-08-21 17:57 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-08-21 17:57 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-08-21 17:57 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-08-21 17:57 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-08-21 17:57 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-08-21 17:57 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-08-21 17:57 - 2014-01-01 01:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-21 17:57 - 2014-01-01 01:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-08-21 17:57 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-08-21 17:57 - 2013-11-23 20:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-08-21 17:57 - 2013-11-23 19:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-08-21 17:57 - 2013-10-04 04:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-08-21 17:57 - 2013-10-04 04:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-08-21 17:57 - 2013-10-04 03:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2014-08-21 17:57 - 2013-10-04 03:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2014-08-21 17:57 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-08-21 17:57 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-08-21 17:57 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-08-21 17:57 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-08-21 17:57 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-08-21 17:57 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2014-08-21 17:57 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2014-08-21 17:57 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2014-08-21 17:57 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-08-21 17:57 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-08-21 17:57 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-08-21 17:57 - 2013-04-26 01:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-08-21 17:57 - 2013-04-01 00:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-08-21 17:57 - 2012-01-04 12:44 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2014-08-21 17:57 - 2012-01-04 10:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2014-08-21 17:57 - 2011-12-30 08:26 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2014-08-21 17:57 - 2011-12-30 07:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2014-08-21 17:57 - 2011-07-09 04:46 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-08-21 17:57 - 2011-05-04 07:25 - 02315776 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2014-08-21 17:57 - 2011-05-04 07:22 - 02223616 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2014-08-21 17:57 - 2011-05-04 07:22 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2014-08-21 17:57 - 2011-05-04 07:22 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2014-08-21 17:57 - 2011-05-04 07:22 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2014-08-21 17:57 - 2011-05-04 07:22 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2014-08-21 17:57 - 2011-05-04 07:19 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2014-08-21 17:57 - 2011-05-04 07:19 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2014-08-21 17:57 - 2011-05-04 07:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2014-08-21 17:57 - 2011-05-04 06:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2014-08-21 17:57 - 2011-05-04 06:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2014-08-21 17:57 - 2011-05-04 06:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2014-08-21 17:57 - 2011-05-04 06:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2014-08-21 17:57 - 2011-05-04 06:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2014-08-21 17:57 - 2011-05-04 06:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2014-08-21 17:57 - 2011-05-04 06:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2014-08-21 17:57 - 2011-05-04 06:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2014-08-21 17:57 - 2011-05-04 06:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2014-08-21 17:57 - 2011-04-27 04:40 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-08-21 17:57 - 2011-04-27 04:39 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-08-21 17:57 - 2011-03-11 08:34 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2014-08-21 17:57 - 2011-03-11 08:34 - 01359872 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2014-08-21 17:57 - 2011-03-11 07:33 - 01164288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2014-08-21 17:57 - 2011-03-11 07:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2014-08-21 17:57 - 2010-12-23 12:42 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2014-08-21 17:57 - 2010-12-23 12:42 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2014-08-21 17:57 - 2010-12-23 12:36 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2014-08-21 17:57 - 2010-12-23 07:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2014-08-21 17:57 - 2010-12-23 07:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2014-08-21 17:57 - 2010-12-23 07:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2014-08-21 17:56 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-21 17:56 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-21 17:56 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-21 17:56 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-21 17:56 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-21 17:56 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-21 17:56 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-21 17:56 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-21 17:56 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-21 17:56 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-21 17:56 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-08-21 17:56 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-08-21 17:56 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-08-21 17:56 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-08-21 17:56 - 2013-12-25 00:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-08-21 17:56 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-08-21 17:56 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-08-21 17:56 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-08-21 17:56 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-08-21 17:56 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-08-21 17:56 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-08-21 17:56 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-08-21 17:56 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-08-21 17:56 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-08-21 17:56 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-08-21 17:56 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-08-21 17:56 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-08-21 17:56 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-08-21 17:56 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2014-08-21 17:56 - 2012-11-02 07:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2014-08-21 17:56 - 2012-11-02 07:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2014-08-21 17:56 - 2012-10-03 19:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2014-08-21 17:56 - 2012-10-03 19:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2014-08-21 17:56 - 2012-10-03 19:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2014-08-21 17:56 - 2012-10-03 19:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2014-08-21 17:56 - 2012-10-03 19:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2014-08-21 17:56 - 2012-10-03 19:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-08-21 17:56 - 2012-10-03 18:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2014-08-21 17:56 - 2012-10-03 18:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2014-08-21 17:56 - 2012-10-03 18:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2014-08-21 17:56 - 2012-10-03 18:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-08-21 17:56 - 2012-05-01 07:40 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-08-21 17:56 - 2012-03-17 09:58 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2014-08-21 17:56 - 2012-01-13 09:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2014-08-21 17:56 - 2011-08-17 07:26 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2014-08-21 17:56 - 2011-08-17 07:25 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2014-08-21 17:56 - 2011-08-17 06:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2014-08-21 17:56 - 2011-08-17 06:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2014-08-21 17:56 - 2011-03-03 08:24 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-08-21 17:56 - 2011-03-03 08:24 - 00183296 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-08-21 17:56 - 2011-03-03 08:21 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2014-08-21 17:56 - 2011-03-03 07:38 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2014-08-21 17:56 - 2011-03-03 07:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2014-08-21 17:55 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-21 17:55 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-21 17:55 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-08-21 17:55 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-08-21 17:55 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-08-21 17:55 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-08-21 17:55 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-08-21 17:55 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-08-21 17:55 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-08-21 17:55 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-08-21 17:55 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-08-21 17:55 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-08-21 17:55 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-08-21 17:55 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-08-21 17:55 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-08-21 17:55 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-08-21 17:55 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-08-21 17:55 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-08-21 17:55 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-08-21 17:55 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-08-21 17:55 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-08-21 17:55 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-08-21 17:55 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-08-21 17:55 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-08-21 17:55 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-08-21 17:55 - 2013-10-03 04:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-21 17:55 - 2013-10-03 04:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-21 17:55 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-08-21 17:55 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-08-21 17:55 - 2013-07-04 14:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-08-21 17:55 - 2013-05-10 07:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-08-21 17:55 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2014-08-21 17:55 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-08-21 17:55 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2014-08-21 17:55 - 2012-09-26 00:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2014-08-21 17:55 - 2012-09-26 00:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2014-08-21 17:55 - 2011-03-11 08:41 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2014-08-21 17:55 - 2011-03-11 08:41 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2014-08-21 17:55 - 2011-03-11 08:41 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2014-08-21 17:55 - 2011-03-11 08:41 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2014-08-21 17:55 - 2011-03-11 08:41 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2014-08-21 17:55 - 2011-03-11 08:33 - 02565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2014-08-21 17:55 - 2011-03-11 08:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2014-08-21 17:55 - 2011-03-11 07:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2014-08-21 17:55 - 2011-03-11 07:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2014-08-21 17:55 - 2011-03-11 06:37 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-08-21 17:55 - 2011-02-05 19:10 - 00642944 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-08-21 17:55 - 2011-02-05 19:10 - 00020352 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll
2014-08-21 17:55 - 2011-02-05 19:10 - 00019328 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll
2014-08-21 17:55 - 2011-02-05 19:10 - 00017792 _____ (Microsoft Corporation) C:\Windows\system32\kdcom.dll
2014-08-21 17:55 - 2011-02-05 19:06 - 00605552 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-08-21 17:55 - 2011-02-05 19:06 - 00566208 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-08-21 17:55 - 2011-02-05 19:06 - 00518672 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-08-21 17:54 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-08-21 17:54 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-08-21 17:53 - 2014-07-02 19:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-08-21 17:51 - 2014-07-02 22:48 - 24196896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 13922752 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 12866008 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-08-21 17:51 - 2014-07-02 22:48 - 11283344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 00944928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 00907096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 00903624 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 00869152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 00846832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 00502232 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 00391640 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 00348120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-08-21 17:51 - 2014-07-02 22:48 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-08-21 17:50 - 2014-07-02 22:48 - 22994208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-08-21 17:50 - 2014-07-02 22:48 - 17555104 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-08-21 17:50 - 2014-07-02 22:48 - 15294296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-08-21 17:50 - 2014-07-02 22:48 - 13835208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-08-21 17:50 - 2014-07-02 22:48 - 11222048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-08-21 17:50 - 2014-07-02 22:48 - 04247000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-08-21 17:50 - 2014-07-02 22:48 - 03989960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-08-21 17:50 - 2014-07-02 22:48 - 01890080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434052.dll
2014-08-21 17:50 - 2014-07-02 22:48 - 01539928 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434052.dll
2014-08-21 17:50 - 2014-07-02 22:48 - 00418760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-08-21 17:46 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-08-21 17:46 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-08-21 17:46 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-08-21 17:46 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-08-21 17:46 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-08-21 17:46 - 2012-11-23 05:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-08-21 17:45 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-08-21 17:45 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-08-21 17:45 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-08-21 17:45 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-08-21 17:45 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-08-21 17:45 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-08-21 17:45 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-08-21 17:45 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-08-21 17:45 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-08-21 17:45 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-08-21 17:45 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-08-21 17:45 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-08-21 17:45 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-08-21 17:45 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-08-21 17:42 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-08-21 17:42 - 2013-10-12 04:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-08-21 17:42 - 2013-10-12 04:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-08-21 17:42 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-08-21 17:42 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-08-21 17:42 - 2013-10-12 03:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-08-21 17:42 - 2013-10-12 03:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-08-21 17:42 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-08-21 17:42 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-08-21 17:42 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2014-08-21 17:42 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-08-21 17:42 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2014-08-21 17:42 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2014-08-21 17:42 - 2012-05-05 10:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-08-21 17:42 - 2012-05-05 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-08-21 17:41 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-21 17:41 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-21 17:41 - 2012-06-06 08:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2014-08-21 17:41 - 2012-06-06 07:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2014-08-21 17:41 - 2012-05-14 07:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-08-21 17:41 - 2012-02-17 08:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-08-21 17:41 - 2012-02-17 07:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2014-08-21 17:41 - 2012-02-17 06:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-08-21 17:41 - 2011-10-15 08:31 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2014-08-21 17:41 - 2011-10-15 07:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2014-08-21 17:41 - 2011-08-27 07:37 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-08-21 17:41 - 2011-08-27 07:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2014-08-21 17:41 - 2011-08-27 06:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-08-21 17:41 - 2011-08-27 06:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2014-08-21 17:41 - 2011-02-23 06:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2014-08-21 17:40 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-21 17:40 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-21 17:40 - 2013-10-12 04:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-08-21 17:40 - 2013-10-12 04:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-08-21 17:40 - 2013-10-12 04:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-08-21 17:40 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-08-21 17:40 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-08-19 15:34 - 2014-08-21 19:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-08-19 15:34 - 2014-08-19 15:34 - 00000000 ____D () C:\Windows\PCHEALTH
2014-08-19 15:34 - 2014-08-19 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-08-19 15:32 - 2014-08-21 19:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-19 15:32 - 2014-08-19 15:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-08-19 15:32 - 2014-08-19 15:32 - 00000000 ____D () C:\Users\Thorben\AppData\Local\Microsoft Help
2014-08-19 15:32 - 2014-08-19 15:32 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-08-19 15:31 - 2014-08-19 15:31 - 00000000 ___RD () C:\MSOCache
2014-08-14 16:28 - 2014-08-14 16:28 - 00000000 ____D () C:\Users\Thorben\AppData\Local\Chromium
2014-08-14 16:20 - 2014-08-14 17:50 - 00000000 ____D () C:\Users\Thorben\AppData\Roaming\Might & Magic Heroes VI
2014-08-14 16:20 - 2014-08-14 16:48 - 00000000 ____D () C:\Users\Thorben\Documents\Might & Magic Heroes VI
2014-08-14 16:19 - 2014-08-25 04:36 - 00035140 _____ () C:\Windows\DirectX.log
2014-08-14 02:17 - 2014-09-04 08:24 - 00022326 _____ () C:\Windows\setupact.log
2014-08-14 02:17 - 2014-08-14 02:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-14 02:16 - 2014-09-04 08:24 - 00504778 _____ () C:\Windows\PFRO.log
2014-08-14 02:11 - 2014-08-14 02:11 - 00159744 _____ () C:\Windows\winhlq32.exe
2014-08-14 02:11 - 2014-08-14 02:11 - 00003612 _____ () C:\Windows\System32\Tasks\AnwendungserfahrungFunctionauf
2014-08-14 02:05 - 2014-08-31 10:05 - 00000000 ____D () C:\AdwCleaner
2014-08-14 02:05 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-13 03:48 - 2014-08-13 03:50 - 00000000 ____D () C:\ArcTemp
2014-08-13 03:47 - 2014-08-13 03:48 - 00000000 ____D () C:\Users\Thorben\AppData\Roaming\Arc
2014-08-13 03:45 - 2014-08-13 03:50 - 00000000 ____D () C:\Program Files (x86)\Perfect World Entertainment
2014-08-13 03:45 - 2014-08-13 03:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2014-08-06 21:45 - 2014-08-06 21:45 - 00000000 ____D () C:\Users\Thorben\Documents\SimCity

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-04 10:13 - 2014-08-27 19:25 - 00017671 _____ () C:\Users\Thorben\Desktop\FRST.txt
2014-09-04 10:13 - 2014-08-27 19:25 - 00000000 ____D () C:\FRST
2014-09-04 10:12 - 2014-09-04 10:12 - 00000000 ____D () C:\Users\Thorben\Desktop\FRST-OlderVersion
2014-09-04 10:12 - 2014-08-27 19:23 - 02104832 _____ (Farbar) C:\Users\Thorben\Desktop\FRST64.exe
2014-09-04 10:09 - 2014-09-04 10:09 - 00854417 _____ () C:\Users\Thorben\Desktop\SecurityCheck.exe
2014-09-04 09:51 - 2014-05-03 18:27 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-04 09:22 - 2014-05-18 14:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-04 08:46 - 2014-05-03 18:57 - 00000000 ____D () C:\Users\Thorben\AppData\Local\Battle.net
2014-09-04 08:32 - 2009-07-14 06:45 - 00031280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-04 08:32 - 2009-07-14 06:45 - 00031280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-04 08:30 - 2010-11-21 08:50 - 00700454 _____ () C:\Windows\system32\perfh007.dat
2014-09-04 08:30 - 2010-11-21 08:50 - 00150092 _____ () C:\Windows\system32\perfc007.dat
2014-09-04 08:30 - 2009-07-14 07:13 - 01624034 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-04 08:29 - 2014-09-04 08:29 - 02347384 _____ (ESET) C:\Users\Thorben\Desktop\esetsmartinstaller_deu.exe
2014-09-04 08:29 - 2014-09-04 08:29 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-04 08:29 - 2014-05-05 18:22 - 01073925 _____ () C:\Windows\WindowsUpdate.log
2014-09-04 08:25 - 2014-06-23 13:28 - 00002988 _____ () C:\Windows\System32\Tasks\HDMISwitch
2014-09-04 08:24 - 2014-09-04 08:24 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-09-04 08:24 - 2014-08-14 02:17 - 00022326 _____ () C:\Windows\setupact.log
2014-09-04 08:24 - 2014-08-14 02:16 - 00504778 _____ () C:\Windows\PFRO.log
2014-09-04 08:24 - 2014-05-03 18:27 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-04 08:24 - 2014-05-03 17:11 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-04 08:24 - 2014-05-03 16:58 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-09-04 08:24 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-03 22:26 - 2014-05-03 18:39 - 00000000 ____D () C:\Users\Thorben\AppData\Roaming\TS3Client
2014-09-03 22:03 - 2014-09-01 01:39 - 00000000 ____D () C:\Users\Thorben\Desktop\Eve
2014-09-03 20:24 - 2014-05-03 17:40 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-03 17:45 - 2014-05-03 20:41 - 00000000 ____D () C:\ProgramData\Origin
2014-09-03 17:44 - 2014-05-03 20:41 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-03 12:51 - 2014-09-03 12:52 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-09-02 06:47 - 2014-05-03 16:46 - 00070000 _____ () C:\Users\Thorben\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-02 06:46 - 2009-07-14 06:45 - 00312632 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-01 15:52 - 2014-09-01 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-09-01 15:52 - 2014-09-01 15:52 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-09-01 15:50 - 2014-09-01 15:50 - 25633928 _____ (Razer USA Ltd. ) C:\Users\Thorben\Downloads\Razer_Imperator_Driver_v2.02(1).exe
2014-09-01 15:30 - 2014-05-03 22:41 - 00000000 ____D () C:\Users\Thorben\AppData\Local\CrashDumps
2014-09-01 09:25 - 2014-08-27 23:13 - 00000000 ____D () C:\Users\Thorben\Bewerbung
2014-09-01 03:29 - 2014-09-01 03:29 - 00000000 ____D () C:\Users\Thorben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-09-01 03:28 - 2014-09-01 03:28 - 00001548 _____ () C:\Users\Thorben\Desktop\EVE 2.lnk
2014-09-01 03:25 - 2014-08-31 19:35 - 00000000 ____D () C:\Program Files (x86)\CCP
2014-09-01 03:03 - 2014-09-01 03:03 - 00000129 _____ () C:\Users\Thorben\Desktop\Eve account wiederholen.txt
2014-09-01 01:41 - 2014-08-31 17:54 - 00000000 ____D () C:\Users\Thorben\AppData\Roaming\EVEMon
2014-08-31 19:41 - 2014-08-31 19:41 - 00001891 _____ () C:\Users\Thorben\Desktop\EVE 1.lnk
2014-08-31 19:41 - 2014-08-31 19:41 - 00000000 ____D () C:\Users\Thorben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVE
2014-08-31 19:41 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-31 17:54 - 2014-08-31 17:54 - 00000000 ____D () C:\Users\Thorben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVEMon
2014-08-31 17:54 - 2014-08-31 17:54 - 00000000 ____D () C:\Program Files (x86)\EVEMon
2014-08-31 17:52 - 2014-08-31 17:52 - 04949062 _____ (EVEMon Development Team) C:\Users\Thorben\Downloads\EVEMon-install-1.9.0.exe
2014-08-31 17:46 - 2014-08-31 17:46 - 04723184 _____ (CCP hf.) C:\Users\Thorben\Downloads\EVE_Online_Installer_821895.exe
2014-08-31 17:46 - 2014-08-31 17:46 - 00000000 ____D () C:\Users\Thorben\AppData\Local\CCP
2014-08-31 15:05 - 2014-08-31 15:05 - 00000000 ____D () C:\Users\Thorben\Documents\Diablo III
2014-08-31 15:04 - 2014-08-31 04:17 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-08-31 10:25 - 2014-08-31 10:25 - 00000000 ____D () C:\Users\Thorben\AppData\Roaming\Avira
2014-08-31 10:24 - 2014-08-31 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-31 10:24 - 2014-08-31 10:24 - 00000000 ____D () C:\ProgramData\Avira
2014-08-31 10:24 - 2014-08-31 10:24 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-31 10:12 - 2014-08-31 10:12 - 00000868 _____ () C:\Users\Thorben\Desktop\JRT.txt
2014-08-31 10:09 - 2014-08-31 10:09 - 00000000 ____D () C:\Windows\ERUNT
2014-08-31 10:07 - 2014-08-31 10:07 - 01016261 _____ (Thisisu) C:\Users\Thorben\Desktop\JRT.exe
2014-08-31 10:05 - 2014-08-14 02:05 - 00000000 ____D () C:\AdwCleaner
2014-08-31 10:02 - 2014-08-31 10:02 - 01364531 _____ () C:\Users\Thorben\Desktop\adwcleaner_3.308.exe
2014-08-31 10:01 - 2014-08-31 10:01 - 00001976 _____ () C:\Users\Thorben\Desktop\mbam.txt
2014-08-31 09:59 - 2014-05-05 19:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-31 09:58 - 2014-08-28 23:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-31 09:45 - 2014-08-31 09:45 - 00003136 _____ () C:\Windows\System32\Tasks\{1C6EF767-7B90-4C2A-B9F0-8AAC062DBDD6}
2014-08-31 09:43 - 2014-08-31 09:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-08-31 04:34 - 2014-08-31 04:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2014-08-31 04:24 - 2014-08-31 04:24 - 00291856 _____ () C:\Windows\Minidump\083114-20295-01.dmp
2014-08-31 04:24 - 2014-08-26 10:31 - 553393440 _____ () C:\Windows\MEMORY.DMP
2014-08-31 04:24 - 2014-08-26 10:31 - 00000000 ____D () C:\Windows\Minidump
2014-08-31 04:20 - 2014-08-31 04:20 - 00291992 _____ () C:\Windows\Minidump\083114-18564-01.dmp
2014-08-31 02:26 - 2014-08-31 02:26 - 00266288 _____ () C:\Windows\Minidump\083114-21418-01.dmp
2014-08-30 17:03 - 2014-08-30 17:01 - 149527616 _____ () C:\Users\Thorben\Downloads\avira_free_antivirus_de_14.0.6.570.exe
2014-08-30 17:00 - 2014-08-30 17:00 - 00024831 _____ () C:\ComboFix.txt
2014-08-30 17:00 - 2014-08-30 16:49 - 00000000 ____D () C:\Qoobox
2014-08-30 16:59 - 2014-08-30 16:49 - 00000000 ____D () C:\Windows\erdnt
2014-08-30 16:58 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-30 16:47 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-30 16:35 - 2014-08-30 16:34 - 05576760 ____R (Swearware) C:\Users\Thorben\Desktop\ComboFix.exe
2014-08-30 16:27 - 2014-08-26 20:42 - 00000000 ____D () C:\Windows\CryptoGuard
2014-08-28 23:42 - 2014-08-28 23:31 - 00000000 ____D () C:\Users\Thorben\Desktop\mbar
2014-08-28 23:31 - 2014-05-05 18:45 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-28 23:28 - 2014-08-28 23:28 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Thorben\Desktop\mbar-1.07.0.1012.exe
2014-08-28 23:16 - 2014-08-28 23:16 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Thorben\Desktop\tdsskiller.exe
2014-08-27 23:13 - 2014-05-03 16:35 - 00000000 ____D () C:\Users\Thorben
2014-08-27 21:51 - 2014-08-27 21:49 - 00011003 _____ () C:\Users\Thorben\Desktop\WinRAR-ZIP-Archiv (neu).zip
2014-08-27 19:51 - 2014-08-27 19:51 - 00047000 _____ () C:\Users\Thorben\Desktop\Gmer.txt
2014-08-27 19:41 - 2014-05-03 22:41 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-27 19:35 - 2014-08-27 19:35 - 00380416 _____ () C:\Users\Thorben\Desktop\Gmer-19357.exe
2014-08-27 19:26 - 2014-08-27 19:26 - 00040480 _____ () C:\Users\Thorben\Desktop\Addition.txt
2014-08-26 20:42 - 2014-08-26 20:42 - 01889616 _____ (SurfRight B.V.) C:\Users\Thorben\Downloads\hmpalert.exe
2014-08-26 20:42 - 2014-08-26 20:42 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2014-08-26 10:31 - 2014-08-26 10:31 - 00291984 _____ () C:\Windows\Minidump\082614-14289-01.dmp
2014-08-26 10:29 - 2014-08-26 10:29 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-08-25 15:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-25 05:28 - 2014-05-05 06:42 - 00000000 ____D () C:\Users\Thorben\Documents\my games
2014-08-25 04:36 - 2014-08-14 16:19 - 00035140 _____ () C:\Windows\DirectX.log
2014-08-24 19:20 - 2014-08-24 19:20 - 00000000 ____D () C:\Users\Thorben\AppData\Local\Adobe
2014-08-22 23:08 - 2014-05-03 18:59 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-08-22 02:15 - 2014-05-03 18:57 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-08-21 19:42 - 2014-08-21 19:42 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-08-21 19:42 - 2014-08-21 18:43 - 00289976 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-08-21 19:41 - 2014-08-19 15:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-21 19:40 - 2014-08-19 15:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-08-21 19:21 - 2014-05-03 16:36 - 00001305 _____ () C:\Users\Thorben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-21 19:18 - 2014-05-03 17:28 - 00000000 ____D () C:\Windows\Panther
2014-08-21 19:16 - 2010-11-21 09:01 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-21 19:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-08-21 19:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-08-21 19:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-21 19:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-08-21 19:14 - 2014-08-21 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2014-08-21 19:13 - 2014-08-21 19:07 - 00012611 _____ () C:\Windows\IE11_main.log
2014-08-21 19:09 - 2014-08-21 19:09 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-21 19:09 - 2014-08-21 19:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-21 19:09 - 2014-08-21 19:09 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-21 19:09 - 2014-08-21 19:09 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-21 19:09 - 2014-08-21 19:09 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-08-21 19:09 - 2014-08-21 19:09 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-08-21 19:09 - 2014-08-21 19:09 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-08-21 19:09 - 2014-08-21 19:09 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-08-21 19:09 - 2014-08-21 19:09 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-08-21 19:09 - 2014-08-21 19:09 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-08-21 19:09 - 2014-08-21 19:09 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-08-21 19:09 - 2014-08-21 19:09 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-21 19:09 - 2014-08-21 19:09 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-21 18:48 - 2014-08-21 18:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-21 18:40 - 2014-05-03 16:46 - 01597378 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-08-21 18:20 - 2014-08-21 18:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-21 17:54 - 2014-05-03 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-08-21 17:53 - 2014-05-03 17:11 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-08-21 17:52 - 2014-05-03 17:06 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-08-19 15:34 - 2014-08-19 15:34 - 00000000 ____D () C:\Windows\PCHEALTH
2014-08-19 15:34 - 2014-08-19 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-08-19 15:34 - 2014-08-19 15:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-08-19 15:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-19 15:32 - 2014-08-19 15:32 - 00000000 ____D () C:\Users\Thorben\AppData\Local\Microsoft Help
2014-08-19 15:32 - 2014-08-19 15:32 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-08-19 15:32 - 2010-11-21 09:00 - 00000000 ____D () C:\Windows\ShellNew
2014-08-19 15:31 - 2014-08-19 15:31 - 00000000 ___RD () C:\MSOCache
2014-08-15 10:30 - 2014-08-31 10:24 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-08-15 10:30 - 2014-08-31 10:24 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-08-15 10:30 - 2014-08-31 10:24 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-08-14 17:50 - 2014-08-14 16:20 - 00000000 ____D () C:\Users\Thorben\AppData\Roaming\Might & Magic Heroes VI
2014-08-14 16:48 - 2014-08-14 16:20 - 00000000 ____D () C:\Users\Thorben\Documents\Might & Magic Heroes VI
2014-08-14 16:28 - 2014-08-14 16:28 - 00000000 ____D () C:\Users\Thorben\AppData\Local\Chromium
2014-08-14 02:17 - 2014-08-14 02:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-14 02:12 - 2014-05-03 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-14 02:12 - 2014-05-03 18:37 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-14 02:11 - 2014-08-14 02:11 - 00159744 _____ () C:\Windows\winhlq32.exe
2014-08-14 02:11 - 2014-08-14 02:11 - 00003612 _____ () C:\Windows\System32\Tasks\AnwendungserfahrungFunctionauf
2014-08-14 02:07 - 2014-05-03 18:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-14 02:07 - 2014-05-03 17:37 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-13 19:24 - 2014-05-18 14:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-13 19:24 - 2014-05-03 19:14 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-13 19:24 - 2014-05-03 19:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-13 03:50 - 2014-08-13 03:48 - 00000000 ____D () C:\ArcTemp
2014-08-13 03:50 - 2014-08-13 03:45 - 00000000 ____D () C:\Program Files (x86)\Perfect World Entertainment
2014-08-13 03:48 - 2014-08-13 03:47 - 00000000 ____D () C:\Users\Thorben\AppData\Roaming\Arc
2014-08-13 03:45 - 2014-08-13 03:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2014-08-13 03:45 - 2014-05-03 16:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-07 04:06 - 2014-08-21 17:40 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-21 17:40 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 21:45 - 2014-08-06 21:45 - 00000000 ____D () C:\Users\Thorben\Documents\SimCity

Some content of TEMP:
====================
C:\Users\Thorben\AppData\Local\Temp\avgnt.exe
C:\Users\Thorben\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-27 22:15

==================== End Of Log ============================
         
--- --- ---


Vielen Dank für deine Hilfe.

Alt 05.09.2014, 07:54   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Virus erstellt voip im Router - Standard

Virus erstellt voip im Router



Flash updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSearchProvider: Default -> Trovi search
CHR DefaultSearchURL: Default -> hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3320324&octid=EB_ORIGINAL_CTID&ISID=M9FEC8BBC-1EBC-407B-80E9-96701BEF61BF&SearchSource=58&CUI=&UM=6&UP=SP09328ECB-F0F2-45D3-9CFD-4122C82E6F2E&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Rest sieht gut aus. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.09.2014, 15:00   #13
Swaley
 
Virus erstellt voip im Router - Standard

Virus erstellt voip im Router



Im Router wird keine Voip mehr generiert. Jedoch habe ich noch folgende Einträge im Log stehen:
Die Zahlen hab ich jetzt mal dahinter weggelassen

**Vecna Scan**
**Smurf**
**UDP Loop**


Der Fixlog:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2014 02
Ran by Thorben at 2014-09-05 14:55:31 Run:1
Running from C:\Users\Thorben\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSearchProvider: Default -> Trovi search
CHR DefaultSearchURL: Default -> hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3320324&octid=EB_ORIGINAL_CTID&ISID=M9FEC8BBC-1EBC-407B-80E9-96701BEF61BF&SearchSource=58&CUI=&UM=6&UP=SP09328ECB-F0F2-45D3-9CFD-4122C82E6F2E&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
*****************

Chrome DefaultSearchKeyword deleted successfully.
CHR DefaultSearchProvider: Default -> Trovi search ==> The Chrome "Settings" can be used to fix the entry.
Chrome DefaultSearchURL deleted successfully.
Chrome DefaultSuggestURL deleted successfully.

==== End of Fixlog ====
         
Gruß Swaley

Alt 06.09.2014, 12:31   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Virus erstellt voip im Router - Standard

Virus erstellt voip im Router



Zitat:
**Vecna Scan**
**Smurf**
**UDP Loop**
damit kann ich null anfangen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Virus erstellt voip im Router
adware/agentcv.a.6984, conduit.search, conduit.search entfernen, fehlercode 0x0, launch, pup.optional.quickstart.a, pup.optional.searchprotect, pup.optional.searchprotect.a, spotify web helper, win32/clientconnect.a, win32/conduit.searchprotect.h, win32/conduit.searchprotect.i



Ähnliche Themen: Virus erstellt voip im Router


  1. Virus erstellt Verknüpfungen - Teil II
    Plagegeister aller Art und deren Bekämpfung - 16.08.2014 (29)
  2. VoIP-Provider Sipload sperrt Auslandsgespräche
    Nachrichten - 19.06.2014 (0)
  3. Hackerangriff auf VoIP-Dienst Viber
    Nachrichten - 24.07.2013 (0)
  4. 29C3: Großer Lauschangriff mit VoIP-Telefonen von Cisco
    Nachrichten - 28.12.2012 (0)
  5. AKM Virus / OTLPE Log erstellt
    Lob, Kritik und Wünsche - 23.07.2012 (11)
  6. Virus erstellt ...*Srv.exe Dateien/Prozesse
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (3)
  7. Hacker erbeuten Kundendaten bei VoIP-Provider dus.net
    Nachrichten - 27.06.2012 (0)
  8. GUV Virus, OTL.txt erstellt, wie verfahre ich weiter ?
    Plagegeister aller Art und deren Bekämpfung - 13.06.2012 (6)
  9. 50 € Paysafe Virus, OTL's erstellt!
    Log-Analyse und Auswertung - 05.04.2012 (1)
  10. 50 Euro Virus, OTL Log´s bereits erstellt
    Plagegeister aller Art und deren Bekämpfung - 28.03.2012 (2)
  11. 50€-Virus mit weißem Bildschirm - OTL log erstellt
    Plagegeister aller Art und deren Bekämpfung - 27.03.2012 (13)
  12. Trojaner/Virus erstellt tmp. Dateien.
    Plagegeister aller Art und deren Bekämpfung - 13.02.2012 (6)
  13. 50Euro Virus - Win7 / 64 - OTL Logfile erstellt nach Anleitung erstellt
    Plagegeister aller Art und deren Bekämpfung - 06.01.2012 (2)
  14. BKA Virus Virus OTLPE Log Dateien bereits erstellt
    Log-Analyse und Auswertung - 16.09.2011 (17)
  15. BKA Virus :( OTL logfiles erstellt
    Log-Analyse und Auswertung - 13.06.2011 (18)
  16. BKA-Chef fordert VoIP-Überwachung
    Nachrichten - 26.11.2009 (0)
  17. Welchen Schutz gibt es bei VOIP vor Dialern?
    Antiviren-, Firewall- und andere Schutzprogramme - 28.01.2005 (1)

Zum Thema Virus erstellt voip im Router - Hallo zusammen, Wie schon im Titel erwähnt, habe ich das Problem, dass in meinem Router (Vodafone Easybox 803) ein Virus dauernd versucht meinen Router auszulesen. Es erscheint im Ereignislogbuch ein - Virus erstellt voip im Router...
Archiv
Du betrachtest: Virus erstellt voip im Router auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.