Malware Yontoo // Malwarebytes-Anti-Malware-Programm keine identifizierte Datei gefunden

Ninaa · 16.03.2013, 18:50

Hallo zusammen,

ich habe folgendes Problem, seid 2 Tagen hat sich vermutlich jemand in mein Rechner gehakt, dies hab ich durch eine Meldung von McAfee entnommen. In der Meldung stand, dass McAfee jemanden gehindert hat in meinen Rechner einzudringen mit einer IP-Adresse, die aus Nordamerika kam. Soweit so gut, heute kamen erneut Fehlermeldungen von einem Virus
Yontoo.
Ich habe nach diesem Virus im Internet recherchiert und habe kurzerhand einige Daten gelöscht, dazu gehören

C:\Program Files (x86)\Yontoo
C:\ProgramData\Tarma Installer
C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
C:\Program Files (x86)\Ask.com

Malwarebytes-Anti-Malware habe ich installiert und durchlaufen lassen, allerdings wurden keine Infizierte Dateien gefunden.

Wie soll ich nun weiter vorgehen?

Viele Grüße

cosinus · 17.03.2013, 17:26

Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Erstmal eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

Ninaa · 17.03.2013, 21:40

Code:

ATTFilter

OTL Extras logfile created on: 17/03/2013 20:49:02 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\------\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16519)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.89 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 26.66% Memory free
5.76 Gb Paging File | 2.43 Gb Available in Paging File | 42.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186.30 Gb Total Space | 132.81 Gb Free Space | 71.28% Space Free | Partition Type: NTFS
Drive D: | 258.44 Gb Total Space | 258.32 Gb Free Space | 99.95% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: ------- | User Name: ------ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000387A7-1FF4-4518-9A75-9EEE3D542E78}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{29D41441-A7CC-46F1-917D-604531567D5A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{46CB2697-5F25-485F-899B-6A8AC026D986}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{485E7954-CF36-4BA6-81A1-9DC67EE9FD3F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4D48A77D-7C45-4A23-9D7A-BA8EC0256455}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{57F6BBDE-97B2-44B7-A93F-4396A453FFF3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6BDF3CE9-F665-459F-B9B3-C6E26E03C574}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6DF676F0-57D1-49AD-86FC-787F3C041511}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{73E527D8-2C30-4F1E-80D0-C24732037E85}" = lport=139 | protocol=6 | dir=in | app=system | 
"{76310D30-8E1B-4BA3-B27D-4A775FC0FC03}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8592D8B5-BA6D-4880-82E0-49DF60EFD151}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{860B31C9-E39A-433C-B622-C86A5F918CCF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{880659D1-8079-42D8-95C1-1DCBDBE7A174}" = rport=137 | protocol=17 | dir=out | app=system | 
"{913AA86E-5D9F-4564-8A5E-C57DF52E62FD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9BD00CDF-DE4D-47C0-B387-FB137137CBF2}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A4B74863-8CCC-4CDB-958C-86B8A9683A7B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B84BE4F0-5A66-44BC-9892-905D95854D14}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CD774389-C726-47CF-AD3B-592DF37AC78D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CD9B82E5-EB68-4733-84F9-4ABBC8841BD6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{FA5D692C-114F-4CD0-994A-94FA02C9731E}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FC812D28-08FD-4220-AC2A-EA21F2D011CE}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{042315F2-2C31-4ABC-9986-77E594A3EB16}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{0A6AFEB3-092C-43FE-B5C4-FA68009096F9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0F68D922-AECD-4188-ABB3-B3955ED53073}" = dir=out | name=wordament | 
"{11EC1D19-EECC-4C2B-8164-77D965064ECE}" = dir=out | name=microsoft solitaire collection | 
"{14189E82-02D6-4DB1-BE6C-AC44F6410A44}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1D47ED55-5745-4EA9-A8BC-DCEB1A1B5C6D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{205E1D33-A253-4942-8D66-84C40A5F61D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{25CB982D-0F05-4549-A735-42C322A715BA}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{2E547EB7-5908-40A6-B862-467BFD3DB649}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{33CB8D81-8DE1-41B9-AE62-908D7CC33C4B}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{351C55F5-F1F9-4F84-A6D3-5C844B1915D5}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{3761219E-A842-42A4-B2E2-D6E683DC21F6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{3A065019-B4D6-4DA0-9A91-36A64C39CE45}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{3A39B9AB-A362-4ADD-A934-55D095D4778E}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{3CA5C707-250B-4040-B79C-03F907D53EBA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{4078C463-1ED0-4819-8522-7FD6DF9AFEEB}" = dir=out | name=skype | 
"{4577FD9C-3CC1-4279-9E4C-EC189288F1BA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{4906BBC3-6455-4E29-BE2B-EAB650DE9BCE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{505522EF-77E4-4ECB-8127-0736715D366C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{50E6141E-FC7D-488E-931E-593EC1A30A2F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{518C2002-50D9-492F-84CB-23E228F6FCA4}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{63FA2AA0-3DC2-4DC2-9E20-479DF7C420E0}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{6448B237-A107-473F-A99F-2FF08E5F45EF}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{6BD21569-FF0C-4359-A865-6E1DA5528241}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{71F6A799-1CD9-4FAE-A762-AB36208C9F82}" = dir=out | name=adera | 
"{729DB75B-CB92-4073-9CE3-DE912172E61A}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe | 
"{737C83B4-EC75-4224-A459-3D645034B134}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{74F90C5D-03BA-4A5B-95A2-1D0B471055EB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{77EF5602-BE4B-49DA-8696-7ABE0158D663}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{781D74BC-6D50-4FA3-95E4-D8B27DA2313A}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{79CF5987-F2E9-4ED1-91DB-9442B85B6A5B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{80B7284C-4D59-4834-B575-2B440FAF4AE4}" = dir=out | name=fresh paint | 
"{91E309C9-382B-4BD7-B45C-52145759F823}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe | 
"{9383D3C6-A9EE-48E2-BF7D-B68319E12F5C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{96985624-2B5D-46EE-B481-B12465E3AD36}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9B4440B1-9819-4CB1-8DD3-693B896EE85E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A0BEB4B6-6138-4E07-BE57-BFE0E95B8169}" = dir=out | name=windows_ie_ac_001 | 
"{A32F000D-A5EB-42FA-882E-BCC5F14B7C23}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A436C427-1724-4E6C-BA58-3C6ECB0DBC7A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{A57F1B65-DBD6-4D5F-AAC1-B5C4DC9E683D}" = protocol=6 | dir=out | app=system | 
"{A60C517B-B392-4EBC-ABF4-3BCFAB10AACD}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{AAD058F3-BC7F-4E93-B581-C67E4206B63B}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{AB1A3AF7-AF9B-418D-B028-F68D0662D42D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B0C5670F-C5EC-440D-A9D3-41737F335FD7}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{B29B4E5B-BCA5-4647-870A-051C4500B978}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{B5192CBF-F338-4A6D-8C38-DF6FBAD117D0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B7A392D2-0477-493A-9FE2-5FD60805D99A}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{C4A02258-8575-4C96-BAE0-38EB7AEF704A}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe | 
"{C91BAF84-B109-4080-81A7-F7D2FD3D21D3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C91F4F7E-02BB-480F-8FBB-13014A4EFF74}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{D0F2B19F-EE51-41C6-B8F0-E69C54FF473B}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{D14A42DB-8716-4963-A788-0E2435F86132}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{D3782EF7-C6F1-4AC8-8C62-DA90A400B6AD}" = dir=out | name=fruit ninja | 
"{D7C88817-6C3B-47E9-8F2C-340D196F65B7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D7E89D3A-4AAD-4931-B64D-66A149FE6386}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{E0CC2208-68A4-4974-983C-3E35D8FDD525}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E35FF87B-14E5-4BFE-8696-6A0757A2264E}" = dir=in | name=skype | 
"{E41A10D7-E879-4EE9-B3DB-04344A78B396}" = dir=out | name=island tribe 2 | 
"{E45862C6-BA5E-4480-BA08-70C880BA5655}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{E5B9D393-78FF-47E9-89F6-59E5331671EE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E775C1A9-AF66-4F13-94E2-F481CD6E4E1D}" = dir=in | name=fruit ninja | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E7CD4D92-24FD-4A86-861D-134504F97A24}" = dir=out | name=taptiles | 
"{EB00395E-79A4-42FC-8336-8A71D5409616}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{EDFB7DFF-AF54-4C7D-B4B2-86C17403ADC2}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{F207055C-5CB7-4677-AAEE-DA037DAD17B3}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe | 
"{F275E4C6-190E-4241-9A11-A69F17AA9F3B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FAB28186-D59A-4BDE-91D3-E916F40A261E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{FD7D4CB7-1A5C-4C5D-AD4D-6A273837F22C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}" = ExpressCache
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0613
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"C01F56FBD9B141017E63E2A1A141E59934D4DC67" = Windows-Treiberpaket - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148)
"GIMP-2_is1" = GIMP 2.8.4
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program
"{4D3286A6-F6AB-498A-82A4-E4F040529F3D}" = ASUS Smart Gesture
"{58172D66-2F69-4215-9AEC-ED8196023736}" = ASUS Tutor
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{749F674B-2674-47E8-879C-5626A06B2A91}" = ASUS InstantOn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}" = ASUS Instant Connect
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel(R) Rapid Start Technology
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage Sync Agent
"Audacity_is1" = Audacity 2.0.3
"FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C" = Intel(R) Dynamic Platform and Thermal Framework
"Free Audio Converter_is1" = Free Audio Converter version 5.0.22.128
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MSC" = McAfee Internet Security
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Pokki Toolbar" = Pokki Toolbar
"SearchProtect" = Search Protect by conduit
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1406272812-3250844907-2347147309-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Tropico 4" = Tropico 4 1.00
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/03/2013 10:42:58 | Computer Name = ------ | Source = DptfPolicyLpmServiceHelper | ID = 131073
Description = 
 
Error - 11/03/2013 10:42:58 | Computer Name = ------ | Source = DptfPolicyLpmServiceHelper | ID = 131073
Description = 
 
Error - 11/03/2013 11:22:30 | Computer Name = ------ | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 12/03/2013 12:35:41 | Computer Name = ------ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12/03/2013 12:35:43 | Computer Name = ------ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 535047
 
Error - 12/03/2013 12:35:43 | Computer Name = ------ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 535047
 
Error - 12/03/2013 13:22:28 | Computer Name = ------ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12/03/2013 13:22:28 | Computer Name = ------ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1906
 
Error - 12/03/2013 13:22:28 | Computer Name = ------ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1906
 
Error - 13/03/2013 09:34:23 | Computer Name = ------ | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
[ System Events ]
Error - 13/03/2013 11:41:38 | Computer Name = ------ | Source = DCOM | ID = 10016
Description = 
 
Error - 13/03/2013 11:45:08 | Computer Name = ------ | Source = DCOM | ID = 10016
Description = 
 
Error - 13/03/2013 11:45:08 | Computer Name = ------ | Source = DCOM | ID = 10016
Description = 
 
Error - 13/03/2013 11:47:00 | Computer Name = ------ | Source = DCOM | ID = 10016
Description = 
 
Error - 13/03/2013 11:47:00 | Computer Name = ------ | Source = DCOM | ID = 10016
Description = 
 
Error - 13/03/2013 11:57:29 | Computer Name = ------ | Source = DCOM | ID = 10016
Description = 
 
Error - 13/03/2013 11:57:29 | Computer Name = ------ | Source = DCOM | ID = 10016
Description = 
 
Error - 14/03/2013 09:56:32 | Computer Name = ------ | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst McNASvc erreicht.
 
Error - 14/03/2013 16:19:14 | Computer Name = ------ | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst McNASvc erreicht.
 
Error - 15/03/2013 10:16:30 | Computer Name = ------ | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?14.?03.?2013 um 23:08:43 unerwartet heruntergefahren.
 
 
< End of report >

Ninaa · 17.03.2013, 21:43

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 17/03/2013 20:49:02 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\-------\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.89 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 26.66% Memory free
5.76 Gb Paging File | 2.43 Gb Available in Paging File | 42.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186.30 Gb Total Space | 132.81 Gb Free Space | 71.28% Space Free | Partition Type: NTFS
Drive D: | 258.44 Gb Total Space | 258.32 Gb Free Space | 99.95% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: ------- | User Name: ------- | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\-------\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\-------\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC)
PRC - C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe (Microsoft)
PRC - C:\Users\-------\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
PRC - C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (Conduit)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
PRC - C:\Windows\SysWOW64\ACEngSvr.exe (ASUSTeK)
PRC - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.)
PRC - C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e1ec8b9a6d4f9af9d6065c4187fb1b5f\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f641b786d36d1cc5a5531a746c96ce1b\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9c95779cc3d65cda80695cabc367476b\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\38638a559066bf7f2325a53ed53629bc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\05cc6faa6704d01e78700561b22937e3\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\6824c9f11ea82b4148780cd92c9d6745\PresentationFramework.Aero2.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\8347ac8367f91309fa888d79a54c7450\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\1c7f4533b2b24c10a628793a8b93e1a7\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\15cc4fff434f274c1f6ab56a385dcb54\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a7811936e59aaee26b1d9d467174d6d4\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\374a0cc6603f58864831897ef723bd4a\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cf561d65486360afb324d26c80b9aac2\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ae31f7dc9817e359d05c9c8efdd5f359\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65220f0f32ec84454f9a811fba883c2e\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (McODS) -- C:\Program Files\mcafee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (DptfPolicyConfigTDPService) -- C:\Windows\SysNative\DptfPolicyConfigTDPService.exe ()
SRV:64bit: - (DptfParticipantProcessorService) -- C:\Windows\SysNative\DptfParticipantProcessorService.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (ExpressCache) -- C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe (Diskeeper Corporation)
SRV - (CltMngSvc) -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (Conduit)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (0095431363451781mcinstcleanup) -- C:\Windows\Temp\0095431363451781mcinst.exe (McAfee, Inc.)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Qualcomm Atheros Commnucations)
SRV - (ZAtheros Bt and Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (irstrtsv) -- C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUSTek Computer Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (ASUS InstantOn) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (ASUS)
SRV - (McAWFwk) -- c:\PROGRA~1\mcafee\msc\mcawfwk.exe (McAfee, Inc.)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\Drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\Drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\Drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\Drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\Drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\Drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\Drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeelamk) -- C:\Windows\SysNative\Drivers\mfeelamk.sys (McAfee, Inc.)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\Drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (ATP) -- C:\Windows\SysNative\Drivers\AsusTP.sys (ASUS Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\Drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\Drivers\btfilter.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\Drivers\btath_rcp.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\Drivers\btath_lwflt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\Drivers\btath_hcrp.sys (Qualcomm Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\Drivers\btath_flt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\Drivers\btath_bus.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\Drivers\btath_a2dp.sys (Qualcomm Atheros)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\Drivers\btath_avdt.sys (Qualcomm Atheros)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\Drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\Drivers\kbfiltr.sys ( )
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek                                            )
DRV:64bit: - (irstrtdv) -- C:\Windows\SysNative\Drivers\irstrtdv.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (AiCharger) -- C:\Windows\SysNative\Drivers\AiCharger.sys (ASUSTek Computer Inc.)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (DptfManager) -- C:\Windows\SysNative\Drivers\DptfManager.sys (Intel Corporation)
DRV:64bit: - (DptfDevGen) -- C:\Windows\SysNative\Drivers\DptfDevGen.sys (Intel Corporation)
DRV:64bit: - (DptfDevDram) -- C:\Windows\SysNative\Drivers\DptfDevDram.sys (Intel Corporation)
DRV:64bit: - (DptfDevFan) -- C:\Windows\SysNative\Drivers\DptfDevFan.sys (Intel Corporation)
DRV:64bit: - (DptfDevPch) -- C:\Windows\SysNative\Drivers\DptfDevPch.sys (Intel Corporation)
DRV:64bit: - (DptfDevProc) -- C:\Windows\SysNative\Drivers\DptfDevProc.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (RSBASTOR) -- C:\Windows\SysNative\Drivers\RtsBaStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\Drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\Drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (e1iexpress) -- C:\Windows\SysNative\Drivers\e1i63x64.sys (Intel Corporation)
DRV:64bit: - (HIDSwitch) -- C:\Windows\SysNative\Drivers\AsHIDSwitch64.sys (ASUS)
DRV:64bit: - (HipShieldK) -- C:\Windows\SysNative\Drivers\HipShieldK.sys (McAfee, Inc.)
DRV:64bit: - (excsd) -- C:\Windows\SysNative\Drivers\excsd.sys (Diskeeper Corporation)
DRV:64bit: - (excfs) -- C:\Windows\SysNative\Drivers\excfs.sys (Diskeeper Corporation)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {e44a1809-4d10-4ab8-b343-3326b64c7cdd} - C:\Program Files (x86)\Pokki\prxtbPok0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
IE - HKU\S-1-5-21-1406272812-3250844907-2347147309-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
IE - HKU\S-1-5-21-1406272812-3250844907-2347147309-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKU\S-1-5-21-1406272812-3250844907-2347147309-1002\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1406272812-3250844907-2347147309-1002\..\URLSearchHook: {e44a1809-4d10-4ab8-b343-3326b64c7cdd} - C:\Program Files (x86)\Pokki\prxtbPok0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1406272812-3250844907-2347147309-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1406272812-3250844907-2347147309-1002\..\SearchScopes\{8D1F1D5E-6281-4567-B3B4-26088CA05899}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3281675&CUI=UN15025115322045127
IE - HKU\S-1-5-21-1406272812-3250844907-2347147309-1002\..\SearchScopes\{B4A62836-A94E-48C3-B0E6-6B92900DF753}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=db4460d2-8c4d-425a-a830-5d6da388431a&apn_sauid=DCCBD833-0970-40C3-B6C6-D16A3957E22D
IE - HKU\S-1-5-21-1406272812-3250844907-2347147309-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1406272812-3250844907-2347147309-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013/03/16 17:43:00 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2012/07/26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Pokki Toolbar) - {e44a1809-4d10-4ab8-b343-3326b64c7cdd} - C:\Program Files (x86)\Pokki\prxtbPok0.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Pokki Toolbar) - {e44a1809-4d10-4ab8-b343-3326b64c7cdd} - C:\Program Files (x86)\Pokki\prxtbPok0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1406272812-3250844907-2347147309-1002\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1406272812-3250844907-2347147309-1002\..\Toolbar\WebBrowser: (Pokki Toolbar) - {E44A1809-4D10-4AB8-B343-3326B64C7CDD} - C:\Program Files (x86)\Pokki\prxtbPok0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
O4:64bit: - HKLM..\Run: [BtPreLoad] C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe ()
O4:64bit: - HKLM..\Run: [DptfPolicyLpmServiceHelper] C:\Windows\SysNative\dptfpolicylpmservicehelper.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe (ASUS Cloud Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKU\S-1-5-21-1406272812-3250844907-2347147309-1002..\Run: [SearchProtect] C:\Users\-------\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKU\S-1-5-21-1406272812-3250844907-2347147309-1002..\Run: [Yontoo Desktop] C:\Users\-------\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\S-1-5-21-1406272812-3250844907-2347147309-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D36BD5F-8860-4559-A6E0-3E57A4E6446D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5B2E185-39BD-4FED-A18C-BE0425BAFDA2}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/03/17 20:40:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/03/16 17:59:44 | 000,000,000 | ---D | C] -- C:\Users\-------\AppData\Roaming\Malwarebytes
[2013/03/16 17:59:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/16 17:59:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/16 17:58:57 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/16 17:58:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/16 17:38:56 | 000,196,440 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
[2013/03/14 22:07:55 | 000,000,000 | ---D | C] -- C:\Users\-------\AppData\Local\DoNotTrackPlus
[2013/03/14 22:04:02 | 000,000,000 | ---D | C] -- C:\Users\-------\AppData\Local\AskToolbar
[2013/03/14 22:03:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2013/03/14 22:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013/03/14 21:37:19 | 000,000,000 | ---D | C] -- C:\Users\-------\AppData\Roaming\Yontoo
[2013/03/14 21:37:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2013/03/14 21:36:54 | 000,000,000 | ---D | C] -- C:\Users\-------\AppData\Roaming\ExpressFiles
[2013/03/13 14:25:43 | 003,966,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/03/13 14:25:42 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/03/13 14:25:39 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/03/13 14:25:37 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013/03/13 14:25:34 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/03/13 14:25:33 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/03/13 14:25:33 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/03/13 14:25:32 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/03/13 14:25:32 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/03/13 14:25:31 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/03/13 14:25:31 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
[2013/03/13 14:25:31 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
[2013/03/07 16:27:31 | 000,000,000 | ---D | C] -- C:\Users\-------\Documents\ASUS
[2013/03/07 16:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS
[2013/03/07 15:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/03/07 15:44:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/03/07 15:44:31 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/03/07 15:39:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/03/07 15:39:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013/03/07 15:38:41 | 000,000,000 | ---D | C] -- C:\Users\-------\AppData\Local\Microsoft Help
[2013/03/07 15:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013/03/07 15:38:13 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/03/03 16:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/03/03 16:15:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/03/03 16:15:09 | 000,000,000 | ---D | C] -- C:\Users\-------\AppData\Roaming\SearchProtect
[2013/03/03 16:14:56 | 000,000,000 | ---D | C] -- C:\Users\-------\AppData\Local\Conduit
[2013/03/03 16:14:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pokki
[2013/03/03 13:15:46 | 000,000,000 | ---D | C] -- C:\Users\-------\AppData\Roaming\DVDVideoSoftIEHelpers
[2013/03/03 13:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013/03/03 13:15:19 | 000,000,000 | ---D | C] -- C:\Users\-------\AppData\Roaming\OpenCandy
[2013/03/03 13:15:19 | 000,000,000 | ---D | C] -- C:\Users\-------\AppData\Roaming\DVDVideoSoft
[2013/03/03 13:15:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013/03/03 13:15:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013/03/03 12:22:22 | 000,000,000 | ---D | C] -- C:\Users\-------\AppData\Roaming\Audacity
[2013/03/03 12:22:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2013/03/01 16:26:29 | 000,000,000 | ---D | C] -- C:\Users\-------\.thumbnails
[2013/03/01 16:22:17 | 000,000,000 | ---D | C] -- C:\Users\-------\AppData\Local\fontconfig
[2013/03/01 16:22:12 | 000,000,000 | ---D | C] -- C:\Users\-------\AppData\Local\gegl-0.2
[2013/03/01 16:22:12 | 000,000,000 | ---D | C] -- C:\Users\-------\.gimp-2.8
[2013/03/01 16:18:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2013/03/01 16:14:56 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2013/03/01 16:14:53 | 000,000,000 | ---D | C] -- C:\Users\-------\AppData\Local\Programs
[2013/02/27 21:10:45 | 000,000,000 | ---D | C] -- C:\Users\-------\AppData\Roaming\Tropico 4
[2013/02/27 20:54:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2013/02/27 13:16:37 | 001,010,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll
[2013/02/27 13:16:37 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll
[2013/02/27 13:16:36 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgent.dll
[2013/02/25 19:20:09 | 000,000,000 | ---D | C] -- C:\Users\-------\AppData\Local\Adobe
[2013/02/19 16:56:15 | 000,000,000 | ---D | C] -- C:\Users\-------\Desktop\Schule
[2013/02/19 13:13:03 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\newdev.dll
[2013/02/19 13:13:02 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\newdev.dll
[2013/02/19 13:13:02 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\newdev.exe
[2013/02/19 13:13:02 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\newdev.exe
[2013/02/19 13:13:01 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ndadmin.exe
[2013/02/19 13:13:01 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ndadmin.exe
[2013/02/19 13:12:58 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013/02/19 13:12:26 | 001,184,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Display.dll
[2013/02/19 13:12:26 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Display.dll
[2013/02/19 13:12:26 | 000,488,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/02/19 13:12:26 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013/02/19 13:12:26 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidi2c.sys
[2013/02/19 13:12:26 | 000,021,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/02/19 13:12:25 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevDispItemProvider.dll
[2013/02/19 13:12:25 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevDispItemProvider.dll
[2013/02/19 13:12:25 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDKURD.DLL
[2013/02/19 13:12:25 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDKURD.DLL
[2013/02/19 13:12:17 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSShared.dll
[2013/02/19 13:12:17 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSShared.dll
[2013/02/19 13:12:17 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.dll
[2013/02/19 13:12:17 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/02/19 13:12:17 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
[2013/02/19 13:12:17 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/02/19 13:11:31 | 011,459,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\glcndFilter.dll
[2013/02/19 13:11:30 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll
[2013/02/19 13:11:29 | 008,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll
[2013/02/19 13:11:28 | 008,552,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\glcndFilter.dll
[2013/02/19 13:11:26 | 001,526,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfcore.dll
[2013/02/19 13:11:26 | 001,451,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfcore.dll
[2013/02/19 13:11:26 | 000,976,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/02/19 13:11:25 | 001,566,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2013/02/19 13:11:25 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2013/02/19 13:11:24 | 000,447,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2013/02/19 13:11:23 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2013/02/19 13:11:23 | 000,767,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013/02/19 13:11:23 | 000,490,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2013/02/19 13:11:23 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll
[2013/02/19 13:11:23 | 000,253,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2013/02/19 13:11:22 | 001,619,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013/02/19 13:11:21 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll
[2013/02/19 13:11:21 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll
[2013/02/19 13:11:20 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2013/02/19 13:11:20 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll
[2013/02/19 13:11:19 | 000,549,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll
[2013/02/19 13:11:18 | 000,445,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS
[2013/02/19 13:11:18 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.Connectivity.dll
[2013/02/19 13:11:18 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys
[2013/02/19 13:11:14 | 000,501,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevicePairing.dll
[2013/02/19 13:11:13 | 000,522,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2013/02/19 13:11:13 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanapi.dll
[2013/02/19 13:11:12 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dafWCN.dll
[2013/02/19 13:11:11 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanmsm.dll
[2013/02/19 13:11:11 | 000,463,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2013/02/19 13:11:09 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlansec.dll
[2013/02/19 13:11:09 | 000,386,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanmsm.dll
[2013/02/19 13:11:09 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bthprops.cpl
[2013/02/19 13:11:09 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll
[2013/02/19 13:11:09 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFCaptureEngine.dll
[2013/02/19 13:11:09 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhostex.exe
[2013/02/19 13:11:09 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2013/02/19 13:11:09 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuaext.dll
[2013/02/19 13:11:08 | 000,449,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevicePairing.dll
[2013/02/19 13:11:08 | 000,375,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlansec.dll
[2013/02/19 13:11:08 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpclip.exe
[2013/02/19 13:11:08 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2013/02/19 13:11:08 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bthprops.cpl
[2013/02/19 13:11:08 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013/02/19 13:11:07 | 002,146,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2013/02/19 13:11:07 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013/02/19 13:11:07 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2013/02/19 13:11:07 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013/02/19 13:11:06 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2013/02/19 13:11:05 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2013/02/19 13:11:05 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanapi.dll
[2013/02/19 13:11:05 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFCaptureEngine.dll
[2013/02/19 13:11:05 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013/02/19 13:11:05 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2013/02/19 13:11:04 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEndpointBuilder.dll
[2013/02/19 13:11:03 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnApi.dll
[2013/02/19 13:11:03 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WcnApi.dll
[2013/02/19 13:11:02 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdWCN.dll
[2013/02/19 13:11:02 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnEapAuthProxy.dll
[2013/02/19 13:11:02 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2013/02/19 13:11:01 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wfdprov.dll
[2013/02/19 13:11:01 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnEapPeerProxy.dll
[2013/02/19 13:11:00 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wfdprov.dll
[2013/02/19 13:10:59 | 000,267,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2013/02/19 13:10:54 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fxppm.sys
[2013/02/19 13:10:53 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wushareduxresources.dll
[2013/02/19 13:10:53 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanhlp.dll
[2013/02/19 13:10:53 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanhlp.dll
[2013/02/19 13:10:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iscsilog.dll
[2013/02/19 13:08:40 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dskquota.dll
[2013/02/19 13:08:39 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dskquota.dll
[2013/02/19 13:08:23 | 000,396,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hal.dll
[2013/02/19 13:08:13 | 001,172,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfnetsrc.dll
[2013/02/19 13:08:13 | 000,929,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfnetsrc.dll
[2013/02/19 13:08:13 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfnetcore.dll
[2013/02/19 13:08:13 | 000,673,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmpeg2srcsnk.dll
[2013/02/19 13:08:12 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfnetcore.dll
[2013/02/19 13:08:12 | 000,513,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmpeg2srcsnk.dll
[2013/02/19 13:08:11 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfasfsrcsnk.dll
[2013/02/19 13:08:11 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfasfsrcsnk.dll
[2013/02/19 13:07:34 | 003,554,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2013/02/19 13:07:33 | 002,116,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2013/02/19 13:07:32 | 002,206,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll
[2013/02/19 13:07:31 | 002,764,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2013/02/19 13:07:31 | 002,380,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2013/02/19 13:07:30 | 002,115,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2013/02/19 13:07:30 | 001,841,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll
[2013/02/19 13:07:30 | 001,610,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2013/02/19 13:07:30 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Immersive.dll
[2013/02/19 13:07:29 | 001,265,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/02/19 13:07:29 | 001,226,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Immersive.dll
[2013/02/19 13:07:29 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SHCore.dll
[2013/02/19 13:07:29 | 000,579,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2013/02/19 13:07:28 | 000,793,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2013/02/19 13:07:23 | 001,403,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2013/02/19 13:07:23 | 001,267,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2013/02/19 13:07:22 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2013/02/19 13:07:22 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2013/02/19 13:07:21 | 001,217,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2013/02/19 13:07:21 | 001,093,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2013/02/19 13:07:20 | 000,612,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2013/02/19 13:07:20 | 000,561,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4srcsnk.dll
[2013/02/19 13:07:20 | 000,460,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SHCore.dll
[2013/02/19 13:07:19 | 000,517,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2013/02/19 13:07:19 | 000,441,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2013/02/19 13:07:18 | 000,286,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/02/19 13:07:17 | 001,045,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usercpl.dll
[2013/02/19 13:07:17 | 000,503,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2013/02/19 13:07:17 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4srcsnk.dll
[2013/02/19 13:07:17 | 000,336,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys
[2013/02/19 13:07:17 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Storage.Compression.dll
[2013/02/19 13:07:17 | 000,058,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dam.sys
[2013/02/19 13:07:15 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2013/02/19 13:07:14 | 000,962,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\usercpl.dll
[2013/02/19 13:07:14 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2013/02/19 13:07:13 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SpaceControl.dll
[2013/02/19 13:07:12 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2013/02/19 13:07:12 | 000,056,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdstor.sys
[2013/02/19 13:07:12 | 000,033,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\battc.sys
[2013/02/19 13:07:11 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2013/02/19 13:07:11 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Storage.Compression.dll
[2013/02/19 13:07:10 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\input.dll
[2013/02/19 13:07:09 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\input.dll
[2013/02/19 13:07:08 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2013/02/19 13:07:08 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2013/02/19 13:07:07 | 000,745,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2013/02/19 13:07:07 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2013/02/19 13:07:07 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\microsoft-windows-pdc.dll
[2013/02/19 13:07:06 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PCPKsp.dll
[2013/02/19 13:07:05 | 001,294,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013/02/19 13:07:04 | 000,757,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FirewallAPI.dll
[2013/02/19 13:07:04 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AppxSip.dll
[2013/02/19 13:07:03 | 000,370,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SysFxUI.dll
[2013/02/19 13:07:03 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppxSip.dll
[2013/02/19 13:07:02 | 001,836,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/02/19 13:07:02 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2013/02/19 13:07:01 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icfupgd.dll
[2013/02/19 13:07:01 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PCPKsp.dll
[2013/02/19 13:07:01 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BdeUISrv.exe
[2013/02/19 13:07:00 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssitlb.dll
[2013/02/19 13:06:59 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssprxy.dll
[2013/02/19 13:06:59 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssitlb.dll
[2013/02/19 13:06:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2013/02/19 13:06:58 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wfapigp.dll
[2013/02/19 13:06:58 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wfapigp.dll
[2013/02/19 13:06:57 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshooks.dll
[2013/02/19 13:06:56 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013/02/19 13:06:56 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshooks.dll
[2013/02/19 13:06:55 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kbdhebl3.dll
[2013/02/19 13:06:55 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kbdhebl3.dll
[2013/02/19 13:06:24 | 001,131,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentServer.dll
[2013/02/19 13:06:24 | 000,707,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentExtensions.dll
[2013/02/19 13:06:23 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll
[2013/02/19 13:06:23 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TimeBrokerServer.dll
[2013/02/19 13:06:08 | 005,974,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/02/19 13:06:07 | 005,088,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/02/19 13:06:07 | 001,096,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2013/02/19 13:06:06 | 003,245,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013/02/19 13:06:06 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/02/19 13:06:06 | 001,145,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmde.dll
[2013/02/19 13:06:05 | 001,122,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Taskmgr.exe
[2013/02/19 13:06:05 | 001,027,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Taskmgr.exe
[2013/02/19 13:06:04 | 001,536,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storagewmi.dll
[2013/02/19 13:06:04 | 000,955,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WebcamUi.dll
[2013/02/19 13:06:03 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/02/19 13:06:02 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WebcamUi.dll
[2013/02/19 13:06:02 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UserLanguagesCpl.dll
[2013/02/19 13:06:02 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usbmon.dll
[2013/02/19 13:06:01 | 000,891,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmde.dll
[2013/02/19 13:06:01 | 000,329,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2013/02/19 13:06:01 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpnapps.dll
[2013/02/19 13:06:00 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UserLanguagesCpl.dll
[2013/02/19 13:06:00 | 000,058,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013/02/19 13:05:59 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013/02/19 13:05:59 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpnapps.dll
[2013/02/19 13:05:59 | 000,027,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013/02/19 13:05:58 | 001,217,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\storagewmi.dll
[2013/02/19 13:05:58 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013/02/19 13:05:58 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll
[2013/02/19 13:05:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2013/02/19 13:05:57 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013/02/19 13:05:57 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013/02/19 13:05:51 | 000,378,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013/02/19 13:05:48 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013/02/19 13:05:48 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rfxvmt.dll
[2013/02/19 13:05:47 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vds_ps.dll
[2013/02/19 13:05:46 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013/02/19 13:05:46 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BtaMPM.sys
[2013/02/19 13:05:45 | 000,031,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys
[2013/02/19 13:05:45 | 000,029,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthhfHid.sys
[2013/02/19 13:05:26 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppwinob.dll
[2013/02/19 13:03:41 | 002,367,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSService.dll
[2013/02/19 13:03:40 | 013,640,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll
[2013/02/19 13:03:24 | 003,265,256 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\evbda.sys
[2013/02/19 13:03:21 | 014,259,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013/02/19 13:03:20 | 010,791,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll
[2013/02/19 13:03:16 | 002,397,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpcMon.exe
[2013/02/19 13:03:14 | 003,847,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/02/19 13:03:11 | 003,964,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSAT.exe
[2013/02/19 13:03:10 | 011,875,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013/02/19 13:03:07 | 000,533,224 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\bxvbda.sys
[2013/02/19 13:03:05 | 001,513,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vssapi.dll
[2013/02/19 13:03:02 | 001,825,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/02/19 13:02:59 | 001,019,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.dll
[2013/02/19 13:02:58 | 001,739,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RacEngn.dll
[2013/02/19 13:02:56 | 002,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/02/19 13:02:55 | 001,304,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Media.Streaming.dll
[2013/02/19 13:02:54 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uDWM.dll
[2013/02/19 13:02:53 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\provcore.dll
[2013/02/19 13:02:53 | 000,389,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MMDevAPI.dll
[2013/02/19 13:02:50 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013/02/19 13:02:48 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlroamextension.dll
[2013/02/19 13:02:46 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSATAPI.dll
[2013/02/19 13:02:42 | 000,995,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.Streaming.dll
[2013/02/19 13:02:40 | 001,590,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/02/19 13:02:40 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apphelp.dll
[2013/02/19 13:02:40 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll
[2013/02/19 13:02:40 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IPHLPAPI.DLL
[2013/02/19 13:02:39 | 000,709,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsSpellCheckingFacility.dll
[2013/02/19 13:02:36 | 001,743,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\combase.dll
[2013/02/19 13:02:36 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFPlay.dll
[2013/02/19 13:02:33 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2013/02/19 13:02:33 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WWAHost.exe
[2013/02/19 13:02:32 | 000,866,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinTypes.dll
[2013/02/19 13:02:31 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fveapi.dll
[2013/02/19 13:02:31 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlidcredprov.dll
[2013/02/19 13:02:31 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rascfg.dll
[2013/02/19 13:02:30 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfsrcsnk.dll
[2013/02/19 13:02:30 | 000,545,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2013/02/19 13:02:30 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfsvr.dll
[2013/02/19 13:02:29 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcdsrv.dll
[2013/02/19 13:02:29 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rascfg.dll
[2013/02/19 13:02:28 | 001,400,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\propsys.dll
[2013/02/19 13:02:28 | 000,337,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBXHCI.SYS
[2013/02/19 13:02:28 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/02/19 13:02:28 | 000,249,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpnprv.dll
[2013/02/19 13:02:27 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VAN.dll
[2013/02/19 13:02:27 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlroamextension.dll
[2013/02/19 13:02:27 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinSATAPI.dll
[2013/02/19 13:02:26 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe
[2013/02/19 13:02:26 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSClient.dll
[2013/02/19 13:02:25 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fveapibase.dll
[2013/02/19 13:02:23 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appwiz.cpl
[2013/02/19 13:02:23 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll
[2013/02/19 13:02:23 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bisrv.dll
[2013/02/19 13:02:22 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psmsrv.dll
[2013/02/19 13:02:21 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSSync.dll
[2013/02/19 13:02:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhengine.dll
[2013/02/19 13:02:20 | 000,166,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSClient.dll
[2013/02/19 13:02:19 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WWAHost.exe
[2013/02/19 13:02:19 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFPlay.dll
[2013/02/19 13:02:19 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSSync.dll
[2013/02/19 13:02:19 | 000,120,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpioclx.sys
[2013/02/19 13:02:19 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PackageStateRoaming.dll
[2013/02/19 13:02:17 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appwiz.cpl
[2013/02/19 13:02:15 | 001,369,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RacEngn.dll
[2013/02/19 13:02:15 | 000,457,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpncore.dll
[2013/02/19 13:02:15 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmredir.dll
[2013/02/19 13:02:14 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.BackgroundTransfer.dll
[2013/02/19 13:02:14 | 000,090,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TpmTasks.dll
[2013/02/19 13:02:13 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ProximityService.dll
[2013/02/19 13:02:12 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PackageStateRoaming.dll
[2013/02/19 13:02:10 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\provcore.dll
[2013/02/19 13:02:10 | 000,256,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvproc.dll
[2013/02/19 13:02:10 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2013/02/19 13:02:08 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinapi.dll
[2013/02/19 13:02:07 | 001,247,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\combase.dll
[2013/02/19 13:02:07 | 000,480,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VAN.dll
[2013/02/19 13:02:07 | 000,027,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\avrt.dll
[2013/02/19 13:02:06 | 000,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfsrcsnk.dll
[2013/02/19 13:02:06 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\microsoft-windows-kernel-power-events.dll
[2013/02/19 13:02:06 | 000,062,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpfve.sys
[2013/02/19 13:02:04 | 002,016,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\batmeter.dll
[2013/02/19 13:02:04 | 002,007,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\batmeter.dll
[2013/02/19 13:02:04 | 000,148,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tpm.sys
[2013/02/19 13:02:04 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSyncHost.exe
[2013/02/19 13:02:04 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfdisk.dll
[2013/02/19 13:02:02 | 000,212,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\UCX01000.SYS
[2013/02/19 13:02:01 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinTypes.dll
[2013/02/19 13:02:01 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfdisk.dll
[2013/02/19 13:02:01 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\svchost.exe
[2013/02/19 13:01:59 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfsvr.dll
[2013/02/19 13:01:59 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlidcredprov.dll
[2013/02/19 13:01:58 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhevents.dll
[2013/02/19 13:01:57 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll
[2013/02/19 13:01:57 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
[2013/02/19 13:01:55 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/02/19 13:01:54 | 000,437,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfh264enc.dll
[2013/02/19 13:01:54 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvproc.dll
[2013/02/19 13:01:54 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSyncHost.exe
[2013/02/19 13:01:54 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfnet.dll
[2013/02/19 13:01:53 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpksetup.exe
[2013/02/19 13:01:53 | 000,413,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfh264enc.dll
[2013/02/19 13:01:52 | 000,699,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinapi.dll
[2013/02/19 13:01:52 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevPropMgr.dll
[2013/02/19 13:01:51 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwm.exe
[2013/02/19 13:01:50 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhcfg.dll
[2013/02/19 13:01:50 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2013/02/19 13:01:49 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvinst.exe
[2013/02/19 13:01:43 | 002,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/02/19 13:01:43 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/02/19 13:01:43 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DAFWSD.dll
[2013/02/19 13:01:43 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfnet.dll
[2013/02/19 13:01:42 | 001,701,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/02/19 13:01:42 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhsrchapi.dll
[2013/02/19 13:01:41 | 000,588,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2013/02/19 13:01:41 | 000,417,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2013/02/19 13:01:41 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfos.dll
[2013/02/19 13:01:40 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhcat.dll
[2013/02/19 13:01:40 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhsvc.dll
[2013/02/19 13:01:37 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpremove.exe
[2013/02/19 13:01:35 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013/02/19 13:01:35 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhshl.dll
[2013/02/19 13:01:35 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasdiag.dll
[2013/02/19 13:01:35 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/02/19 13:01:34 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhmanagew.exe
[2013/02/19 13:01:34 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasdiag.dll
[2013/02/19 13:01:34 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhlisten.dll
[2013/02/19 13:01:34 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhcleanup.dll
[2013/02/19 13:01:34 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/02/19 13:01:33 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vsstrace.dll
[2013/02/19 13:01:33 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhsrchph.dll
[2013/02/19 13:01:32 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sdbinst.exe
[2013/02/19 13:01:31 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhtask.dll
[2013/02/19 13:01:30 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdbinst.exe
[2013/02/19 13:01:29 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ndptsp.tsp
[2013/02/19 13:01:29 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasmxs.dll
[2013/02/19 13:01:28 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasmxs.dll
[2013/02/19 13:01:27 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhautoplay.dll
[2013/02/19 13:01:26 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasser.dll
[2013/02/19 13:01:24 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ndptsp.tsp
[2013/02/19 13:01:23 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfctrs.dll
[2013/02/19 13:01:23 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfctrs.dll
[2013/02/19 13:01:22 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfproc.dll
[2013/02/19 13:01:22 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasser.dll
[2013/02/19 13:01:21 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfproc.dll
[2013/02/19 13:01:21 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfos.dll
[2013/02/19 13:01:17 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kmddsp.tsp
[2013/02/19 13:01:16 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kmddsp.tsp
[2013/02/19 13:01:16 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013/02/19 13:01:15 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhsvcctl.dll
[2013/02/19 13:01:13 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eventcls.dll
[2013/02/19 13:01:12 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LangCleanupSysprepAction.dll
[2013/02/19 13:01:12 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eventcls.dll
[2013/02/19 13:01:10 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MUILanguageCleanup.dll
[2013/02/19 13:01:09 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpksetupproxyserv.dll
[2013/02/19 13:01:08 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll
[2013/02/19 13:01:08 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2013/02/19 13:01:03 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shimeng.dll
[2013/02/19 13:01:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx
[2013/02/19 13:01:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll
[2013/02/19 13:01:02 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2013/02/19 13:01:02 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2013/02/19 13:00:55 | 009,374,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2013/02/19 13:00:55 | 009,374,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2013/02/19 11:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/02/19 11:18:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/02/19 11:18:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/02/18 20:17:08 | 000,692,568 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/18 20:17:08 | 000,078,168 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/18 19:10:15 | 000,000,000 | R--D | C] -- C:\Windows\BrowserChoice
[2013/02/18 18:59:40 | 000,000,000 | ---D | C] -- C:\sources
[2013/02/17 12:54:19 | 000,000,000 | ---D | C] -- C:\Users\-------\AppData\Roaming\OpenOffice.org
[2013/02/17 12:51:20 | 000,000,000 | ---D | C] -- C:\Users\-------\Desktop\OpenOffice.org 3.4.1 (de) Installation Files
[2013/02/17 12:46:09 | 000,000,000 | ---D | C] -- C:\Users\-------\AppData\Local\CrashDumps
[2013/02/16 20:13:44 | 000,000,000 | ---D | C] -- C:\Users\-------\AppData\Roaming\Apple Computer
[2013/02/16 20:13:44 | 000,000,000 | ---D | C] -- C:\Users\-------\AppData\Local\Apple Computer
[2013/02/16 20:13:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/02/16 20:13:28 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2013/02/16 20:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/02/16 20:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/02/16 20:13:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/02/16 20:13:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/02/16 20:13:11 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/02/16 20:13:00 | 000,000,000 | ---D | C] -- C:\Users\-------\AppData\Local\Apple
[2013/02/16 20:12:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/02/16 20:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/02/16 20:12:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/02/16 20:12:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/02/16 20:12:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013/02/16 20:12:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013/02/16 19:39:16 | 002,094,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmc.exe
[2013/02/16 19:39:16 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlidsvc.dll
[2013/02/16 19:39:15 | 001,611,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmc.exe
[2013/02/16 19:39:15 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2013/02/16 19:39:14 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll
[2013/02/16 19:39:12 | 001,886,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupapi.dll
[2013/02/16 19:39:12 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll
[2013/02/16 19:39:12 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll
[2013/02/16 19:39:12 | 000,194,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2013/02/16 19:39:11 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsm.dll
[2013/02/16 19:39:11 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Media.dll
[2013/02/16 19:39:10 | 000,124,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys
[2013/02/16 19:39:10 | 000,028,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpiowin32.sys
[2013/02/16 19:39:09 | 000,728,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2013/02/16 19:39:09 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2013/02/16 19:39:09 | 000,303,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/02/16 19:39:09 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDMon.dll
[2013/02/16 19:39:09 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll
[2013/02/16 19:39:08 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.dll
[2013/02/16 19:39:08 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsquirt.exe
[2013/02/16 19:39:08 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiaacmgr.exe
[2013/02/16 19:39:08 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wiaacmgr.exe
[2013/02/16 19:39:07 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2013/02/16 19:39:07 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncbservice.dll
[2013/02/16 19:39:07 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxm.dll
[2013/02/16 19:39:07 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhsvc.dll
[2013/02/16 19:39:06 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhapi.dll
[2013/02/16 19:39:06 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxp.dll
[2013/02/16 19:39:06 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\keepaliveprovider.dll
[2013/02/16 19:38:51 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll
[2013/02/16 19:38:51 | 001,437,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2013/02/16 19:31:22 | 000,017,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100_clr0400.dll
[2013/02/16 19:27:34 | 000,017,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100_clr0400.dll
[2013/02/16 19:19:47 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2013/02/16 19:19:47 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2013/02/16 19:19:25 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncryptsslp.dll
[2013/02/16 19:19:25 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncryptsslp.dll
[2013/02/16 19:19:24 | 006,967,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/16 19:19:21 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/02/16 19:18:57 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tssdisai.dll
[2013/02/16 19:18:56 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appserverai.dll
[2013/02/16 19:18:56 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RDWebAI.dll
[2013/02/16 19:18:56 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VmHostAI.dll
[2013/02/16 19:18:54 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2013/02/16 19:18:54 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2013/02/16 19:18:34 | 002,893,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/02/16 19:18:34 | 002,400,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/02/16 19:18:09 | 000,945,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\resetengmig.dll
[2013/02/16 19:18:09 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysreset.exe
[2013/02/16 19:18:06 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgentc.exe
[2013/02/16 19:18:06 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgentc.exe
[2013/02/16 19:17:54 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcadm.dll
[2013/02/16 19:17:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcalua.exe
[2013/02/16 19:17:53 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcaevts.dll
[2013/02/16 19:17:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/02/16 19:17:25 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/02/16 19:16:54 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013/02/16 19:16:54 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2013/02/16 19:16:54 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnathlp.dll
[2013/02/16 19:16:54 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnathlp.dll
[2013/02/16 19:16:54 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnsvr.exe
[2013/02/16 19:16:54 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnsvr.exe
[2013/02/16 19:16:54 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnhupnp.dll
[2013/02/16 19:16:54 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnhpast.dll
[2013/02/16 19:16:54 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnhupnp.dll
[2013/02/16 19:16:53 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnhpast.dll
[2013/02/16 19:16:53 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnlobby.dll
[2013/02/16 19:16:53 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnaddr.dll
[2013/02/16 19:16:53 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnlobby.dll
[2013/02/16 19:16:53 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnaddr.dll
[2013/02/16 19:16:52 | 000,362,496 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/02/16 19:16:52 | 000,300,032 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/02/16 19:16:52 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013/02/16 19:16:52 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013/02/16 19:16:52 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/02/16 19:16:52 | 000,035,328 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/02/16 19:16:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013/02/16 19:16:52 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013/02/16 19:16:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2013/02/16 19:16:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2013/02/16 19:16:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2013/02/16 19:16:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2013/02/16 19:06:25 | 000,000,000 | ---D | C] -- C:\Users\-------\AppData\Local\Kalypso Media
[2013/02/16 19:01:35 | 000,000,000 | ---D | C] -- C:\Users\-------\AppData\Roaming\Kalypso Media
[2013/02/16 19:01:14 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2013/02/16 19:01:14 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2013/02/16 19:01:14 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2013/02/16 19:01:13 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2013/02/16 19:01:13 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2013/02/16 19:01:13 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2013/02/16 19:01:13 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2013/02/16 19:01:13 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2013/02/16 19:01:13 | 000,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2013/02/16 19:01:13 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2013/02/16 19:01:12 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2013/02/16 19:01:12 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2013/02/16 19:01:12 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2013/02/16 19:01:12 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2013/02/16 19:01:12 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2013/02/16 19:01:12 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2013/02/16 19:01:11 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2013/02/16 19:01:11 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2013/02/16 19:01:11 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2013/02/16 19:01:11 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2013/02/16 19:01:10 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2013/02/16 19:01:10 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2013/02/16 19:01:10 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2013/02/16 19:01:10 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2013/02/16 19:01:10 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2013/02/16 19:01:09 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2013/02/16 19:01:09 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2013/02/16 19:01:09 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2013/02/16 19:01:09 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2013/02/16 19:01:09 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2013/02/16 19:01:09 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2013/02/16 19:01:09 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2013/02/16 19:01:08 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2013/02/16 19:01:08 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2013/02/16 19:01:08 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2013/02/16 19:01:08 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2013/02/16 19:01:08 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2013/02/16 19:01:07 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2013/02/16 19:01:07 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2013/02/16 19:01:07 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2013/02/16 19:01:07 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2013/02/16 19:01:06 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2013/02/16 19:01:06 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2013/02/16 19:01:05 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2013/02/16 19:01:05 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2013/02/16 19:01:05 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2013/02/16 19:01:05 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2013/02/16 19:01:05 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2013/02/16 19:01:05 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2013/02/16 19:01:05 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2013/02/16 19:01:05 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2013/02/16 19:01:04 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2013/02/16 19:01:04 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2013/02/16 19:01:04 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2013/02/16 19:01:04 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2013/02/16 19:01:03 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2013/02/16 19:01:03 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2013/02/16 19:01:03 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2013/02/16 19:01:03 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2013/02/16 19:01:03 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2013/02/16 19:01:02 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2013/02/16 19:01:02 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2013/02/16 19:01:01 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2013/02/16 19:00:56 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2013/02/16 19:00:56 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2013/02/16 19:00:56 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2013/02/16 19:00:56 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2013/02/16 19:00:55 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2013/02/16 19:00:55 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2013/02/16 19:00:55 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2013/02/16 19:00:55 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2013/02/16 19:00:55 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2013/02/16 18:51:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kalypso Media
[2013/02/16 18:26:59 | 000,000,000 | ---D | C] -- C:\Users\-------\AppData\Roaming\Macromedia
[2013/02/16 18:08:34 | 000,000,000 | ---D | C] -- C:\Users\-------\AppData\Local\BMExplorer
[2013/02/16 18:08:34 | 000,000,000 | ---D | C] -- C:\Users\-------\Documents\Bluetooth Folder
[2013/02/16 18:08:17 | 000,000,000 | ---D | C] -- C:\Users\-------\AppData\Roaming\Atheros
[2013/02/16 18:07:24 | 000,000,000 | ---D | C] -- C:\Users\-------\AppData\Roaming\ASUS WebStorage
[2013/02/16 18:06:47 | 000,000,000 | R--D | C] -- C:\Users\-------\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/02/16 18:06:47 | 000,000,000 | R--D | C] -- C:\Users\-------\Searches
[2013/02/16 18:06:47 | 000,000,000 | R--D | C] -- C:\Users\-------\Contacts
[2013/02/16 18:06:47 | 000,000,000 | R--D | C] -- C:\Users\-------\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/02/16 18:06:00 | 000,000,000 | ---D | C] -- C:\Users\-------\AppData\Roaming\Adobe
[2013/02/16 18:05:51 | 000,000,000 | R-SD | C] -- C:\Users\Public\Desktop\ASUS
[2013/02/16 18:05:51 | 000,000,000 | ---D | C] -- C:\ProgramData\FolderView
[2013/02/16 18:04:47 | 000,000,000 | ---D | C] -- C:\Users\-------\AppData\Local\VirtualStore
[2013/02/16 18:04:35 | 000,000,000 | ---D | C] -- C:\Users\-------\AppData\Local\Packages
[2013/02/16 18:04:33 | 000,000,000 | ---D | C] -- C:\Users\-------\AppData\Local\ASUS
[2013/02/16 18:04:20 | 000,000,000 | --SD | C] -- C:\Users\-------\AppData\Roaming\Microsoft
[2013/02/16 18:04:20 | 000,000,000 | R--D | C] -- C:\Users\-------\Videos
[2013/02/16 18:04:20 | 000,000,000 | R--D | C] -- C:\Users\-------\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013/02/16 18:04:20 | 000,000,000 | R--D | C] -- C:\Users\-------\Saved Games
[2013/02/16 18:04:20 | 000,000,000 | R--D | C] -- C:\Users\-------\Pictures
[2013/02/16 18:04:20 | 000,000,000 | R--D | C] -- C:\Users\-------\Music
[2013/02/16 18:04:20 | 000,000,000 | R--D | C] -- C:\Users\-------\Links
[2013/02/16 18:04:20 | 000,000,000 | R--D | C] -- C:\Users\-------\Favorites
[2013/02/16 18:04:20 | 000,000,000 | R--D | C] -- C:\Users\-------\Downloads
[2013/02/16 18:04:20 | 000,000,000 | R--D | C] -- C:\Users\-------\Documents
[2013/02/16 18:04:20 | 000,000,000 | R--D | C] -- C:\Users\-------\Desktop
[2013/02/16 18:04:20 | 000,000,000 | R--D | C] -- C:\Users\-------\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/02/16 18:04:20 | 000,000,000 | R--D | C] -- C:\Users\-------\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013/02/16 18:04:20 | 000,000,000 | -HSD | C] -- C:\Users\-------\Vorlagen
[2013/02/16 18:04:20 | 000,000,000 | -HSD | C] -- C:\Users\-------\AppData\Local\Verlauf
[2013/02/16 18:04:20 | 000,000,000 | -HSD | C] -- C:\Users\-------\AppData\Local\Temporary Internet Files
[2013/02/16 18:04:20 | 000,000,000 | -HSD | C] -- C:\Users\-------\Startmenü
[2013/02/16 18:04:20 | 000,000,000 | -HSD | C] -- C:\Users\-------\SendTo
[2013/02/16 18:04:20 | 000,000,000 | -HSD | C] -- C:\Users\-------\Recent
[2013/02/16 18:04:20 | 000,000,000 | -HSD | C] -- C:\Users\-------\Netzwerkumgebung
[2013/02/16 18:04:20 | 000,000,000 | -HSD | C] -- C:\Users\-------\Lokale Einstellungen
[2013/02/16 18:04:20 | 000,000,000 | -HSD | C] -- C:\Users\-------\Documents\Eigene Videos
[2013/02/16 18:04:20 | 000,000,000 | -HSD | C] -- C:\Users\-------\Documents\Eigene Musik
[2013/02/16 18:04:20 | 000,000,000 | -HSD | C] -- C:\Users\-------\Eigene Dateien
[2013/02/16 18:04:20 | 000,000,000 | -HSD | C] -- C:\Users\-------\Documents\Eigene Bilder
[2013/02/16 18:04:20 | 000,000,000 | -HSD | C] -- C:\Users\-------\Druckumgebung
[2013/02/16 18:04:20 | 000,000,000 | -HSD | C] -- C:\Users\-------\Cookies
[2013/02/16 18:04:20 | 000,000,000 | -HSD | C] -- C:\Users\-------\AppData\Local\Anwendungsdaten
[2013/02/16 18:04:20 | 000,000,000 | -HSD | C] -- C:\Users\-------\Anwendungsdaten
[2013/02/16 18:04:20 | 000,000,000 | -H-D | C] -- C:\Users\-------\AppData
[2013/02/16 18:04:20 | 000,000,000 | ---D | C] -- C:\Users\-------\AppData\Local\Temp
[2013/02/16 18:04:20 | 000,000,000 | ---D | C] -- C:\Users\-------\AppData\Local\Microsoft
[2013/02/16 18:04:20 | 000,000,000 | ---D | C] -- C:\Users\-------\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
 
========== Files - Modified Within 30 Days ==========
 
[2013/03/17 20:40:11 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/17 20:40:11 | 000,760,560 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/03/17 20:40:11 | 000,717,670 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/17 20:40:11 | 000,158,770 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/03/17 20:40:11 | 000,135,558 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/17 20:38:32 | 000,000,401 | ---- | M] () -- C:\Users\-------\AppData\Roaming\sp_data.sys
[2013/03/17 20:37:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/17 19:00:51 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2013/03/16 20:45:34 | 000,011,003 | ---- | M] () -- C:\Users\-------\Desktop\1.odt
[2013/03/16 20:12:21 | 000,006,198 | ---- | M] () -- C:\Users\-------\Desktop\Langfristige Prognosen.odt
[2013/03/16 17:59:31 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/03/16 17:43:03 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/03/16 17:43:02 | 3339,943,936 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/16 09:53:34 | 001,136,274 | ---- | M] () -- C:\Users\-------\Desktop\Neues Bild (8).bmp
[2013/03/14 21:36:27 | 000,000,000 | ---- | M] () -- C:\END
[2013/03/12 16:25:34 | 000,056,769 | ---- | M] () -- C:\Users\-------\Desktop\Neues Bild.png
[2013/03/09 14:42:45 | 000,355,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/03/03 13:20:30 | 000,002,234 | ---- | M] () -- C:\Users\Public\Desktop\Free Audio Converter.lnk
[2013/03/03 13:15:45 | 000,001,404 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
[2013/03/03 13:15:45 | 000,001,245 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
[2013/03/03 12:22:18 | 000,001,013 | ---- | M] () -- C:\Users\-------\Desktop\Audacity.lnk
[2013/03/01 16:58:29 | 000,200,530 | ---- | M] () -- C:\Users\-------\Desktop\IMG_3323.JPG
[2013/03/01 16:44:48 | 000,000,839 | ---- | M] () -- C:\Users\-------\AppData\Local\recently-used.xbel
[2013/02/22 15:57:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2013/02/21 08:29:31 | 000,078,168 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/21 08:29:30 | 000,692,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/19 13:59:06 | 000,070,112 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\cfwids.sys
[2013/02/19 13:56:26 | 000,340,216 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfewfpk.sys
[2013/02/19 13:56:14 | 000,182,752 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
[2013/02/19 13:55:26 | 000,010,728 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys
[2013/02/19 13:55:14 | 000,106,552 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys
[2013/02/19 13:54:32 | 000,771,536 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfehidk.sys
[2013/02/19 13:53:42 | 000,515,968 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfefirek.sys
[2013/02/19 13:53:02 | 000,309,840 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys
[2013/02/19 13:52:44 | 000,179,280 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeapfk.sys
[2013/02/19 13:40:52 | 000,069,168 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeelamk.sys
[2013/02/16 20:13:41 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/02/16 18:33:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
 
========== Files Created - No Company Name ==========
 
[2013/03/17 19:00:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2013/03/16 20:12:19 | 000,006,198 | ---- | C] () -- C:\Users\-------\Desktop\Langfristige Prognosen.odt
[2013/03/16 20:00:56 | 000,011,003 | ---- | C] () -- C:\Users\-------\Desktop\1.odt
[2013/03/16 17:59:31 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/03/16 09:53:34 | 001,136,274 | ---- | C] () -- C:\Users\-------\Desktop\Neues Bild (8).bmp
[2013/03/12 16:25:34 | 000,056,769 | ---- | C] () -- C:\Users\-------\Desktop\Neues Bild.png
[2013/03/03 16:14:19 | 000,000,000 | ---- | C] () -- C:\END
[2013/03/03 13:20:30 | 000,002,234 | ---- | C] () -- C:\Users\Public\Desktop\Free Audio Converter.lnk
[2013/03/03 13:15:45 | 000,001,404 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
[2013/03/03 13:15:45 | 000,001,245 | ---- | C] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
[2013/03/03 12:22:18 | 000,001,025 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2013/03/03 12:22:18 | 000,001,013 | ---- | C] () -- C:\Users\-------\Desktop\Audacity.lnk
[2013/03/01 17:04:14 | 000,200,530 | ---- | C] () -- C:\Users\-------\Desktop\IMG_3323.JPG
[2013/03/01 16:44:48 | 000,000,839 | ---- | C] () -- C:\Users\-------\AppData\Local\recently-used.xbel
[2013/03/01 16:18:52 | 000,000,894 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2013/02/27 20:55:43 | 000,355,944 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/22 15:57:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2013/02/19 13:01:33 | 000,110,592 | ---- | C] () -- C:\Windows\SysNative\OEMLicense.dll
[2013/02/19 13:01:33 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/02/18 20:19:19 | 000,002,143 | R-S- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Choice.lnk
[2013/02/16 20:13:41 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/02/16 20:12:59 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/02/16 19:39:12 | 000,386,577 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013/02/16 18:33:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2013/02/16 18:07:17 | 000,000,401 | ---- | C] () -- C:\Users\-------\AppData\Roaming\sp_data.sys
[2013/02/16 18:06:00 | 000,001,444 | ---- | C] () -- C:\Users\-------\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/10/23 09:38:05 | 000,185,216 | ---- | C] () -- C:\Windows\SysWow64\dptfinvalidpolicyremover.exe
[2012/10/23 09:38:05 | 000,004,362 | ---- | C] () -- C:\Windows\SysWow64\dptfinvalidpolicyremover.ini
[2012/09/07 05:39:53 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012/09/07 05:39:36 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/09/07 05:39:33 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/08/17 01:52:29 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2012/08/17 01:52:28 | 000,000,217 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2012/07/26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/07/25 21:22:56 | 000,267,284 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/07/25 21:22:54 | 000,963,376 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/06/02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012/04/20 13:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
========== ZeroAccess Check ==========
 
[2012/10/23 09:42:25 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/01/10 00:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/01/10 00:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >

--- --- ---

cosinus · 18.03.2013, 11:39

Rootkitscan mit GMER

Bitte lade dir

GMER herunter: (Dateiname zufällig)

Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei: IAT/EAT und Show All
Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

Probiere alternativ den abgesicherten Modus.
Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Ninaa · 19.03.2013, 14:00

GMER Logfile:

Code:

ATTFilter

GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-19 13:50:37
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000043 Hitachi_HTS545050A7E380 rev.GG2OA6C0 465.76GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\------\AppData\Local\Temp\pwloypod.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3236] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690    000007f8b7641532 4 bytes [64, B7, F8, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3236] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698    000007f8b764153a 4 bytes [64, B7, F8, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3236] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246  000007f8b764165a 4 bytes [64, B7, F8, 07]
.text   C:\Windows\system32\nvvsvc.exe[7496] C:\Windows\system32\MSIMG32.dll!GradientFill + 690                              000007f8b7641532 4 bytes [64, B7, F8, 07]
.text   C:\Windows\system32\nvvsvc.exe[7496] C:\Windows\system32\MSIMG32.dll!GradientFill + 698                              000007f8b764153a 4 bytes [64, B7, F8, 07]
.text   C:\Windows\system32\nvvsvc.exe[7496] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246                            000007f8b764165a 4 bytes [64, B7, F8, 07]
.text   C:\Windows\system32\nvvsvc.exe[7496] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                    000007f8bc4c177a 4 bytes [4C, BC, F8, 07]
.text   C:\Windows\system32\nvvsvc.exe[7496] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                    000007f8bc4c1782 4 bytes [4C, BC, F8, 07]
.text   C:\Windows\Explorer.EXE[3432] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                     000007f8b7641532 4 bytes [64, B7, F8, 07]
.text   C:\Windows\Explorer.EXE[3432] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                     000007f8b764153a 4 bytes [64, B7, F8, 07]
.text   C:\Windows\Explorer.EXE[3432] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                   000007f8b764165a 4 bytes [64, B7, F8, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[8416] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690      000007f8b7641532 4 bytes [64, B7, F8, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[8416] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698      000007f8b764153a 4 bytes [64, B7, F8, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[8416] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246    000007f8b764165a 4 bytes [64, B7, F8, 07]
.text   C:\Program Files\Internet Explorer\iexplore.exe[8492] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690             000007f8b7641532 4 bytes [64, B7, F8, 07]
.text   C:\Program Files\Internet Explorer\iexplore.exe[8492] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698             000007f8b764153a 4 bytes [64, B7, F8, 07]
.text   C:\Program Files\Internet Explorer\iexplore.exe[8492] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246           000007f8b764165a 4 bytes [64, B7, F8, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4228] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690             000007f8b7641532 4 bytes [64, B7, F8, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4228] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698             000007f8b764153a 4 bytes [64, B7, F8, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4228] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246           000007f8b764165a 4 bytes [64, B7, F8, 07]
.text   C:\Windows\system32\igfxpers.exe[7568] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                  000007f8bc4c177a 4 bytes [4C, BC, F8, 07]
.text   C:\Windows\system32\igfxpers.exe[7568] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                  000007f8bc4c1782 4 bytes [4C, BC, F8, 07]
.text   C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[6600] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690           000007f8b7641532 4 bytes [64, B7, F8, 07]
.text   C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[6600] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698           000007f8b764153a 4 bytes [64, B7, F8, 07]
.text   C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[6600] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246         000007f8b764165a 4 bytes [64, B7, F8, 07]
.text   C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4908] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690         000007f8b7641532 4 bytes [64, B7, F8, 07]
.text   C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4908] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698         000007f8b764153a 4 bytes [64, B7, F8, 07]
.text   C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4908] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246       000007f8b764165a 4 bytes [64, B7, F8, 07]
.text   C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4908] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742             000007f8a8651b32 4 bytes [65, A8, F8, 07]
.text   C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4908] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750             000007f8a8651b3a 4 bytes [65, A8, F8, 07]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [1280:7944]                                                                            fffff960008945e8
Thread  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [1164:7104]                                                    0000000071cb3139
Thread  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [1164:2632]                                                    0000000071cb3139
Thread  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [1164:8904]                                                    0000000071cb3139
Thread  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [1164:5672]                                                    0000000071cb3139
Thread  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [1164:1924]                                                    0000000071cb3139
Thread  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [1164:3968]                                                    0000000071cb3139
Thread  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [1164:3816]                                                    0000000071cb3139
Thread  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [1164:7360]                                                    0000000071cb3139
Thread  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [1164:8812]                                                    0000000071cb3139

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                unknown MBR code

---- EOF - GMER 2.1 ----

--- --- ---

Folgende Fehlermeldungen erschienen während dem Scan:

C:\Windows\system32\config\System: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird

C:\Users\-----\ntuser.dat: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird

cosinus · 19.03.2013, 14:34

Das ist durchaus normal. Was ist mit MBAR?

Ninaa · 19.03.2013, 14:35

Läuft gerade

cosinus · 19.03.2013, 14:49

Ok, aber eine Bitte: lass solche Zwischenrufe, poste nur wenn es Probleme gibt oder wenn du die Logs hast (diese dann auch posten in CODE-Tags)

Ninaa · 19.03.2013, 14:51

MBAR Ergebnis: No Maleware found

einen CleanUp Button habe ich nicht gefunden & auch keinen Neustart und daher auch keine Log-Datei.

Woran lags?

cosinus · 19.03.2013, 15:33

Nein das stimmt so nciht, MBAR erzeugt immer ein Log ob es nun einen Fund gab oder nicht

Ninaa · 22.03.2013, 19:55

OK... ich hab es erneut versucht...

Ich habe die Datei entpackt und auf dem Desktop gespeichert. Anschließend die Anwendung mbar geöffnet. Folgende Meldung erscheint :

Probable rootkit activity detected

Registry value "Applnit_Dlls" has been found, which may be caused by rootkit activity.
Note: Press "No" button if you are not sure. If the tool crahes or terminates unexpectedly during a System scan, restart the tool and press "Yes" should this message appear again

Do you want to remove this value and restart the tool?

Ich habe beim ersten Versuch auf "Nein" geklickt.... ich sichere mich jetzt lieber noch einmal bei Dir ab, bevor dies der Grund dafür ist, dass es beim ersten Versuch nicht geklappt hat.

Viele Grüße & vielen Dank vorab

cosinus · 23.03.2013, 10:14

Da bitte auf nein klicken und normal weitermachen

Ninaa · 23.03.2013, 14:35

Code:

ATTFilter

 www.malwarebytes.org

Database version: v2013.03.19.06

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16519
Janina :: JANINA [administrator]

19/03/2013 14:47:53
mbar-log-2013-03-19 (14-47-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 8019
Time elapsed: 35 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

cosinus · 23.03.2013, 16:57

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

19.03.2013, 14:34	#7
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Malware Yontoo // Malwarebytes-Anti-Malware-Programm keine identifizierte Datei gefunden Das ist durchaus normal. Was ist mit MBAR? __________________ Logfiles bitte immer in CODE-Tags posten

19.03.2013, 14:49	#9
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Malware Yontoo // Malwarebytes-Anti-Malware-Programm keine identifizierte Datei gefunden Ok, aber eine Bitte: lass solche Zwischenrufe, poste nur wenn es Probleme gibt oder wenn du die Logs hast (diese dann auch posten in CODE-Tags) __________________ Logfiles bitte immer in CODE-Tags posten

19.03.2013, 15:33	#11
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Malware Yontoo // Malwarebytes-Anti-Malware-Programm keine identifizierte Datei gefunden Nein das stimmt so nciht, MBAR erzeugt immer ein Log ob es nun einen Fund gab oder nicht __________________ Logfiles bitte immer in CODE-Tags posten

23.03.2013, 10:14	#13
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Malware Yontoo // Malwarebytes-Anti-Malware-Programm keine identifizierte Datei gefunden Da bitte auf nein klicken und normal weitermachen __________________ Logfiles bitte immer in CODE-Tags posten

Malware Yontoo // Malwarebytes-Anti-Malware-Programm keine identifizierte Datei gefunden

Plagegeister aller Art und deren Bekämpfung: Malware Yontoo // Malwarebytes-Anti-Malware-Programm keine identifizierte Datei gefunden