| |
| |||||||
Log-Analyse und Auswertung: Wöchentlicher AntiVir-Lauf findet TR/Ransom.Blocker.cafzWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.08.2013, 17:07
| #1 |
| |  Wöchentlicher AntiVir-Lauf findet TR/Ransom.Blocker.cafz Hallo Trojaner-Board-Team, letzte Woche hat AntiVir bei meinem wöchentlichen Suchlauf den Trojaner TR/Ransom.Blocker.cafz entdeckt. Natürlich sofort in Quarantäne und von dort in die Ewigkeit geschickt. Allerdings traue ich dem Frieden nicht, Antivir findet zwar nichts mehr und der Computer läuft ansonsten normal, aber ich bin trotzdem skeptisch. Hier mal das Logfile von Antivir: Code:
ATTFilter Exportierte Ereignisse:
15.08.2013 16:56 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\Sebastian\AppData\Local\Packages\microsoft.windowscommunicationsapps_8
wekyb3d8bbwe\LocalState\LiveComm\da57e5376996aa6f\120712-0049\Att\20000780\Sebis
chmiedl stornierte Rechnung 12.08.2013.zip'
enthielt einen Virus oder unerwünschtes Programm 'TR/Ransom.Blocker.cafz'
[trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5a1c4268.qua'
verschoben!
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-08-2013
Ran by Sebastian (administrator) on 19-08-2013 17:50:25
Running from C:\Users\Sebastian\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(Creative Technology Ltd) C:\Windows\sysWow64\CtHdaSvc.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Intel Corporation) C:\Program Files\Intel\Thunderbolt Software\Thunderbolt.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
() C:\Users\Sebastian\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
() C:\Users\Sebastian\Documents\GIGABYTE\AIVIA GHOST\GHOSTOPEN.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Thunderbolt] - C:\Program Files\Intel\Thunderbolt Software\Thunderbolt.exe [671232 2013-07-06] (Intel Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Sebastian\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Sound Blaster Z-Series Control Panel] - C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe [735744 2013-02-27] (Creative Technology Ltd)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Razer Synapse] - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [606056 2013-07-23] (Razer Inc.)
HKLM-x32\...\Run: [ghost] - C:\Users\Sebastian\Documents\GIGABYTE\AIVIA GHOST\ghostopen.exe [191488 2012-09-18] ()
AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll [653600 2013-07-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Chrome:
=======
CHR HomePage: hxxp://www.consolewars.de/
CHR Extension: (Google Docs) - C:\Users\SEBAST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\SEBAST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\SEBAST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\SEBAST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\SEBAST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
==================== Services (Whitelisted) =================
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [638520 2013-07-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [811064 2013-07-06] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-06] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [945152 2013-07-06] (ASUSTeK Computer Inc.)
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [112640 2013-03-25] (Creative Technology Ltd)
S3 DAUpdaterSvc; F:\Programme\Origin Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-07-06] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-07-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130016 2013-07-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-07-06] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [83672 2013-07-06] (Avira Operations GmbH & Co. KG)
R3 cthda; C:\Windows\system32\drivers\cthda.sys [1058072 2013-03-25] (Creative Technology Ltd)
R3 cthdb; C:\Windows\system32\DRIVERS\cthdb.sys [31512 2013-03-25] (Creative Technology Ltd)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d63x64.sys [468752 2013-02-27] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-19 17:49 - 2013-08-19 17:49 - 01575812 _____ (Farbar) C:\Users\Sebastian\Desktop\FRST64.exe
2013-08-19 17:46 - 2013-08-19 17:46 - 00001118 _____ C:\Users\Sebastian\Desktop\Ereignisse.txt
2013-08-19 00:19 - 2013-08-19 00:19 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Malwarebytes
2013-08-19 00:18 - 2013-08-19 00:18 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sebastian\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-19 00:18 - 2013-08-19 00:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-17 15:17 - 2013-08-17 15:17 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-08-15 18:45 - 2013-08-18 18:21 - 00000000 ____D C:\Users\SEBAST~1\AppData\Local\Battle.net
2013-08-15 18:45 - 2013-08-15 18:46 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Battle.net
2013-08-15 18:45 - 2013-08-15 18:45 - 00000000 ____D C:\Users\SEBAST~1\AppData\Local\Blizzard Entertainment
2013-08-15 17:04 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 17:04 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 17:04 - 2013-07-26 07:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-08-15 17:04 - 2013-07-26 07:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-08-15 17:04 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 17:04 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 17:04 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 17:04 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 17:04 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 17:04 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 17:04 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 17:04 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 17:04 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 17:04 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 17:04 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 17:04 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 17:04 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 17:04 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 17:04 - 2013-07-26 05:13 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-08-15 17:04 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 17:04 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 17:04 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 17:04 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 17:04 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 17:04 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 17:04 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 17:04 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 17:04 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 17:04 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 17:04 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 17:04 - 2013-07-26 02:54 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-08-15 17:04 - 2013-07-13 08:18 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 17:04 - 2013-07-13 08:16 - 01889280 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 17:04 - 2013-07-13 08:16 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 17:04 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2013-08-15 17:04 - 2013-07-13 08:15 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2013-08-15 17:04 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 17:04 - 2013-07-13 06:23 - 01568256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 17:04 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2013-08-15 17:04 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2013-08-15 17:04 - 2013-07-09 08:07 - 02233168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 17:04 - 2013-07-02 02:44 - 00036288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2013-08-15 17:04 - 2013-07-02 00:08 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2013-08-15 17:04 - 2013-05-24 01:02 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 17:04 - 2013-05-24 00:25 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-04 17:44 - 2013-08-04 17:44 - 00000000 ____D C:\ProgramData\BioWare
2013-08-04 17:37 - 2013-08-04 17:37 - 00000000 ____D C:\Users\SEBAST~1\AppData\Local\EA Core
2013-08-04 17:36 - 2013-08-04 17:36 - 00007856 _____ C:\Users\Sebastian\Documents\DAO Ultimate Addins Updater.log
2013-08-04 17:36 - 2013-08-04 17:36 - 00000000 ____D C:\Windows\1C4551A64743409391E41477CD655043.TMP
2013-08-04 17:36 - 2013-08-04 17:36 - 00000000 ____D C:\Users\Sebastian\Documents\BioWare
2013-08-04 17:36 - 2013-08-04 17:36 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-08-04 17:36 - 2013-08-04 17:36 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-08-04 17:26 - 2013-08-04 17:36 - 00034891 _____ C:\Users\Sebastian\Documents\Install Dragon Age.log
2013-08-02 18:56 - 2013-08-02 18:56 - 00000000 ____D C:\Users\Sebastian\Documents\Diablo III
2013-08-01 20:48 - 2013-08-01 20:48 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-01 20:48 - 2013-08-01 20:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-31 18:46 - 2013-07-30 18:51 - 00000000 ____D C:\Users\Sebastian\Documents\Bewerbungsunterlagen
2013-07-30 18:45 - 2013-07-30 18:45 - 00000000 ____D C:\NvidiaLogging
2013-07-30 18:45 - 2013-05-14 21:28 - 00039712 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-07-30 18:45 - 2013-05-14 21:27 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-07-30 18:45 - 2013-05-14 21:27 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-07-27 00:32 - 2013-08-04 13:23 - 00010313 _____ C:\Users\Sebastian\Documents\TombRaider.log
2013-07-25 05:38 - 2013-07-25 05:38 - 00296448 _____ (Razer Inc) C:\Windows\SysWOW64\rzaudiodll.dll
2013-07-21 11:32 - 2013-08-15 17:15 - 00000000 ____D C:\Windows\system32\MRT
2013-07-20 12:49 - 2013-07-20 12:49 - 00306072 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-20 08:18 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-07-20 08:18 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-07-20 08:18 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-07-20 08:18 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2013-07-20 08:18 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2013-07-20 08:18 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2013-07-20 08:18 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-07-20 08:18 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2013-07-20 08:18 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2013-07-20 08:18 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-07-20 08:18 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2013-07-20 08:18 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2013-07-20 08:18 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2013-07-20 08:18 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2013-07-20 08:18 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2013-07-20 08:18 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2013-07-20 08:18 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-07-20 08:18 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-07-20 08:18 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2013-07-20 08:18 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MbaeParserTask.exe
2013-07-20 08:18 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2013-07-20 08:18 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2013-07-20 08:18 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2013-07-20 08:18 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2013-07-20 08:18 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2013-07-20 08:18 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2013-07-20 08:18 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2013-07-20 08:18 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupManager.dll
2013-07-20 08:18 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthAvrcpTg.sys
2013-07-20 08:18 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2013-07-20 08:18 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2013-07-20 08:18 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2013-07-20 08:18 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2013-07-20 08:18 - 2013-05-20 02:08 - 00386642 _____ C:\Windows\system32\ApnDatabase.xml
2013-07-20 08:18 - 2012-10-24 06:54 - 00396008 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2013-07-20 08:18 - 2012-10-17 06:32 - 01172992 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2013-07-20 08:18 - 2012-10-17 06:32 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2013-07-20 08:18 - 2012-10-17 06:32 - 00673280 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2013-07-20 08:18 - 2012-10-17 05:57 - 00929792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2013-07-20 08:18 - 2012-10-17 05:57 - 00568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2013-07-20 08:18 - 2012-10-17 05:57 - 00513024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2013-07-20 08:18 - 2012-10-12 08:13 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\dskquota.dll
2013-07-20 08:18 - 2012-10-12 07:39 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dskquota.dll
2013-07-20 08:18 - 2012-10-11 09:47 - 00793200 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2013-07-20 08:18 - 2012-10-11 09:25 - 00056552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdstor.sys
2013-07-20 08:18 - 2012-10-11 09:23 - 00441576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-07-20 08:18 - 2012-10-11 09:18 - 00172264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-07-20 08:18 - 2012-10-11 09:13 - 00058088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2013-07-20 08:18 - 2012-10-11 09:13 - 00033512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\battc.sys
2013-07-20 08:18 - 2012-10-11 09:08 - 00562392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-07-20 08:18 - 2012-10-11 07:46 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2013-07-20 08:18 - 2012-10-11 07:46 - 00517120 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2013-07-20 08:18 - 2012-10-11 07:46 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.Compression.dll
2013-07-20 08:18 - 2012-10-11 07:46 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\BdeUISrv.exe
2013-07-20 08:18 - 2012-10-11 07:46 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2013-07-20 08:18 - 2012-10-11 07:45 - 01045504 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2013-07-20 08:18 - 2012-10-11 07:45 - 00590848 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2013-07-20 08:18 - 2012-10-11 07:45 - 00579584 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2013-07-20 08:18 - 2012-10-11 07:45 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\SpaceControl.dll
2013-07-20 08:18 - 2012-10-11 07:45 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll
2013-07-20 08:18 - 2012-10-11 07:44 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-07-20 08:18 - 2012-10-11 07:44 - 00904192 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2013-07-20 08:18 - 2012-10-11 07:44 - 00355328 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-07-20 08:18 - 2012-10-11 07:44 - 00264704 _____ (Microsoft Corporation) C:\Windows\system32\ListSvc.dll
2013-07-20 08:18 - 2012-10-11 07:44 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2013-07-20 08:18 - 2012-10-11 07:44 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2013-07-20 08:18 - 2012-10-11 07:43 - 01280000 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-20 08:18 - 2012-10-11 07:43 - 00757760 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2013-07-20 08:18 - 2012-10-11 07:43 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2013-07-20 08:18 - 2012-10-11 07:43 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2013-07-20 08:18 - 2012-10-11 07:43 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2013-07-20 08:18 - 2012-10-11 07:43 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\AppxSip.dll
2013-07-20 08:18 - 2012-10-11 07:43 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2013-07-20 08:18 - 2012-10-11 07:43 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2013-07-20 08:18 - 2012-10-11 07:42 - 00612416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2013-07-20 08:18 - 2012-10-11 07:23 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-pdc.dll
2013-07-20 08:18 - 2012-10-11 07:23 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\kbdhebl3.dll
2013-07-20 08:18 - 2012-10-11 07:19 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2013-07-20 08:18 - 2012-10-11 07:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-07-20 08:18 - 2012-10-11 07:16 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-07-20 08:18 - 2012-10-11 07:15 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2013-07-20 08:18 - 2012-10-11 07:07 - 01226752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2013-07-20 08:18 - 2012-10-11 07:07 - 00962560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2013-07-20 08:18 - 2012-10-11 07:07 - 00460800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2013-07-20 08:18 - 2012-10-11 07:07 - 00414720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2013-07-20 08:18 - 2012-10-11 07:07 - 00116224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.Compression.dll
2013-07-20 08:18 - 2012-10-11 07:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll
2013-07-20 08:18 - 2012-10-11 07:07 - 00019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2013-07-20 08:18 - 2012-10-11 07:06 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2013-07-20 08:18 - 2012-10-11 07:06 - 00289280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-07-20 08:18 - 2012-10-11 07:06 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2013-07-20 08:18 - 2012-10-11 07:06 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2013-07-20 08:18 - 2012-10-11 07:06 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2013-07-20 08:18 - 2012-10-11 07:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2013-07-20 08:18 - 2012-10-11 07:06 - 00051712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2013-07-20 08:18 - 2012-10-11 07:05 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxSip.dll
2013-07-20 08:18 - 2012-10-11 06:42 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdhebl3.dll
2013-07-20 08:18 - 2012-10-11 02:45 - 00478424 _____ C:\Windows\SysWOW64\locale.nls
2013-07-20 08:18 - 2012-10-11 02:44 - 00478424 _____ C:\Windows\system32\locale.nls
2013-07-20 08:14 - 2012-12-04 06:21 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2013-07-20 08:14 - 2012-11-27 08:39 - 01122768 _____ (Microsoft Corporation) C:\Windows\system32\Taskmgr.exe
2013-07-20 08:14 - 2012-11-27 06:49 - 01027152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Taskmgr.exe
2013-07-20 08:14 - 2012-11-27 06:20 - 01217536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2013-07-20 08:14 - 2012-11-27 06:20 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-07-20 08:14 - 2012-11-27 06:20 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-07-20 08:14 - 2012-11-27 06:20 - 00798208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebcamUi.dll
2013-07-20 08:14 - 2012-11-27 06:20 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-07-20 08:14 - 2012-11-27 06:20 - 00560128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserLanguagesCpl.dll
2013-07-20 08:14 - 2012-11-27 06:20 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2013-07-20 08:14 - 2012-11-27 06:20 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vds_ps.dll
2013-07-20 08:14 - 2012-11-27 06:19 - 03245568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-07-20 08:14 - 2012-11-27 06:19 - 01536512 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2013-07-20 08:14 - 2012-11-27 06:19 - 00955904 _____ (Microsoft Corporation) C:\Windows\system32\WebcamUi.dll
2013-07-20 08:14 - 2012-11-27 06:19 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\UserLanguagesCpl.dll
2013-07-20 08:14 - 2012-11-27 06:19 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-07-20 08:14 - 2012-11-27 06:19 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll
2013-07-20 08:14 - 2012-11-27 06:18 - 01071104 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-07-20 08:14 - 2012-11-27 06:18 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-07-20 08:14 - 2012-11-27 06:18 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-07-20 08:14 - 2012-11-27 06:17 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-07-20 08:14 - 2012-11-20 07:24 - 01164800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Display.dll
2013-07-20 08:14 - 2012-11-20 07:17 - 01184256 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
2013-07-20 08:14 - 2012-11-20 07:02 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDKURD.DLL
2013-07-20 08:14 - 2012-11-20 06:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDKURD.DLL
2013-07-20 08:14 - 2012-11-08 06:25 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2013-07-20 08:14 - 2012-11-08 06:25 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2013-07-20 08:14 - 2012-11-08 06:25 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-07-20 08:14 - 2012-11-08 06:22 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2013-07-20 08:14 - 2012-11-08 06:22 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2013-07-20 08:14 - 2012-11-08 06:22 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-07-20 08:14 - 2012-11-06 09:52 - 00277736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2013-07-20 08:14 - 2012-11-06 09:33 - 01566432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2013-07-20 08:14 - 2012-11-06 06:48 - 01150160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2013-07-20 08:14 - 2012-11-06 06:20 - 00883712 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2013-07-20 08:14 - 2012-11-06 06:20 - 00516608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2013-07-20 08:14 - 2012-11-06 06:20 - 00386560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2013-07-20 08:14 - 2012-11-06 06:20 - 00375296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll
2013-07-20 08:14 - 2012-11-06 06:20 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2013-07-20 08:14 - 2012-11-06 06:20 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2013-07-20 08:14 - 2012-11-06 06:20 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnApi.dll
2013-07-20 08:14 - 2012-11-06 06:20 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfdprov.dll
2013-07-20 08:14 - 2012-11-06 06:19 - 08552448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2013-07-20 08:14 - 2012-11-06 06:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2013-07-20 08:14 - 2012-11-06 06:19 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2013-07-20 08:14 - 2012-11-06 06:19 - 00470016 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2013-07-20 08:14 - 2012-11-06 06:19 - 00466944 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2013-07-20 08:14 - 2012-11-06 06:19 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2013-07-20 08:14 - 2012-11-06 06:19 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2013-07-20 08:14 - 2012-11-06 06:19 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\WcnApi.dll
2013-07-20 08:14 - 2012-11-06 06:19 - 00126464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
2013-07-20 08:14 - 2012-11-06 06:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\wfdprov.dll
2013-07-20 08:14 - 2012-11-06 06:19 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapPeerProxy.dll
2013-07-20 08:14 - 2012-11-06 06:19 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapAuthProxy.dll
2013-07-20 08:14 - 2012-11-06 06:18 - 11459584 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2013-07-20 08:14 - 2012-11-06 06:18 - 01037312 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-07-20 08:14 - 2012-11-06 06:18 - 00976384 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-07-20 08:14 - 2012-11-06 06:18 - 00189440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bthprops.cpl
2013-07-20 08:14 - 2012-11-06 06:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll
2013-07-20 08:14 - 2012-11-06 06:18 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\fdWCN.dll
2013-07-20 08:14 - 2012-11-06 06:18 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWCN.dll
2013-07-20 08:14 - 2012-11-06 06:17 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\bthprops.cpl
2013-07-20 08:14 - 2012-11-06 06:17 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\dafWCN.dll
2013-07-20 08:14 - 2012-11-06 06:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\iscsilog.dll
2013-07-20 08:14 - 2012-11-06 05:58 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2013-07-20 08:14 - 2012-11-06 05:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
2013-07-20 08:14 - 2012-11-06 05:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2013-07-20 08:14 - 2012-11-06 05:55 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2013-07-20 08:14 - 2012-11-06 05:55 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2013-07-20 08:14 - 2012-11-06 05:55 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2013-07-20 08:14 - 2012-11-06 05:55 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fxppm.sys
2013-07-20 08:14 - 2012-11-06 05:53 - 00560640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-07-20 08:14 - 2012-11-06 05:51 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-07-20 08:14 - 2012-10-12 10:08 - 00027880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-07-20 08:14 - 2012-10-12 08:14 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2013-07-20 08:14 - 2012-10-12 07:50 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-07-20 08:14 - 2012-10-02 09:34 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-07-20 08:14 - 2012-09-27 09:17 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\newdev.exe
2013-07-20 08:14 - 2012-09-27 09:17 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\ndadmin.exe
2013-07-20 08:14 - 2012-09-27 09:15 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\newdev.dll
2013-07-20 08:14 - 2012-09-27 08:35 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\newdev.exe
2013-07-20 08:14 - 2012-09-27 08:35 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ndadmin.exe
2013-07-20 08:14 - 2012-09-27 08:34 - 00275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\newdev.dll
2013-07-20 08:14 - 2012-09-20 11:10 - 02367528 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2013-07-20 08:14 - 2012-09-20 11:08 - 00027280 _____ (Microsoft Corporation) C:\Windows\system32\avrt.dll
2013-07-20 08:14 - 2012-09-20 10:40 - 00389360 _____ (Microsoft Corporation) C:\Windows\system32\MMDevAPI.dll
2013-07-20 08:14 - 2012-09-20 10:31 - 00425192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2013-07-20 08:14 - 2012-09-20 10:04 - 00100072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-07-20 08:14 - 2012-09-20 09:55 - 03265256 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\evbda.sys
2013-07-20 08:14 - 2012-09-20 09:55 - 00533224 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bxvbda.sys
2013-07-20 08:14 - 2012-09-20 09:55 - 00120040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2013-07-20 08:14 - 2012-09-20 09:03 - 00465128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-07-20 08:14 - 2012-09-20 08:48 - 00062488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys
2013-07-20 08:14 - 2012-09-20 08:47 - 00307192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MMDevAPI.dll
2013-07-20 08:14 - 2012-09-20 08:33 - 03964416 _____ (Microsoft Corporation) C:\Windows\system32\WinSAT.exe
2013-07-20 08:14 - 2012-09-20 08:33 - 02397184 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2013-07-20 08:14 - 2012-09-20 08:33 - 01513984 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2013-07-20 08:14 - 2012-09-20 08:33 - 01342464 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2013-07-20 08:14 - 2012-09-20 08:33 - 01304064 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2013-07-20 08:14 - 2012-09-20 08:33 - 00866304 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2013-07-20 08:14 - 2012-09-20 08:33 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2013-07-20 08:14 - 2012-09-20 08:33 - 00699392 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.dll
2013-07-20 08:14 - 2012-09-20 08:33 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\lpksetup.exe
2013-07-20 08:14 - 2012-09-20 08:33 - 00588800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2013-07-20 08:14 - 2012-09-20 08:33 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\WinSATAPI.dll
2013-07-20 08:14 - 2012-09-20 08:33 - 00545280 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2013-07-20 08:14 - 2012-09-20 08:33 - 00541184 _____ (Microsoft Corporation) C:\Windows\system32\VAN.dll
2013-07-20 08:14 - 2012-09-20 08:33 - 00420352 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2013-07-20 08:14 - 2012-09-20 08:33 - 00410624 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2013-07-20 08:14 - 2012-09-20 08:33 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\wlidcredprov.dll
2013-07-20 08:14 - 2012-09-20 08:33 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\wpnprv.dll
2013-07-20 08:14 - 2012-09-20 08:33 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2013-07-20 08:14 - 2012-09-20 08:33 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-07-20 08:14 - 2012-09-20 08:33 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll
2013-07-20 08:14 - 2012-09-20 08:33 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\dwm.exe
2013-07-20 08:14 - 2012-09-20 08:33 - 00110592 _____ C:\Windows\system32\OEMLicense.dll
2013-07-20 08:14 - 2012-09-20 08:33 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2013-07-20 08:14 - 2012-09-20 08:33 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2013-07-20 08:14 - 2012-09-20 08:33 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\drvinst.exe
2013-07-20 08:14 - 2012-09-20 08:33 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\lpremove.exe
2013-07-20 08:14 - 2012-09-20 08:33 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2013-07-20 08:14 - 2012-09-20 08:33 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\umpo.dll
2013-07-20 08:14 - 2012-09-20 08:33 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll
2013-07-20 08:14 - 2012-09-20 08:33 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-07-20 08:14 - 2012-09-20 08:33 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\svchost.exe
2013-07-20 08:14 - 2012-09-20 08:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2013-07-20 08:14 - 2012-09-20 08:32 - 01739264 _____ (Microsoft Corporation) C:\Windows\system32\RacEngn.dll
2013-07-20 08:14 - 2012-09-20 08:32 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2013-07-20 08:14 - 2012-09-20 08:32 - 01019392 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.dll
2013-07-20 08:14 - 2012-09-20 08:32 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\provcore.dll
2013-07-20 08:14 - 2012-09-20 08:32 - 00256512 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2013-07-20 08:14 - 2012-09-20 08:32 - 00228352 _____ (Microsoft Corporation) C:\Windows\system32\ProximityService.dll
2013-07-20 08:14 - 2012-09-20 08:32 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\perfos.dll
2013-07-20 08:14 - 2012-09-20 08:32 - 00163328 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-07-20 08:14 - 2012-09-20 08:32 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\PackageStateRoaming.dll
2013-07-20 08:14 - 2012-09-20 08:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\RpcEpMap.dll
2013-07-20 08:14 - 2012-09-20 08:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2013-07-20 08:14 - 2012-09-20 08:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\perfdisk.dll
2013-07-20 08:14 - 2012-09-20 08:32 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\perfnet.dll
2013-07-20 08:14 - 2012-09-20 08:31 - 00755200 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2013-07-20 08:14 - 2012-09-20 08:31 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll
2013-07-20 08:14 - 2012-09-20 08:31 - 00604672 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2013-07-20 08:14 - 2012-09-20 08:31 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-07-20 08:14 - 2012-09-20 08:31 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\mfh264enc.dll
2013-07-20 08:14 - 2012-09-20 08:31 - 00355328 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2013-07-20 08:14 - 2012-09-20 08:31 - 00240640 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2013-07-20 08:14 - 2012-09-20 08:31 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\MFPlay.dll
2013-07-20 08:14 - 2012-09-20 08:31 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2013-07-20 08:14 - 2012-09-20 08:31 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\IPHLPAPI.DLL
2013-07-20 08:14 - 2012-09-20 08:31 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\DevPropMgr.dll
2013-07-20 08:14 - 2012-09-20 08:31 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\mmcss.dll
2013-07-20 08:14 - 2012-09-20 08:30 - 03847168 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-20 08:14 - 2012-09-20 08:30 - 02219008 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-20 08:14 - 2012-09-20 08:30 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-07-20 08:14 - 2012-09-20 08:30 - 02016256 _____ (Microsoft Corporation) C:\Windows\system32\batmeter.dll
2013-07-20 08:14 - 2012-09-20 08:30 - 01743872 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2013-07-20 08:14 - 2012-09-20 08:30 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
2013-07-20 08:14 - 2012-09-20 08:30 - 00634880 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2013-07-20 08:14 - 2012-09-20 08:30 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2013-07-20 08:14 - 2012-09-20 08:30 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\bcdsrv.dll
2013-07-20 08:14 - 2012-09-20 08:30 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\DAFWSD.dll
2013-07-20 08:14 - 2012-09-20 08:13 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-kernel-power-events.dll
2013-07-20 08:14 - 2012-09-20 08:13 - 00023656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\avrt.dll
2013-07-20 08:14 - 2012-09-20 08:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys
2013-07-20 08:14 - 2012-09-20 07:55 - 00995328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2013-07-20 08:14 - 2012-09-20 07:55 - 00465920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2013-07-20 08:14 - 2012-09-20 07:55 - 00417280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2013-07-20 08:14 - 2012-09-20 07:55 - 00333824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2013-07-20 08:14 - 2012-09-20 07:55 - 00303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSATAPI.dll
2013-07-20 08:14 - 2012-09-20 07:55 - 00263168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidcredprov.dll
2013-07-20 08:14 - 2012-09-20 07:55 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2013-07-20 08:14 - 2012-09-20 07:55 - 00166912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2013-07-20 08:14 - 2012-09-20 07:55 - 00154624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll
2013-07-20 08:14 - 2012-09-20 07:55 - 00083968 _____ C:\Windows\SysWOW64\OEMLicense.dll
2013-07-20 08:14 - 2012-09-20 07:55 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2013-07-20 08:14 - 2012-09-20 07:55 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2013-07-20 08:14 - 2012-09-20 07:55 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
2013-07-20 08:14 - 2012-09-20 07:55 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2013-07-20 08:14 - 2012-09-20 07:54 - 01369600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RacEngn.dll
2013-07-20 08:14 - 2012-09-20 07:54 - 01196032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2013-07-20 08:14 - 2012-09-20 07:54 - 01137152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2013-07-20 08:14 - 2012-09-20 07:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsSpellCheckingFacility.dll
2013-07-20 08:14 - 2012-09-20 07:54 - 00533504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\provcore.dll
2013-07-20 08:14 - 2012-09-20 07:54 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.dll
2013-07-20 08:14 - 2012-09-20 07:54 - 00480768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VAN.dll
2013-07-20 08:14 - 2012-09-20 07:54 - 00449024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll
2013-07-20 08:14 - 2012-09-20 07:54 - 00413184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfh264enc.dll
2013-07-20 08:14 - 2012-09-20 07:54 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2013-07-20 08:14 - 2012-09-20 07:54 - 00214528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2013-07-20 08:14 - 2012-09-20 07:54 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFPlay.dll
2013-07-20 08:14 - 2012-09-20 07:54 - 00089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PackageStateRoaming.dll
2013-07-20 08:14 - 2012-09-20 07:54 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll
2013-07-20 08:14 - 2012-09-20 07:54 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfdisk.dll
2013-07-20 08:14 - 2012-09-20 07:54 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfnet.dll
2013-07-20 08:14 - 2012-09-20 07:53 - 03296256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-07-20 08:14 - 2012-09-20 07:53 - 02033664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-07-20 08:14 - 2012-09-20 07:53 - 02007040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\batmeter.dll
2013-07-20 08:14 - 2012-09-20 07:53 - 01701376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-07-20 08:14 - 2012-09-20 07:53 - 01247232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2013-07-20 08:14 - 2012-09-20 07:53 - 00675840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2013-07-20 08:14 - 2012-09-20 07:53 - 00670208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
2013-07-20 08:14 - 2012-09-20 07:53 - 00461824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2013-07-20 08:14 - 2012-09-20 07:53 - 00366080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-07-20 08:14 - 2012-09-20 07:53 - 00119808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IPHLPAPI.DLL
2013-07-20 08:14 - 2012-09-11 07:28 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\vdsldr.exe
2013-07-20 08:14 - 2012-09-11 07:27 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\vds_ps.dll
2013-07-20 08:13 - 2012-09-20 08:32 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\perfctrs.dll
2013-07-20 08:13 - 2012-09-20 08:32 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\perfproc.dll
2013-07-20 08:13 - 2012-09-20 08:32 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-07-20 08:13 - 2012-09-20 08:32 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\MUILanguageCleanup.dll
2013-07-20 08:13 - 2012-09-20 08:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2013-07-20 08:13 - 2012-09-20 08:31 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\LangCleanupSysprepAction.dll
2013-07-20 08:13 - 2012-09-20 08:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\eventcls.dll
2013-07-20 08:13 - 2012-09-20 08:31 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\lpksetupproxyserv.dll
2013-07-20 08:13 - 2012-09-20 08:08 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2013-07-20 08:13 - 2012-09-20 07:54 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfctrs.dll
2013-07-20 08:13 - 2012-09-20 07:54 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfproc.dll
2013-07-20 08:13 - 2012-09-20 07:54 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfos.dll
2013-07-20 08:13 - 2012-09-20 07:54 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2013-07-20 08:13 - 2012-09-20 07:53 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eventcls.dll
2013-07-20 08:13 - 2012-09-20 06:13 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-07-20 08:13 - 2012-09-20 06:10 - 01126912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2013-07-20 08:09 - 2013-05-16 00:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
==================== One Month Modified Files and Folders =======
2013-08-19 17:49 - 2013-08-19 17:49 - 01575812 _____ (Farbar) C:\Users\Sebastian\Desktop\FRST64.exe
2013-08-19 17:46 - 2013-08-19 17:46 - 00001118 _____ C:\Users\Sebastian\Desktop\Ereignisse.txt
2013-08-19 17:45 - 2013-07-06 22:06 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-19 17:45 - 2013-07-06 21:57 - 00001130 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-19 17:45 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-19 00:40 - 2013-07-06 17:30 - 00021403 _____ C:\Windows\SysWOW64\bufferpool.txt
2013-08-19 00:40 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-08-19 00:19 - 2013-08-19 00:19 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Malwarebytes
2013-08-19 00:18 - 2013-08-19 00:18 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sebastian\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-19 00:18 - 2013-08-19 00:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-19 00:17 - 2012-07-26 12:27 - 00751892 _____ C:\Windows\system32\perfh007.dat
2013-08-19 00:17 - 2012-07-26 12:27 - 00155620 _____ C:\Windows\system32\perfc007.dat
2013-08-19 00:17 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-18 20:44 - 2013-07-06 21:47 - 00000000 ____D C:\Users\Sebastian
2013-08-18 20:08 - 2013-07-06 21:57 - 00001134 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-18 20:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-08-18 19:06 - 2013-07-06 23:14 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-08-18 19:06 - 2013-07-06 22:49 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-08-18 19:06 - 2013-07-06 22:49 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-08-18 18:21 - 2013-08-15 18:45 - 00000000 ____D C:\Users\SEBAST~1\AppData\Local\Battle.net
2013-08-18 17:33 - 2013-07-06 21:52 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2328148076-955479783-429924822-1001
2013-08-18 10:18 - 2013-07-06 21:47 - 01457196 _____ C:\Windows\WindowsUpdate.log
2013-08-17 15:17 - 2013-08-17 15:17 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-08-17 15:17 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-08-17 11:48 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-08-16 18:16 - 2013-07-06 22:31 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\TS3Client
2013-08-15 18:46 - 2013-08-15 18:45 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Battle.net
2013-08-15 18:45 - 2013-08-15 18:45 - 00000000 ____D C:\Users\SEBAST~1\AppData\Local\Blizzard Entertainment
2013-08-15 18:41 - 2013-07-06 22:52 - 00123580 _____ C:\Windows\DPINST.LOG
2013-08-15 17:16 - 2013-07-06 21:44 - 00007710 _____ C:\Windows\PFRO.log
2013-08-15 17:15 - 2013-07-21 11:32 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 17:15 - 2013-07-15 21:11 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 17:15 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-15 17:15 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-15 17:13 - 2013-07-06 21:47 - 00000000 ____D C:\Users\SEBAST~1\AppData\Local\Packages
2013-08-04 17:44 - 2013-08-04 17:44 - 00000000 ____D C:\ProgramData\BioWare
2013-08-04 17:37 - 2013-08-04 17:37 - 00000000 ____D C:\Users\SEBAST~1\AppData\Local\EA Core
2013-08-04 17:37 - 2013-07-06 17:17 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\NVIDIA
2013-08-04 17:37 - 2013-07-06 16:26 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-04 17:36 - 2013-08-04 17:36 - 00007856 _____ C:\Users\Sebastian\Documents\DAO Ultimate Addins Updater.log
2013-08-04 17:36 - 2013-08-04 17:36 - 00000000 ____D C:\Windows\1C4551A64743409391E41477CD655043.TMP
2013-08-04 17:36 - 2013-08-04 17:36 - 00000000 ____D C:\Users\Sebastian\Documents\BioWare
2013-08-04 17:36 - 2013-08-04 17:36 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-08-04 17:36 - 2013-08-04 17:36 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-08-04 17:36 - 2013-08-04 17:26 - 00034891 _____ C:\Users\Sebastian\Documents\Install Dragon Age.log
2013-08-04 17:36 - 2013-07-12 16:03 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-08-04 17:36 - 2013-07-06 21:47 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Adobe
2013-08-04 17:36 - 2013-07-06 16:26 - 00000000 ____D C:\ProgramData\Adobe
2013-08-04 17:36 - 2013-07-06 16:25 - 00000000 ____D C:\Users\SEBAST~1\AppData\Local\Adobe
2013-08-04 14:40 - 2013-07-06 20:41 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Origin
2013-08-04 14:40 - 2013-07-06 20:41 - 00000000 ____D C:\Users\SEBAST~1\AppData\Local\Origin
2013-08-04 13:23 - 2013-07-27 00:32 - 00010313 _____ C:\Users\Sebastian\Documents\TombRaider.log
2013-08-02 18:56 - 2013-08-02 18:56 - 00000000 ____D C:\Users\Sebastian\Documents\Diablo III
2013-08-01 20:48 - 2013-08-01 20:48 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-01 20:48 - 2013-08-01 20:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-30 18:51 - 2013-07-31 18:46 - 00000000 ____D C:\Users\Sebastian\Documents\Bewerbungsunterlagen
2013-07-30 18:45 - 2013-07-30 18:45 - 00000000 ____D C:\NvidiaLogging
2013-07-30 18:45 - 2013-07-06 22:06 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-07-30 18:45 - 2013-07-06 22:05 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-07-30 18:45 - 2012-07-26 09:21 - 00023230 _____ C:\Windows\setupact.log
2013-07-26 07:13 - 2013-08-15 17:04 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-15 17:04 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:13 - 2013-08-15 17:04 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-07-26 07:13 - 2013-08-15 17:04 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-07-26 07:13 - 2013-08-15 17:04 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:12 - 2013-08-15 17:04 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-15 17:04 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-15 17:04 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-15 17:04 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-15 17:04 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-15 17:04 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-15 17:04 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-15 17:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-15 17:04 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 07:12 - 2013-08-15 17:04 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 05:35 - 2013-08-15 17:04 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-15 17:04 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-15 17:04 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:13 - 2013-08-15 17:04 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-07-26 05:12 - 2013-08-15 17:04 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:12 - 2013-08-15 17:04 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-15 17:04 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-15 17:04 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-15 17:04 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-15 17:04 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-15 17:04 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-15 17:04 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:11 - 2013-08-15 17:04 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 05:11 - 2013-08-15 17:04 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 04:49 - 2013-08-15 17:04 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 02:54 - 2013-08-15 17:04 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-07-25 05:38 - 2013-07-25 05:38 - 00296448 _____ (Razer Inc) C:\Windows\SysWOW64\rzaudiodll.dll
2013-07-20 14:49 - 2013-07-07 02:54 - 00000000 ____D C:\Users\Sebastian\Documents\my games
2013-07-20 14:48 - 2013-07-06 17:41 - 00045739 _____ C:\Windows\DirectX.log
2013-07-20 12:49 - 2013-07-20 12:49 - 00306072 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-20 12:48 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData
2013-07-20 12:48 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2013-07-20 12:48 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe
2013-07-20 12:48 - 2012-07-26 07:37 - 00000000 ____D C:\Windows\servicing
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-10 13:52
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-08-2013
Ran by Sebastian at 2013-08-19 17:50:42
Running from C:\Users\Sebastian\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Adobe AIR (x32 Version: 2.7.0.19480)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
AIVIA GHOST (x32 Version: 1.04.0000)
Amazon MP3-Downloader 1.0.18 (HKCU Version: 1.0.18)
Avira Antivirus Premium (x32 Version: 13.0.0.3885)
Battle.net (x32)
Battlefield 3™ (x32 Version: 1.6.0.0)
Battlelog Web Plugins (x32 Version: 2.1.7)
Borderlands 2 (x32)
Diablo III (x32)
Dolby Digital Live Pack (x32 Version: 3.03)
Dragon Age: Origins (x32 Version: 1.04)
DTS Connect Pack (x32 Version: 1.00)
EA Installer (x32 Version: 2.2.0.62)
EA Shared Game Component: Activation (x32 Version: 2.2.0)
EA Shared Game Component: Activation (x32 Version: 2.2.0.62)
el(R) Network Connections 18.1.59.0 (Version: 18.1.59.0)
ESN Sonar (x32 Version: 0.70.4)
Google Chrome (x32 Version: 28.0.1500.95)
Google Update Helper (x32 Version: 1.3.21.153)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
NVIDIA 3D Vision Controller-Treiber 320.49 (Version: 320.49)
NVIDIA 3D Vision Treiber 320.49 (Version: 320.49)
NVIDIA GeForce Experience 1.6 (Version: 1.6)
NVIDIA Grafiktreiber 320.49 (Version: 320.49)
NVIDIA HD-Audiotreiber 1.3.24.2 (Version: 1.3.24.2)
NVIDIA Install Application (Version: 2.1002.131.854)
NVIDIA PhysX (x32 Version: 9.13.0604)
NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2049)
NVIDIA Systemsteuerung 320.49 (Version: 320.49)
NVIDIA Update 7.2.17 (Version: 7.2.17)
NVIDIA Update Components (Version: 7.2.17)
NVIDIA Virtual Audio 1.2.1 (Version: 1.2.1)
Origin (x32 Version: 9.2.1.4399)
PunkBuster Services (x32 Version: 0.991)
Razer Synapse 2.0 (x32 Version: 1.12.8)
SHIELD Streaming (Version: 1.05.19)
Sound Blaster Z-Series (x32 Version: 1.00.16)
Sound Blaster Z-Series Extras (x32 Version: 1.0)
Star Wars: The Old Republic (x32 Version: 1.00)
StarCraft II (x32)
Steam (x32 Version: 1.0.0.0)
TeamSpeak 3 Client (x32 Version: 3.0.10)
The Witcher 2: Assassins of Kings Enhanced Edition (x32)
Thunderbolt(TM) Software (Version: 1.0.5.10)
Tomb Raider (x32)
VC_CRT_x64 (Version: 1.02.0000)
==================== Restore Points =========================
12-08-2013 21:08:43 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {11C3C99D-86EA-40A6-BC6D-DC05E8AF7D72} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {43A35271-1467-4743-9ECC-236D813F03D5} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\Windows\system32\sc.exe [2012-07-26] (Microsoft Corporation)
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation)
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {958065E9-3FE8-468B-B42B-B2E4AAEB74F9} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {9B36755B-8982-4C33-A6C2-EE3E170F297D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-06] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {BCC2B824-D8B9-4BBE-93F1-9B3A7678E290} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2328148076-955479783-429924822-1001
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {E290B05C-1407-4C20-8D4D-E95691B8D5F8} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E8BF0197-6139-4165-9051-4754B60C2B2E} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {F536D97D-3FF2-402B-AA22-8A0F5C8829AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-06] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/19/2013 05:45:54 PM) (Source: ESENT) (User: )
Description: taskhostex (1828) Versuch, Datei "C:\Users\Sebastian\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error: (08/19/2013 05:45:46 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]
Error: (08/19/2013 05:45:45 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]
Error: (08/19/2013 00:40:32 AM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]
Error: (08/19/2013 00:40:32 AM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]
Error: (08/19/2013 00:11:33 AM) (Source: ESENT) (User: )
Description: taskhostex (1748) Versuch, Datei "C:\Users\Sebastian\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error: (08/19/2013 00:11:25 AM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]
Error: (08/19/2013 00:11:24 AM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]
Error: (08/18/2013 05:23:14 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]
Error: (08/18/2013 05:23:14 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]
System errors:
=============
Error: (08/19/2013 05:45:50 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (08/19/2013 05:45:43 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 19.08.2013 um 00:40:29 unerwartet heruntergefahren.
Error: (08/19/2013 05:45:38 PM) (Source: Microsoft-Windows-Kernel-Boot) (User: NT-AUTORITÄT)
Description: 32212256844591354400231184
Error: (08/19/2013 00:40:37 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (08/19/2013 00:11:29 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (08/19/2013 00:11:22 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 18.08.2013 um 20:43:11 unerwartet heruntergefahren.
Error: (08/19/2013 00:11:17 AM) (Source: Microsoft-Windows-Kernel-Boot) (User: NT-AUTORITÄT)
Description: 32212256844591354400231184
Error: (08/18/2013 05:23:19 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (08/17/2013 10:44:11 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (08/17/2013 10:44:04 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 17.08.2013 um 00:29:19 unerwartet heruntergefahren.
Microsoft Office Sessions:
=========================
Error: (08/19/2013 05:45:54 PM) (Source: ESENT)(User: )
Description: taskhostex1828C:\Users\Sebastian\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (08/19/2013 05:45:46 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]
Error: (08/19/2013 05:45:45 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]
Error: (08/19/2013 00:40:32 AM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]
Error: (08/19/2013 00:40:32 AM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]
Error: (08/19/2013 00:11:33 AM) (Source: ESENT)(User: )
Description: taskhostex1748C:\Users\Sebastian\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (08/19/2013 00:11:25 AM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]
Error: (08/19/2013 00:11:24 AM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]
Error: (08/18/2013 05:23:14 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]
Error: (08/18/2013 05:23:14 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]
==================== Memory info ===========================
Percentage of memory in use: 11%
Total physical RAM: 16322.82 MB
Available physical RAM: 14479.45 MB
Total Pagefile: 18626.82 MB
Available Pagefile: 16277.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:195.31 GB) (Free:127.56 GB) NTFS
Drive f: (Volume) (Fixed) (Total:1862.67 GB) (Free:1750.83 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 8A63267E)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-198994558976) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: 8A63267A)
Partition 1: (Not Active) - (Size=195 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-08-19 17:56:42
Windows 6.2.9200 x64 \Device\Harddisk1\DR1 -> \Device\0000003d Samsung_SSD_840_PRO_Series rev.DXM05B0Q 238,47GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\SEBAST~1\AppData\Local\Temp\uftoapod.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\dwm.exe[988] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fbbb26177a 4 bytes [26, BB, FB, 07]
.text C:\Windows\system32\dwm.exe[988] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fbbb261782 4 bytes [26, BB, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[868] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fbb8261532 4 bytes [26, B8, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[868] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fbb826153a 4 bytes [26, B8, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[868] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fbb826165a 4 bytes [26, B8, FB, 07]
.text C:\Windows\system32\nvvsvc.exe[1028] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007fbb8261532 4 bytes [26, B8, FB, 07]
.text C:\Windows\system32\nvvsvc.exe[1028] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007fbb826153a 4 bytes [26, B8, FB, 07]
.text C:\Windows\system32\nvvsvc.exe[1028] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007fbb826165a 4 bytes [26, B8, FB, 07]
.text C:\Windows\system32\nvvsvc.exe[1028] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fbbb26177a 4 bytes [26, BB, FB, 07]
.text C:\Windows\system32\nvvsvc.exe[1028] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fbbb261782 4 bytes [26, BB, FB, 07]
.text C:\Windows\Explorer.EXE[1460] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fbbb26177a 4 bytes [26, BB, FB, 07]
.text C:\Windows\Explorer.EXE[1460] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fbbb261782 4 bytes [26, BB, FB, 07]
.text C:\Windows\Explorer.EXE[1460] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fbb8261532 4 bytes [26, B8, FB, 07]
.text C:\Windows\Explorer.EXE[1460] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fbb826153a 4 bytes [26, B8, FB, 07]
.text C:\Windows\Explorer.EXE[1460] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fbb826165a 4 bytes [26, B8, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2172] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fbb8261532 4 bytes [26, B8, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2172] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fbb826153a 4 bytes [26, B8, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2172] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fbb826165a 4 bytes [26, B8, FB, 07]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [552:584] fffff960009485e8
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 415908520
---- EOF - GMER 2.1 ----
Danke schonmal! |
|
19.08.2013, 17:26
| #2 | |
| /// TB-Ausbilder   | Wöchentlicher AntiVir-Lauf findet TR/Ransom.Blocker.cafz Hallo,
__________________Zitat:
Deine Logs sind absolut sauber.
__________________ |
|
19.08.2013, 17:35
| #3 | |
| | Wöchentlicher AntiVir-Lauf findet TR/Ransom.Blocker.cafzZitat:
Dank dir auf jeden Fall recht herzlich, jetzt fühl ich mich sicher  |
|
19.08.2013, 18:05
| #4 | |
| /// TB-Ausbilder | Wöchentlicher AntiVir-Lauf findet TR/Ransom.Blocker.cafzZitat:
__________________ cheers, Leo |
|
19.08.2013, 18:12
| #5 | |
| | Wöchentlicher AntiVir-Lauf findet TR/Ransom.Blocker.cafzZitat:
 Dann wird diese jetzt mal eben verbannt |
|
| Themen zu Wöchentlicher AntiVir-Lauf findet TR/Ransom.Blocker.cafz |
| .dll, administrator, adobe, antivir, antivirus, avira, computer, defender, diagnostics, downloader, explorer, farbar, farbar recovery scan tool, geforce, google, homepage, logfile, malware, mp3, nvidia, origin, programm, prozess, registry, rundll, sicherheit, software, srtasks.exe, temp, virus |
Linear-Darstellung
