|
Plagegeister aller Art und deren Bekämpfung: Sweet Page nicht entfernbarWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.02.2014, 01:18 | #1 |
| Sweet Page nicht entfernbar Mein Laptop wurde mit einem Windows Vista System neu bespielt. Als ich mir Programme runtergeladen habe: Thunderbird, Firefox Version 26.0, Skype, Adobe Reader, VLC Player und AdBlocker muss ich etwas übersehen haben und nun erscheint beim Öffnen des Firefox immer die Sweet Page. Und beim Öffnen eines neuen Tabs öffnet sich eine leere Seite und es steht folgendes in der Adresszeile: chrome://lightning/content/newtab.html Ich benutze aber gar kein Chrome. Unter Einstellungen habe ich schon nach Add-ons gesucht um diese Sweet Page zu entfernen, doch sie erscheint dort nicht. Nun weiß ich nicht wie ich fortfahren soll. Kann ich den Virus durch ein Programm entfernen oder muss ich den Laptop nochmal plattmachen lassen? Ich wäre sehr dankbar wenn mir jemand bei diesem Problem helfen könnte. Ich habe im folgenden Logfiles angehängt. Vielen Dank. |
13.02.2014, 05:47 | #2 |
/// the machine /// TB-Ausbilder | Sweet Page nicht entfernbar Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
13.02.2014, 18:58 | #3 |
| Sweet Page nicht entfernbarCode:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 12:38 on 12/02/2014 (Regina) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-02-2014 01 Ran by Regina (administrator) on REGINA-PC on 12-02-2014 12:41:41 Running from C:\Users\Regina\Desktop Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe (Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Dropbox, Inc.) C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe () C:\Program Files (x86)\RightSurf\updateRightSurf.exe () C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\SysWOW64\conime.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation) HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-24] (AVAST Software) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter Startup: C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x99035DB06E18CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263&q={searchTerms} SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263&q={searchTerms} BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited) BHO-x32: RightSurf - {88be1aa9-6740-461c-9e3e-f35eb8fa741c} - C:\Program Files (x86)\RightSurf\RightSurfbho.dll (RightSurf) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\4o7rdo4p.default FF NewTab: chrome://lightning/content/newtab.html FF Homepage: https://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Extension_Protected - C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\4o7rdo4p.default\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi [2014-01-26] FF Extension: Adblock Plus - C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\4o7rdo4p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-26] FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-17] FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\4o7rdo4p.default\extensions\lightningnewtab@gmail.com.xpi ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-24] (AVAST Software) R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [508016 2014-01-14] (Cherished Technololgy LIMITED) R2 Update RightSurf; C:\Program Files (x86)\RightSurf\updateRightSurf.exe [80160 2014-02-11] () R2 Util RightSurf; C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe [80160 2014-02-11] () R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [493568 2014-01-26] (Cherished Technololgy LIMITED) ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-24] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-01-24] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-17] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-24] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-24] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-01-24] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-17] () R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [56832 2009-04-01] (Atheros Communications, Inc.) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-12 12:41 - 2014-02-12 12:41 - 00010906 _____ () C:\Users\Regina\Desktop\FRST.txt 2014-02-12 12:41 - 2014-02-12 12:41 - 00000000 ____D () C:\FRST 2014-02-12 12:39 - 2014-02-12 12:40 - 02151424 _____ (Farbar) C:\Users\Regina\Desktop\FRST64.exe 2014-02-12 12:37 - 2014-02-12 12:38 - 00000474 _____ () C:\Users\Regina\Desktop\defogger_disable.log 2014-02-12 12:37 - 2014-02-12 12:37 - 00000000 _____ () C:\Users\Regina\defogger_reenable 2014-02-11 23:03 - 2014-02-11 23:03 - 00010506 _____ () C:\Users\Regina\Desktop\prefs.js 2014-02-11 15:28 - 2014-02-11 15:29 - 00277280 _____ () C:\Windows\Minidump\Mini021114-02.dmp 2014-02-11 15:00 - 2014-02-11 15:28 - 390989177 _____ () C:\Windows\MEMORY.DMP 2014-02-11 15:00 - 2014-02-11 15:28 - 00000000 ____D () C:\Windows\Minidump 2014-02-11 15:00 - 2014-02-11 15:00 - 00277256 _____ () C:\Windows\Minidump\Mini021114-01.dmp 2014-02-10 17:43 - 2014-02-10 17:43 - 00050477 _____ () C:\Users\Regina\Desktop\Defogger.exe 2014-02-06 14:18 - 2014-02-06 14:18 - 00000000 ____D () C:\ProgramData\Mozilla 2014-02-06 14:18 - 2014-02-06 14:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-02 19:40 - 2014-02-02 19:40 - 00000000 ____D () C:\Users\Regina\Desktop\Bilder 2014 2014-01-29 12:25 - 2014-01-29 12:25 - 00000000 ___HD () C:\ProgramData\CanonBJ 2014-01-28 23:04 - 2014-01-29 00:17 - 00000000 ___RD () C:\Users\Regina\Desktop\Fotos_Videos_ReginaBerthold_2005-2014 2014-01-28 22:57 - 2014-01-28 22:58 - 00000000 ____D () C:\Users\Regina\Desktop\Uni BA MA 2014-01-28 22:56 - 2014-01-28 22:56 - 00003584 _____ () C:\Users\Regina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-28 22:56 - 2014-01-28 22:56 - 00000000 ____D () C:\Users\Regina\Desktop\Ungeordnete Dateien Regina 2014-01-28 22:46 - 2014-01-28 22:53 - 00000000 ____D () C:\Users\Regina\Desktop\Musik von Regina 2014-01-28 22:45 - 2014-01-29 21:59 - 00000000 ___RD () C:\Users\Regina\Desktop\Projekte 2014-01-28 21:45 - 2014-01-29 21:59 - 00000000 ___RD () C:\Users\Regina\Desktop\Freizeit 2014-01-28 21:34 - 2014-01-28 21:34 - 00000000 ____D () C:\Users\Regina\Desktop\Bewerbung 2014-01-28 21:33 - 2014-01-31 18:15 - 00000000 ____D () C:\Users\Regina\Desktop\Jobs 2014-01-26 17:45 - 2014-02-02 14:37 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Skype 2014-01-26 17:45 - 2014-01-26 17:45 - 00000000 ____D () C:\Users\Regina\AppData\Local\Skype 2014-01-26 17:44 - 2014-01-26 17:44 - 00001892 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-01-26 17:44 - 2014-01-26 17:44 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-01-26 17:44 - 2014-01-26 17:44 - 00000000 ____D () C:\ProgramData\Skype 2014-01-26 17:42 - 2014-01-26 17:43 - 35671200 _____ (Skype Technologies S.A.) C:\Users\Regina\Downloads\SkypeSetupFull.exe 2014-01-26 17:13 - 2014-02-11 21:52 - 00000000 ___RD () C:\Users\Regina\Dropbox 2014-01-26 17:13 - 2014-01-26 17:13 - 00000942 _____ () C:\Users\Regina\Desktop\Dropbox.lnk 2014-01-26 17:11 - 2014-01-26 17:13 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\DropboxMaster 2014-01-26 17:11 - 2014-01-26 17:11 - 00000000 ____D () C:\Program Files (x86)\Dropbox 2014-01-26 17:10 - 2014-01-26 17:10 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-01-26 17:08 - 2014-02-11 21:52 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Dropbox 2014-01-26 17:05 - 2014-01-26 17:06 - 37660568 _____ (Dropbox, Inc.) C:\Users\Regina\Downloads\Dropbox 2.6.2.exe 2014-01-26 13:15 - 2014-01-26 13:15 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\0F1F1C2Y1H1P1C0I0T 2014-01-26 13:15 - 2014-01-26 13:15 - 00000000 ____D () C:\ProgramData\IePluginService 2014-01-26 13:15 - 2014-01-26 13:15 - 00000000 ____D () C:\Program Files (x86)\SupTab 2014-01-26 13:14 - 2014-01-27 10:57 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup 2014-01-26 13:14 - 2014-01-26 13:14 - 00000000 ____D () C:\ProgramData\WPM 2014-01-26 13:13 - 2014-01-26 14:14 - 00000000 ____D () C:\Program Files (x86)\RightSurf 2014-01-26 13:13 - 2014-01-26 13:14 - 00437118 _____ () C:\Users\Regina\AppData\Local\dd_vcredistMSI4E0F.txt 2014-01-26 13:13 - 2014-01-26 13:14 - 00012072 _____ () C:\Users\Regina\AppData\Local\dd_vcredistUI4E0F.txt 2014-01-26 13:12 - 2014-01-27 10:58 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\systweak 2014-01-26 13:12 - 2014-01-26 13:11 - 00608840 _____ () C:\Users\Regina\Downloads\adblock-plus.xpi 2014-01-26 13:12 - 2013-12-27 18:10 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe 2014-01-26 13:11 - 2014-01-26 13:11 - 00675736 _____ ( ) C:\Users\Regina\Downloads\adblock-plus.exe 2014-01-24 22:01 - 2014-02-02 19:41 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\vlc 2014-01-24 21:49 - 2014-01-24 21:49 - 00000901 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-01-24 21:49 - 2014-01-24 21:49 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2014-01-24 21:38 - 2014-01-24 21:39 - 24097311 _____ () C:\Users\Regina\Downloads\vlc-2.1.2-win32.exe 2014-01-24 20:26 - 2014-02-12 12:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-24 20:26 - 2014-02-06 14:29 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-01-24 20:10 - 2014-01-26 17:17 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Adobe 2014-01-24 20:10 - 2014-01-24 20:10 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Macromedia 2014-01-24 20:10 - 2014-01-24 20:10 - 00000000 ____D () C:\Users\Regina\AppData\Local\Macromedia 2014-01-24 20:09 - 2014-01-24 20:09 - 00001922 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk 2014-01-24 20:09 - 2014-01-24 20:09 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-01-24 20:08 - 2014-01-30 23:35 - 00000000 ____D () C:\ProgramData\Adobe 2014-01-24 20:02 - 2014-02-06 14:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-01-24 20:02 - 2014-02-06 14:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-01-24 20:02 - 2014-01-24 20:02 - 00000000 ____D () C:\Windows\SysWOW64\Macromed 2014-01-24 20:02 - 2014-01-24 20:02 - 00000000 ____D () C:\Windows\system32\Macromed 2014-01-24 20:00 - 2014-01-26 17:17 - 00000000 ____D () C:\Users\Regina\AppData\Local\Adobe 2014-01-23 21:02 - 2014-01-23 21:02 - 00001003 _____ () C:\Users\Regina\Documents\MailShield.der 2014-01-23 20:46 - 2014-02-06 14:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-01-23 20:46 - 2014-02-04 18:32 - 00000000 ____D () C:\Users\Regina\AppData\Local\Thunderbird 2014-01-23 20:46 - 2014-01-23 20:46 - 00001844 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk 2014-01-23 20:46 - 2014-01-23 20:46 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Thunderbird 2014-01-23 20:17 - 2014-01-23 20:18 - 21981704 _____ (Mozilla) C:\Users\Regina\Downloads\Thunderbird Setup 24.2.0.exe 2014-01-23 20:16 - 2014-01-26 13:13 - 00001098 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-01-23 20:16 - 2014-01-23 20:16 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Mozilla 2014-01-23 20:16 - 2014-01-23 20:16 - 00000000 ____D () C:\Users\Regina\AppData\Local\Mozilla 2014-01-23 20:16 - 2014-01-23 20:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-01-20 16:09 - 2014-01-20 16:09 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\LibreOffice 2014-01-20 14:46 - 2014-01-20 15:00 - 01541636 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-01-20 14:16 - 2013-08-27 04:39 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2014-01-20 14:16 - 2013-08-27 04:39 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2014-01-20 14:16 - 2013-08-27 04:39 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2014-01-20 14:16 - 2013-08-27 04:39 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2014-01-20 14:16 - 2013-08-27 03:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll 2014-01-20 14:16 - 2013-08-27 03:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll 2014-01-20 14:16 - 2013-08-27 03:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll 2014-01-20 14:16 - 2013-08-27 03:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll 2014-01-20 14:16 - 2013-08-27 03:32 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-01-20 14:16 - 2013-08-27 03:30 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2014-01-20 14:16 - 2013-08-27 03:06 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-01-20 14:16 - 2013-08-27 03:00 - 01556480 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2014-01-20 14:16 - 2013-08-27 03:00 - 01149952 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2014-01-20 14:16 - 2013-08-27 02:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-01-20 14:16 - 2013-08-27 02:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2014-01-20 14:16 - 2013-08-27 02:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2014-01-20 14:16 - 2013-08-27 02:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2014-01-20 14:16 - 2011-03-12 23:52 - 01653760 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll 2014-01-20 14:16 - 2011-03-12 22:55 - 00876032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll 2014-01-20 14:04 - 2014-01-20 14:04 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-01-20 13:58 - 2014-01-20 13:58 - 00000000 ____D () C:\Windows\SysWOW64\spool 2014-01-20 13:58 - 2014-01-20 13:58 - 00000000 ____D () C:\Program Files\Windows Portable Devices 2014-01-20 13:58 - 2014-01-20 13:58 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices 2014-01-20 13:57 - 2014-01-20 13:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_07_00.Wdf 2014-01-20 13:46 - 2009-10-01 02:02 - 02537472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll 2014-01-20 13:46 - 2009-10-01 02:02 - 00334848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceApi.dll 2014-01-20 13:46 - 2009-10-01 02:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDShServiceObj.dll 2014-01-20 13:46 - 2009-10-01 02:02 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDShextAutoplay.exe 2014-01-20 13:46 - 2009-10-01 02:01 - 00350208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDSp.dll 2014-01-20 13:46 - 2009-10-01 02:01 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceWMDRM.dll 2014-01-20 13:46 - 2009-10-01 02:01 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceTypes.dll 2014-01-20 13:46 - 2009-10-01 02:01 - 00100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceClassExtension.dll 2014-01-20 13:46 - 2009-10-01 02:01 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceConnectApi.dll 2014-01-20 13:46 - 2009-10-01 01:52 - 02727936 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2014-01-20 13:46 - 2009-10-01 01:52 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll 2014-01-20 13:46 - 2009-10-01 01:52 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\WPDShextAutoplay.exe 2014-01-20 13:46 - 2009-10-01 01:51 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll 2014-01-20 13:46 - 2009-10-01 01:51 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\WPDSp.dll 2014-01-20 13:46 - 2009-10-01 01:51 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWMDRM.dll 2014-01-20 13:46 - 2009-10-01 01:51 - 00214528 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceTypes.dll 2014-01-20 13:46 - 2009-10-01 01:51 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceClassExtension.dll 2014-01-20 13:46 - 2009-10-01 01:51 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll 2014-01-20 13:46 - 2009-10-01 01:51 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll 2014-01-20 13:46 - 2009-10-01 01:51 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceConnectApi.dll 2014-01-20 13:46 - 2009-10-01 01:51 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\BthMtpContextHandler.dll 2014-01-20 12:28 - 2012-07-26 04:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll 2014-01-20 12:28 - 2012-07-26 04:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe 2014-01-20 12:28 - 2012-07-26 04:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll 2014-01-20 12:28 - 2012-07-26 04:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll 2014-01-20 12:28 - 2012-07-26 04:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll 2014-01-20 12:28 - 2012-07-26 03:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys 2014-01-20 12:28 - 2012-07-26 03:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys 2014-01-20 12:28 - 2012-06-02 15:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2014-01-20 12:28 - 2009-07-14 13:19 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\winusb.dll 2014-01-20 12:28 - 2009-07-14 13:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winusb.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 17847296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 12344320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2014-01-20 12:20 - 2014-01-20 12:20 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-01-20 12:20 - 2014-01-20 12:20 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-01-20 12:20 - 2014-01-20 12:20 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-01-20 12:20 - 2014-01-20 12:20 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-01-20 12:20 - 2014-01-20 12:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-01-20 12:20 - 2014-01-20 12:20 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-01-20 12:20 - 2014-01-20 12:20 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-01-20 12:20 - 2014-01-20 12:20 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\advpack.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-01-20 12:20 - 2014-01-20 12:20 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-01-20 12:20 - 2014-01-20 12:20 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-01-20 12:18 - 2014-01-20 12:18 - 03548672 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 03068416 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 01554432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsservices.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\MFH264Dec.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 01075712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 01032192 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe 2014-01-20 12:18 - 2014-01-20 12:18 - 00979456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFH264Dec.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00847360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00625152 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00586240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00428544 _____ (Microsoft Corporation) C:\Windows\system32\MFHEAACdec.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4src.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv 2014-01-20 12:18 - 2014-01-20 12:18 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFHEAACdec.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00345088 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00302592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4src.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00258048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv 2014-01-20 12:18 - 2014-01-20 12:18 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00135680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelineprxy.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-01-20 12:17 - 2014-01-20 12:17 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00449024 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00369664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\dxdiag.exe 2014-01-20 12:17 - 2014-01-20 12:17 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\dxdiagn.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiag.exe 2014-01-20 12:17 - 2014-01-20 12:17 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiagn.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00189440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll 2014-01-20 12:16 - 2014-01-20 12:21 - 00004287 _____ () C:\Windows\IE9_main.log 2014-01-20 11:44 - 2009-09-10 03:07 - 03815424 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll 2014-01-20 11:44 - 2009-09-10 03:06 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll 2014-01-20 11:44 - 2009-09-10 03:05 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll 2014-01-20 11:44 - 2009-09-10 03:01 - 03023360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbon.dll 2014-01-20 11:44 - 2009-09-10 03:00 - 01164800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll 2014-01-20 11:44 - 2009-09-10 03:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2014-01-20 11:43 - 2012-02-29 16:37 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll 2014-01-20 11:43 - 2012-02-29 16:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll 2014-01-20 11:43 - 2012-02-29 14:52 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys 2014-01-20 11:33 - 2014-02-11 15:00 - 00001576 _____ () C:\Windows\system32\spsys.log 2014-01-20 11:20 - 2013-10-11 05:23 - 00781824 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2014-01-20 11:20 - 2013-10-11 05:23 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2014-01-20 11:20 - 2013-10-11 03:29 - 00217074 _____ () C:\Windows\system32\WFP.TMF 2014-01-20 11:20 - 2013-10-11 03:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2014-01-20 11:20 - 2013-08-02 15:06 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2014-01-20 11:20 - 2013-08-02 05:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2014-01-20 11:20 - 2013-07-09 13:04 - 01585256 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-01-20 11:20 - 2013-07-09 13:04 - 01168088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2014-01-20 11:20 - 2013-07-08 05:51 - 04691904 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-01-20 11:20 - 2013-07-08 05:20 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-01-20 11:20 - 2013-07-08 05:18 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-01-20 11:20 - 2013-07-08 05:15 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-01-20 11:20 - 2013-07-08 05:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-01-20 11:20 - 2013-07-08 02:39 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-01-20 11:20 - 2013-07-08 02:39 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-01-20 11:20 - 2013-07-08 02:39 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-01-20 11:20 - 2013-03-09 05:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2014-01-20 11:20 - 2013-03-09 02:48 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2014-01-20 11:20 - 2013-03-03 20:13 - 01513320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-01-20 11:20 - 2012-09-25 17:31 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll 2014-01-20 11:20 - 2012-09-25 17:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll 2014-01-20 11:20 - 2012-05-01 15:29 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-01-20 11:20 - 2011-12-14 17:38 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll 2014-01-20 11:20 - 2011-12-14 17:17 - 00680448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll 2014-01-20 11:20 - 2011-02-22 15:47 - 00479744 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll 2014-01-20 11:20 - 2011-02-22 15:13 - 00288768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2014-01-20 11:18 - 2013-07-10 10:47 - 00677888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2014-01-20 11:18 - 2013-07-10 10:42 - 01303552 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-01-20 11:18 - 2013-04-24 05:09 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll 2014-01-20 11:18 - 2013-04-24 05:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2014-01-20 11:18 - 2013-04-24 03:10 - 01078272 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe 2014-01-20 11:18 - 2013-04-24 02:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2014-01-20 11:18 - 2011-10-25 17:13 - 00352256 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-01-20 11:18 - 2011-10-25 16:58 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-01-20 11:17 - 2013-10-11 05:27 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2014-01-20 11:17 - 2013-10-11 05:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2014-01-20 11:17 - 2013-10-11 03:19 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2014-01-20 11:17 - 2013-10-11 03:19 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2014-01-20 11:17 - 2013-10-11 03:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2014-01-20 11:17 - 2013-10-11 03:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2014-01-20 11:17 - 2013-10-11 03:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshcon.dll 2014-01-20 11:17 - 2013-10-11 01:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2014-01-20 11:17 - 2013-10-11 01:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2014-01-20 11:17 - 2013-07-08 05:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2014-01-20 11:17 - 2013-07-08 05:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2014-01-20 11:17 - 2013-07-08 05:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2014-01-20 11:17 - 2013-07-08 05:15 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-01-20 11:17 - 2013-07-08 05:12 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-01-20 11:17 - 2013-07-08 05:12 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2014-01-20 11:17 - 2013-04-17 14:04 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll 2014-01-20 11:17 - 2013-04-17 13:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2014-01-20 11:17 - 2013-02-12 03:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys 2014-01-20 11:17 - 2012-11-02 11:47 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-01-20 11:17 - 2012-11-02 11:47 - 01794560 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-01-20 11:17 - 2012-11-02 11:19 - 01400832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2014-01-20 11:17 - 2012-11-02 11:19 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-01-20 11:17 - 2012-06-08 18:59 - 12899840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-01-20 11:17 - 2012-06-08 18:47 - 11586048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-01-20 11:17 - 2012-05-11 17:34 - 00788480 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2014-01-20 11:17 - 2012-05-11 16:57 - 00623616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\localspl.dll 2014-01-20 11:17 - 2012-02-01 16:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2014-01-20 11:17 - 2011-08-25 17:20 - 00735744 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll 2014-01-20 11:17 - 2011-08-25 17:19 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-01-20 11:17 - 2011-08-25 17:19 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll 2014-01-20 11:17 - 2011-08-25 17:15 - 00555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll 2014-01-20 11:17 - 2011-08-25 17:14 - 00563712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-01-20 11:17 - 2011-08-25 17:14 - 00238080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll 2014-01-20 11:17 - 2011-08-25 14:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\oleaccrc.dll 2014-01-20 11:17 - 2011-08-25 14:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaccrc.dll 2014-01-20 11:16 - 2013-10-03 16:02 - 01278976 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-01-20 11:16 - 2013-10-03 13:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2014-01-20 11:16 - 2013-07-20 11:45 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2014-01-20 11:16 - 2013-07-20 11:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2014-01-20 11:16 - 2013-07-17 21:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-01-20 11:16 - 2013-07-17 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-01-20 11:16 - 2013-07-16 10:25 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll 2014-01-20 11:16 - 2013-07-16 05:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll 2014-01-20 11:16 - 2013-07-03 03:22 - 00031616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2014-01-20 11:16 - 2013-06-01 05:19 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-01-20 11:16 - 2013-06-01 05:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-01-20 11:16 - 2013-05-02 05:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2014-01-20 11:16 - 2013-05-02 05:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2014-01-20 11:16 - 2013-05-02 05:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printcom.dll 2014-01-20 11:16 - 2013-03-08 05:17 - 02425344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-01-20 11:16 - 2013-03-08 04:52 - 02067968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-01-20 11:16 - 2012-11-22 05:22 - 00456192 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll 2014-01-20 11:16 - 2012-11-22 04:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shlwapi.dll 2014-01-20 11:16 - 2012-09-28 17:34 - 01210368 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-01-20 11:16 - 2012-09-28 17:13 - 00860160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-01-20 11:16 - 2012-06-04 16:29 - 00516480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-01-20 11:16 - 2012-06-02 01:22 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-01-20 11:16 - 2012-06-02 01:05 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-01-20 11:16 - 2012-06-02 01:04 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-01-20 11:16 - 2011-11-16 17:43 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll 2014-01-20 11:16 - 2011-11-16 17:42 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-01-20 11:16 - 2011-11-16 17:41 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-01-20 11:16 - 2011-11-16 17:23 - 00377344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll 2014-01-20 11:16 - 2011-11-16 15:34 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-01-20 11:16 - 2011-07-29 17:08 - 00375808 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll 2014-01-20 11:16 - 2011-07-29 17:08 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax 2014-01-20 11:16 - 2011-07-29 17:06 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\Mpeg2Data.ax 2014-01-20 11:16 - 2011-07-29 17:06 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax 2014-01-20 11:16 - 2011-07-29 17:01 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll 2014-01-20 11:16 - 2011-07-29 17:01 - 00217088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax 2014-01-20 11:16 - 2011-07-29 17:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax 2014-01-20 11:16 - 2011-07-29 17:00 - 00057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax 2014-01-20 11:14 - 2013-08-01 05:10 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-01-20 11:14 - 2013-08-01 04:37 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-01-20 11:13 - 2013-10-30 03:10 - 02776064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-20 11:13 - 2013-09-04 03:31 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-01-20 11:13 - 2013-07-05 05:45 - 01423808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-01-20 11:13 - 2013-07-04 05:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2014-01-20 11:13 - 2013-07-04 05:13 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2014-01-20 11:13 - 2013-06-29 03:25 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-20 11:13 - 2013-06-29 03:25 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-20 11:13 - 2013-06-29 03:25 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-20 11:13 - 2013-06-29 03:25 - 00007552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-20 11:13 - 2013-06-27 00:00 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2014-01-20 11:13 - 2013-06-27 00:00 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys 2014-01-20 11:13 - 2013-06-27 00:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll 2014-01-20 11:13 - 2013-06-15 14:27 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll 2014-01-20 11:13 - 2013-06-15 12:38 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-01-20 11:13 - 2013-06-04 05:16 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2014-01-20 11:13 - 2013-06-04 05:16 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2014-01-20 11:13 - 2013-06-04 03:01 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2014-01-20 11:13 - 2013-06-04 02:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2014-01-20 11:13 - 2011-10-14 18:31 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll 2014-01-20 11:13 - 2011-10-14 18:27 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\mcicda.dll 2014-01-20 11:13 - 2011-10-14 18:27 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\mciwave.dll 2014-01-20 11:13 - 2011-10-14 18:27 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\mciseq.dll 2014-01-20 11:13 - 2011-10-14 17:03 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll 2014-01-20 11:13 - 2011-10-14 17:00 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mciseq.dll 2014-01-20 11:13 - 2011-05-05 15:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-20 11:13 - 2011-05-05 15:17 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-20 11:12 - 2013-10-30 05:34 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll 2014-01-20 11:12 - 2013-10-30 04:55 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2014-01-20 11:12 - 2013-10-30 03:33 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2014-01-20 11:12 - 2013-10-22 10:31 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2014-01-20 11:12 - 2013-10-22 08:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2014-01-20 11:12 - 2013-10-03 16:03 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-01-20 11:12 - 2013-10-03 13:46 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-01-20 11:12 - 2013-07-12 10:19 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys 2014-01-20 11:12 - 2013-03-08 05:18 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2014-01-20 11:12 - 2012-11-20 05:22 - 00204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-01-20 11:12 - 2012-11-20 05:21 - 00253952 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-01-20 11:12 - 2012-11-08 05:26 - 01570816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2014-01-20 11:12 - 2012-11-08 04:48 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2014-01-20 11:12 - 2012-11-02 11:45 - 00477696 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll 2014-01-20 11:12 - 2012-11-02 11:45 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll 2014-01-20 11:12 - 2012-11-02 11:18 - 00376320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll 2014-01-20 11:12 - 2012-11-02 09:59 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe 2014-01-20 11:12 - 2012-11-02 09:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe 2014-01-20 11:12 - 2012-08-21 12:50 - 00267648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys 2014-01-20 11:12 - 2012-06-29 17:20 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll 2014-01-20 11:12 - 2012-06-29 17:01 - 00467968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll 2014-01-20 11:12 - 2012-03-21 00:34 - 00072576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys 2014-01-20 11:12 - 2011-11-18 19:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-01-20 11:12 - 2011-11-18 18:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-01-20 11:12 - 2011-10-14 18:30 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll 2014-01-20 11:12 - 2011-10-14 17:02 - 00429056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll 2014-01-20 11:12 - 2011-06-15 17:16 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll 2014-01-20 11:12 - 2011-06-15 17:12 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll 2014-01-20 11:12 - 2010-05-04 20:40 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msshsq.dll 2014-01-20 11:12 - 2010-05-04 20:13 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshsq.dll 2014-01-20 10:52 - 2012-01-09 17:16 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll 2014-01-20 10:52 - 2012-01-09 16:54 - 00613376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll 2014-01-20 10:25 - 2012-06-02 23:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-01-20 10:25 - 2012-06-02 23:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-01-20 10:25 - 2012-06-02 23:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-01-20 10:25 - 2012-06-02 23:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-01-20 10:24 - 2012-06-02 23:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-01-20 10:24 - 2012-06-02 23:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-01-20 10:24 - 2012-06-02 23:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-01-20 10:24 - 2012-06-02 23:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-01-20 10:24 - 2012-06-02 23:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-01-20 10:24 - 2012-06-02 23:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-01-20 10:23 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-01-20 10:23 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-01-20 10:23 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-01-20 10:23 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-01-17 19:31 - 2014-01-17 19:31 - 00000000 ____D () C:\Windows\SysWOW64\vi-VN 2014-01-17 19:31 - 2014-01-17 19:31 - 00000000 ____D () C:\Windows\SysWOW64\eu-ES 2014-01-17 19:31 - 2014-01-17 19:31 - 00000000 ____D () C:\Windows\SysWOW64\ca-ES 2014-01-17 19:31 - 2014-01-17 19:31 - 00000000 ____D () C:\Windows\system32\vi-VN 2014-01-17 19:31 - 2014-01-17 19:31 - 00000000 ____D () C:\Windows\system32\eu-ES 2014-01-17 19:31 - 2014-01-17 19:31 - 00000000 ____D () C:\Windows\system32\ca-ES 2014-01-17 18:16 - 2014-01-17 18:16 - 00000000 ____D () C:\Windows\system32\EventProviders 2014-01-17 18:15 - 2009-04-11 08:11 - 03108864 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-01-17 18:15 - 2009-04-11 08:11 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll 2014-01-17 18:15 - 2009-04-11 08:11 - 02204672 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll 2014-01-17 18:15 - 2009-04-11 08:11 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\FunctionDiscoveryFolder.dll 2014-01-17 18:15 - 2009-04-11 08:11 - 01146880 _____ (Microsoft Corporation) C:\Windows\system32\imapi2fs.dll 2014-01-17 18:15 - 2009-04-11 08:11 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\wcnwiz2.dll 2014-01-17 18:15 - 2009-04-11 08:11 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll 2014-01-17 18:15 - 2009-04-11 08:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\SLCExt.dll 2014-01-17 18:15 - 2009-04-11 08:11 - 00397312 _____ (Microsoft Corporation) C:\Windows\system32\WscEapPr.dll 2014-01-17 18:15 - 2009-04-11 08:11 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\msstrc.dll 2014-01-17 18:15 - 2009-04-11 08:11 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll 2014-01-17 18:15 - 2009-04-11 08:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\xmlfilter.dll 2014-01-17 18:15 - 2009-04-11 08:11 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll 2014-01-17 18:15 - 2009-04-11 08:10 - 02582016 _____ (Microsoft Corporation) C:\Windows\system32\SLsvc.exe 2014-01-17 18:15 - 2009-04-11 07:28 - 02134528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FunctionDiscoveryFolder.dll 2014-01-17 18:15 - 2009-04-11 07:28 - 01576960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll 2014-01-17 18:15 - 2009-04-11 07:28 - 01480704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll 2014-01-17 18:15 - 2009-04-11 07:28 - 01081344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SLCExt.dll 2014-01-17 18:15 - 2009-04-11 07:28 - 00968192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcnwiz2.dll 2014-01-17 18:15 - 2009-04-11 07:28 - 00291328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WscEapPr.dll 2014-01-17 18:15 - 2009-04-11 07:12 - 12240896 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0007.dll 2014-01-17 18:15 - 2009-04-11 07:12 - 02644480 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0009.dll 2014-01-17 18:15 - 2009-04-11 06:39 - 00948736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys 2014-01-17 18:15 - 2009-04-11 06:03 - 12240896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NlsLexicons0007.dll 2014-01-17 18:15 - 2009-04-11 06:03 - 02644480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NlsLexicons0009.dll 2014-01-17 18:15 - 2009-02-18 19:40 - 01165664 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll 2014-01-17 18:15 - 2009-02-18 19:39 - 01381720 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-01-17 18:15 - 2009-02-18 19:39 - 00779136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll 2014-01-17 18:15 - 2009-02-18 19:39 - 00046944 _____ (Microsoft Corporation) C:\Windows\system32\infocardcpl.cpl 2014-01-17 18:14 - 2009-04-11 08:15 - 00738264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2014-01-17 18:14 - 2009-04-11 08:15 - 00380392 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2014-01-17 18:14 - 2009-04-11 08:15 - 00347112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-17 18:14 - 2009-04-11 08:15 - 00275432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys 2014-01-17 18:14 - 2009-04-11 08:15 - 00223720 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll 2014-01-17 18:14 - 2009-04-11 08:15 - 00164840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys 2014-01-17 18:14 - 2009-04-11 08:15 - 00164328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Storport.sys 2014-01-17 18:14 - 2009-04-11 08:11 - 03894272 _____ (Microsoft Corporation) C:\Windows\system32\WinSAT.exe 2014-01-17 18:14 - 2009-04-11 08:11 - 03263488 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 02506752 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 02484224 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 02272256 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 02112000 _____ (Microsoft Corporation) C:\Windows\system32\apds.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 02028032 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 01930240 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 01925120 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 01748992 _____ (Microsoft Corporation) C:\Windows\system32\certmgr.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 01686528 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 01681920 _____ (Microsoft Corporation) C:\Windows\system32\wcnwiz.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 01673216 _____ (Microsoft Corporation) C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 01658368 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 01650688 _____ (Microsoft Corporation) C:\Windows\system32\browseui.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 01584128 _____ (Microsoft Corporation) C:\Windows\system32\diagperf.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL 2014-01-17 18:14 - 2009-04-11 08:11 - 01499136 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 01495040 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 01491968 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 01433600 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe 2014-01-17 18:14 - 2009-04-11 08:11 - 01418752 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayCpl.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\wercon.exe 2014-01-17 18:14 - 2009-04-11 08:11 - 01245696 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 01244672 _____ (Microsoft Corporation) C:\Windows\system32\RacEngn.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 01185280 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 01114112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe 2014-01-17 18:14 - 2009-04-11 08:11 - 01098240 _____ (Microsoft Corporation) C:\Windows\system32\NetProjW.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 01081856 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 01065472 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 01040896 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 01013248 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00946688 _____ (Microsoft Corporation) C:\Windows\system32\scavenge.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00935424 _____ (Microsoft Corporation) C:\Windows\system32\ipsecsnp.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00922624 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-01-17 18:14 - 2009-04-11 08:11 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\comuid.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00836608 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00820224 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00796672 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2VDEC.DLL 2014-01-17 18:14 - 2009-04-11 08:11 - 00727552 _____ (Microsoft Corporation) C:\Windows\system32\msdtcprx.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00719872 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00717312 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00671744 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00631296 _____ (Microsoft Corporation) C:\Windows\system32\SLCommDlg.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00620544 _____ (Microsoft Corporation) C:\Windows\system32\ipsmsnap.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\msvcp60.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00581632 _____ (Microsoft) C:\Windows\system32\IasMigPlugin.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00581632 _____ (Microsoft Corporation) C:\Windows\system32\sqlsrv32.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00581120 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00549888 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\imapi2.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\sdohlp.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\devmgr.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00483328 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00480768 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00409600 _____ (Microsoft Corporation) C:\Windows\system32\QAGENTRT.DLL 2014-01-17 18:14 - 2009-04-11 08:11 - 00402944 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\P2PGraph.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\wevtapi.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\w32time.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\es.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\srchadmin.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\iassdo.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00289768 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00264704 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00238592 _____ (Microsoft Corporation) C:\Windows\system32\WcnNetsh.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00238592 _____ (Microsoft Corporation) C:\Windows\system32\sperror.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00238080 _____ (Microsoft Corporation) C:\Windows\system32\spoolss.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\msctfp.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\iasrecst.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\nlhtml.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\korwbrkr.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\spwizui.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\SLC.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\EhStorAPI.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayDriverLib.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayServices.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\EhStorShell.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00121856 _____ () C:\Windows\system32\EhStorAuthn.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\fdBth.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\slwmi.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\propdefs.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairingProxy.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\EhStorPwdMgr.dll 2014-01-17 18:14 - 2009-04-11 08:11 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\fdBthProxy.dll 2014-01-17 18:14 - 2009-04-11 08:10 - 03433472 _____ (Microsoft Corporation) C:\Windows\system32\dfsr.exe 2014-01-17 18:14 - 2009-04-11 08:10 - 03079168 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2014-01-17 18:14 - 2009-04-11 08:10 - 02715136 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe 2014-01-17 18:14 - 2009-04-11 08:10 - 00967168 _____ (Microsoft Corporation) C:\Windows\system32\mblctr.exe 2014-01-17 18:14 - 2009-04-11 08:10 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\Magnify.exe 2014-01-17 18:14 - 2009-04-11 08:10 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe 2014-01-17 18:14 - 2009-04-11 08:10 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\dpapimig.exe 2014-01-17 18:14 - 2009-04-11 08:10 - 00435712 _____ (Microsoft Corporation) C:\Windows\system32\spinstall.exe 2014-01-17 18:14 - 2009-04-11 08:10 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\SLUI.exe 2014-01-17 18:14 - 2009-04-11 08:10 - 00384512 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2014-01-17 18:14 - 2009-04-11 08:10 - 00280064 _____ (Microsoft Corporation) C:\Windows\system32\eudcedit.exe 2014-01-17 18:14 - 2009-04-11 08:10 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe 2014-01-17 18:14 - 2009-04-11 08:10 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\PresentationSettings.exe 2014-01-17 18:14 - 2009-04-11 08:10 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\spreview.exe 2014-01-17 18:14 - 2009-04-11 08:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe 2014-01-17 18:14 - 2009-04-11 08:10 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairingWizard.exe 2014-01-17 18:14 - 2009-04-11 08:10 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\compcln.exe 2014-01-17 18:14 - 2009-04-11 08:09 - 00840704 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr 2014-01-17 18:14 - 2009-04-11 08:09 - 00668160 _____ (Microsoft Corporation) C:\Windows\system32\bthprops.cpl 2014-01-17 18:14 - 2009-04-11 08:05 - 01019904 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME 2014-01-17 18:14 - 2009-04-11 07:28 - 03174400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netshell.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 02241536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 02012160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\milcore.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 01985024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 01788416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 01730560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apds.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 01591296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 01589248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 01459200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 01381376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 01324032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browseui.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 01216000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuxiliaryDisplayCpl.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 01209856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 01112064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 01077248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00978432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00950784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RacEngn.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00807424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NaturalLanguage6.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00754688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00729600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-01-17 18:14 - 2009-04-11 07:28 - 00677376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imapi2fs.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00670720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00644608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\p2psvc.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00643072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl40.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00618496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00613888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2VDEC.DLL 2014-01-17 18:14 - 2009-04-11 07:28 - 00582144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SLCommDlg.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00469504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\newdev.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00466944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\riched20.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00454144 _____ (Microsoft) C:\Windows\SysWOW64\IasMigPlugin.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00409600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexch40.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00406528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp60.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00378368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imapi2.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2PGraph.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00324608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdohlp.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srchadmin.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00289792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spinstall.exe 2014-01-17 18:14 - 2009-04-11 07:28 - 00282624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\es.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00250368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtapi.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00241664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00228352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SLC.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00203264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sperror.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00165376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnNetsh.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwizui.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spoolss.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\korwbrkr.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00136192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlhtml.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EhStorAPI.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00119296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasrecst.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00117248 _____ () C:\Windows\SysWOW64\EhStorAuthn.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EhStorShell.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00112640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spreview.exe 2014-01-17 18:14 - 2009-04-11 07:28 - 00088064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdBth.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwmi.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmlfilter.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Storprop.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00054784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairingProxy.dll 2014-01-17 18:14 - 2009-04-11 07:28 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EhStorPwdMgr.dll 2014-01-17 18:14 - 2009-04-11 07:27 - 02926592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe 2014-01-17 18:14 - 2009-04-11 07:27 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe 2014-01-17 18:14 - 2009-04-11 07:27 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Magnify.exe 2014-01-17 18:14 - 2009-04-11 07:27 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bthprops.cpl 2014-01-17 18:14 - 2009-04-11 07:27 - 00463872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IasMigReader.exe 2014-01-17 18:14 - 2009-04-11 07:27 - 00441344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe 2014-01-17 18:14 - 2009-04-11 07:27 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eudcedit.exe 2014-01-17 18:14 - 2009-04-11 07:27 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe 2014-01-17 18:14 - 2009-04-11 07:27 - 00087552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe 2014-01-17 18:14 - 2009-04-11 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairingWizard.exe 2014-01-17 18:14 - 2009-04-11 07:26 - 00648704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2014-01-17 18:14 - 2009-04-11 07:26 - 00275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll 2014-01-17 18:14 - 2009-04-11 07:22 - 00883712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME 2014-01-17 18:14 - 2009-04-11 06:45 - 00700507 _____ () C:\Windows\system32\eaphost.tmf 2014-01-17 18:14 - 2009-04-11 06:42 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys 2014-01-17 18:14 - 2009-04-11 06:40 - 00471992 _____ () C:\Windows\system32\dot3.tmf 2014-01-17 18:14 - 2009-04-11 06:40 - 00395723 _____ () C:\Windows\system32\onex.tmf 2014-01-17 18:14 - 2009-04-11 06:39 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS 2014-01-17 18:14 - 2009-04-11 05:55 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys 2014-01-17 18:14 - 2009-04-11 05:55 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2014-01-17 18:14 - 2009-04-11 03:07 - 00107612 _____ () C:\Windows\system32\StructuredQuerySchema.bin 2014-01-17 18:14 - 2009-04-11 03:01 - 03662128 _____ () C:\Windows\system32\locale.nls 2014-01-17 18:14 - 2009-04-11 02:59 - 00107612 _____ () C:\Windows\SysWOW64\StructuredQuerySchema.bin 2014-01-17 18:14 - 2009-04-11 02:54 - 03662128 _____ () C:\Windows\SysWOW64\locale.nls 2014-01-17 18:14 - 2009-03-14 01:48 - 00594432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spsys.sys 2014-01-17 18:14 - 2009-03-07 02:11 - 00262552 _____ () C:\Windows\system32\systemsf.ebd 2014-01-17 18:14 - 2009-02-18 19:39 - 00171360 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-01-17 18:14 - 2009-02-18 19:38 - 00619864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2014-01-17 18:14 - 2009-02-18 19:38 - 00099680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2014-01-17 18:14 - 2009-02-18 19:38 - 00035168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardcpl.cpl 2014-01-17 18:13 - 2014-01-17 18:13 - 00000973 _____ () C:\Users\Public\Desktop\LibreOffice 4.1.lnk 2014-01-17 18:13 - 2009-04-11 08:15 - 00361448 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2014-01-17 18:13 - 2009-04-11 08:15 - 00215528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-01-17 18:13 - 2009-04-11 08:15 - 00178664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys 2014-01-17 18:13 - 2009-04-11 08:15 - 00166888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-01-17 18:13 - 2009-04-11 08:15 - 00123368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2014-01-17 18:13 - 2009-04-11 08:15 - 00029656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys 2014-01-17 18:13 - 2009-04-11 08:11 - 02570240 _____ (Microsoft Corporation) C:\Windows\system32\milcore.dll 2014-01-17 18:13 - 2009-04-11 08:11 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wlanpref.dll 2014-01-17 18:13 - 2009-04-11 08:11 - 01538560 _____ (Microsoft Corporation) C:\Windows\system32\brcpl.dll 2014-01-17 18:13 - 2009-04-11 08:11 - 01234432 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll 2014-01-17 18:13 - 2009-04-11 08:11 - 01074176 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll 2014-01-17 18:13 - 2009-04-11 08:11 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll 2014-01-17 18:13 - 2009-04-11 08:11 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\azroles.dll 2014-01-17 18:13 - 2009-04-11 08:11 - 00810496 _____ (Microsoft Corporation) C:\Windows\system32\CertEnrollUI.dll 2014-01-17 18:13 - 2009-04-11 08:11 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\wiaservc.dll 2014-01-17 18:13 - 2009-04-11 08:11 - 00539136 _____ (Microsoft Corporation) C:\Windows\system32\RelMon.dll 2014-01-17 18:13 - 2009-04-11 08:11 - 00533504 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL 2014-01-17 18:13 - 2009-04-11 08:11 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll 2014-01-17 18:13 - 2009-04-11 08:11 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe 2014-01-17 18:13 - 2009-04-11 08:11 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-01-17 18:13 - 2009-04-11 08:11 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\mtxclu.dll 2014-01-17 18:13 - 2009-04-11 08:11 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll 2014-01-17 18:13 - 2009-04-11 08:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll 2014-01-17 18:13 - 2009-04-11 08:11 - 00307712 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll 2014-01-17 18:13 - 2009-04-11 08:11 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe 2014-01-17 18:13 - 2009-04-11 08:11 - 00280064 _____ (Microsoft Corporation) C:\Windows\system32\offfilt.dll 2014-01-17 18:13 - 2009-04-11 08:11 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\wevtutil.exe 2014-01-17 18:13 - 2009-04-11 08:11 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\iassam.dll 2014-01-17 18:13 - 2009-04-11 08:11 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\adsldpc.dll 2014-01-17 18:13 - 2009-04-11 08:11 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll 2014-01-17 18:13 - 2009-04-11 08:11 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\newdev.dll 2014-01-17 18:13 - 2009-04-11 08:11 - 00213504 _____ (Microsoft Corporation) C:\Windows\system32\iasnap.dll 2014-01-17 18:13 - 2009-04-11 08:11 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\pnpsetup.dll 2014-01-17 18:13 - 2009-04-11 08:11 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\MMDevAPI.dll 2014-01-17 18:13 - 2009-04-11 08:11 - 00198144 _____ (Microsoft Corporation) C:\Windows\system32\iasrad.dll 2014-01-17 18:13 - 2009-04-11 08:11 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll 2014-01-17 18:13 - 2009-04-11 08:11 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\fundisc.dll 2014-01-17 18:13 - 2009-04-11 08:11 - 00163328 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll 2014-01-17 18:13 - 2009-04-11 08:11 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll 2014-01-17 18:13 - 2009-04-11 08:11 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\imapi.dll 2014-01-17 18:13 - 2009-04-11 08:11 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\sysclass.dll 2014-01-17 18:13 - 2009-04-11 08:11 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll 2014-01-17 18:13 - 2009-04-11 08:11 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll 2014-01-17 18:13 - 2009-04-11 08:11 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\fdProxy.dll 2014-01-17 18:13 - 2009-04-11 08:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\bthserv.dll 2014-01-17 18:13 - 2009-04-11 08:11 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\msscb.dll 2014-01-17 18:13 - 2009-04-11 08:11 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\rtffilt.dll 2014-01-17 18:13 - 2009-04-11 08:11 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\mimefilt.dll 2014-01-17 18:13 - 2009-04-11 08:10 - 00776192 _____ (Microsoft Corporation) C:\Windows\system32\sethc.exe 2014-01-17 18:13 - 2009-04-11 08:10 - 00488960 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe 2014-01-17 18:13 - 2009-04-11 08:10 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2014-01-17 18:13 - 2009-04-11 08:10 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\reg.exe 2014-01-17 18:13 - 2009-04-11 08:09 - 01321472 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl 2014-01-17 18:13 - 2009-04-11 08:09 - 00475648 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx 2014-01-17 18:13 - 2009-04-11 07:28 - 02167808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll 2014-01-17 18:13 - 2009-04-11 07:28 - 01856512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll 2014-01-17 18:13 - 2009-04-11 07:28 - 01533440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcnwiz.dll 2014-01-17 18:13 - 2009-04-11 07:28 - 01382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL 2014-01-17 18:13 - 2009-04-11 07:28 - 00996352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMNetMgr.dll 2014-01-17 18:13 - 2009-04-11 07:28 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswdat10.dll 2014-01-17 18:13 - 2009-04-11 07:28 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll 2014-01-17 18:13 - 2009-04-11 07:28 - 00560640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdtcprx.dll 2014-01-17 18:13 - 2009-04-11 07:28 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqlsrv32.dll 2014-01-17 18:13 - 2009-04-11 07:28 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2014-01-17 18:13 - 2009-04-11 07:28 - 00450560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll 2014-01-17 18:13 - 2009-04-11 07:28 - 00413696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll 2014-01-17 18:13 - 2009-04-11 07:28 - 00396288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ipsmsnap.dll 2014-01-17 18:13 - 2009-04-11 07:28 - 00378368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devmgr.dll 2014-01-17 18:13 - 2009-04-11 07:28 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-01-17 18:13 - 2009-04-11 07:28 - 00323584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2014-01-17 18:13 - 2009-04-11 07:28 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll 2014-01-17 18:13 - 2009-04-11 07:28 - 00310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxclu.dll 2014-01-17 18:13 - 2009-04-11 07:28 - 00287744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll 2014-01-17 18:13 - 2009-04-11 07:28 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsldpc.dll 2014-01-17 18:13 - 2009-04-11 07:28 - 00183808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll 2014-01-17 18:13 - 2009-04-11 07:28 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtutil.exe 2014-01-17 18:13 - 2009-04-11 07:28 - 00153088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fundisc.dll 2014-01-17 18:13 - 2009-04-11 07:28 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MMDevAPI.dll 2014-01-17 18:13 - 2009-04-11 07:28 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll 2014-01-17 18:13 - 2009-04-11 07:28 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll 2014-01-17 18:13 - 2009-04-11 07:28 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctfp.dll 2014-01-17 18:13 - 2009-04-11 07:28 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propdefs.dll 2014-01-17 18:13 - 2009-04-11 07:28 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter40.dll 2014-01-17 18:13 - 2009-04-11 07:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll 2014-01-17 18:13 - 2009-04-11 07:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msstrc.dll 2014-01-17 18:13 - 2009-04-11 07:28 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mimefilt.dll 2014-01-17 18:13 - 2009-04-11 07:28 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtffilt.dll 2014-01-17 18:13 - 2009-04-11 07:28 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscb.dll 2014-01-17 18:13 - 2009-04-11 07:28 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hidserv.dll 2014-01-17 18:13 - 2009-04-11 07:28 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll 2014-01-17 18:13 - 2009-04-11 07:28 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdBthProxy.dll 2014-01-17 18:13 - 2009-04-11 07:27 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr 2014-01-17 18:13 - 2009-04-11 07:27 - 00279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\services.exe 2014-01-17 18:13 - 2009-04-11 07:27 - 00241128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll 2014-01-17 18:13 - 2009-04-11 07:27 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe 2014-01-17 18:13 - 2009-04-11 07:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\reg.exe 2014-01-17 18:13 - 2009-04-11 07:23 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime 2014-01-17 18:13 - 2009-04-11 07:23 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime 2014-01-17 18:13 - 2009-04-11 07:23 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime 2014-01-17 18:13 - 2009-04-11 07:22 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime 2014-01-17 18:13 - 2009-04-11 07:22 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime 2014-01-17 18:13 - 2009-04-11 06:43 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys 2014-01-17 18:13 - 2009-04-11 06:43 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys 2014-01-17 18:13 - 2009-04-11 06:43 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys 2014-01-17 18:13 - 2009-04-11 05:52 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-01-17 18:13 - 2009-04-11 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-01-17 18:13 - 2009-03-30 05:42 - 00080720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-01-17 18:13 - 2009-02-18 19:40 - 00034624 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-01-17 18:13 - 2009-02-18 19:39 - 00035680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-01-17 18:12 - 2009-04-11 08:15 - 00408024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys 2014-01-17 18:12 - 2009-04-11 08:15 - 00325608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys 2014-01-17 18:12 - 2009-04-11 08:15 - 00310760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys 2014-01-17 18:12 - 2009-04-11 08:15 - 00155112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys 2014-01-17 18:12 - 2009-04-11 08:15 - 00067048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys 2014-01-17 18:12 - 2009-04-11 08:15 - 00067032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys 2014-01-17 18:12 - 2009-04-11 08:15 - 00062440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys 2014-01-17 18:12 - 2009-04-11 08:15 - 00059880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys 2014-01-17 18:12 - 2009-04-11 08:15 - 00055272 _____ (Microsoft Corporation) C:\Windows\system32\PSHED.DLL 2014-01-17 18:12 - 2009-04-11 08:15 - 00049640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciidex.sys 2014-01-17 18:12 - 2009-04-11 08:15 - 00039400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys 2014-01-17 18:12 - 2009-04-11 08:15 - 00029656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys 2014-01-17 18:12 - 2009-04-11 08:15 - 00020952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys 2014-01-17 18:12 - 2009-04-11 08:15 - 00019432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spldr.sys 2014-01-17 18:12 - 2009-04-11 08:11 - 06100480 _____ (Microsoft Corporation) C:\Windows\system32\chtbrkr.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 03235328 _____ (Microsoft Corporation) C:\Windows\system32\networkmap.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 02680832 _____ (Microsoft Corporation) C:\Windows\system32\accessibilitycpl.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 02420224 _____ (Microsoft Corporation) C:\Windows\system32\netcenter.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 02024960 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 01891840 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL 2014-01-17 18:12 - 2009-04-11 08:11 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\wpccpl.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 01740288 _____ (Microsoft Corporation) C:\Windows\system32\onex.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 01691648 _____ (Microsoft Corporation) C:\Windows\system32\connect.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 01676800 _____ (Microsoft Corporation) C:\Windows\system32\chsbrkr.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 01444352 _____ (Microsoft Corporation) C:\Windows\system32\PerfCenterCPL.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 01382912 _____ (Microsoft Corporation) C:\Windows\system32\sud.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 01301504 _____ (Microsoft Corporation) C:\Windows\system32\themecpl.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 01279488 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 01110528 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 01093120 _____ (Microsoft Corporation) C:\Windows\system32\pidgenx.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 01035776 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00995328 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00980480 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00911872 _____ (Microsoft Corporation) C:\Windows\system32\rasdlg.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00898560 _____ (Microsoft Corporation) C:\Windows\system32\powercpl.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00810496 _____ (Microsoft Corporation) C:\Windows\system32\slcc.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00785920 _____ (Microsoft Corporation) C:\Windows\system32\Utilman.exe 2014-01-17 18:12 - 2009-04-11 08:11 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00691712 _____ (Microsoft Corporation) C:\Windows\system32\pnpui.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\wpcao.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\autoplay.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\pcaui.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00589312 _____ (Microsoft Corporation) C:\Windows\system32\ncryptui.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vdsdyn.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\dsound.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00387072 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\tapisrv.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\modemui.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00302080 _____ (Microsoft Corporation) C:\Windows\system32\scansetting.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe 2014-01-17 18:12 - 2009-04-11 08:11 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00238080 _____ (Microsoft Corporation) C:\Windows\system32\tcpipcfg.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\dskquoui.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\scecli.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\dot3svc.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\regsvc.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00200704 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\spp.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00178176 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\imm32.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00161280 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll |
13.02.2014, 19:03 | #4 |
| Sweet Page nicht entfernbar FRST Teil II Code:
ATTFilter 2014-01-17 18:12 - 2009-04-11 08:11 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\ntmarta.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00153064 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe 2014-01-17 18:12 - 2009-04-11 08:11 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\SCardSvr.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\mstlsapi.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\ulib.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\IPHLPAPI.DLL 2014-01-17 18:12 - 2009-04-11 08:11 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\powrprof.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\console.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\wshext.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\regapi.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\iassvcs.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iashlpr.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mpr.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\iasads.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\SLUINotify.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\iasacct.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\feclient.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\iasdatastore.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\wshbth.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\perfdisk.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\wsepno.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\msisip.dll 2014-01-17 18:12 - 2009-04-11 08:11 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\spcmsg.dll 2014-01-17 18:12 - 2009-04-11 08:10 - 00593408 _____ (Microsoft Corporation) C:\Windows\system32\mspaint.exe 2014-01-17 18:12 - 2009-04-11 08:10 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\diskraid.exe 2014-01-17 18:12 - 2009-04-11 08:10 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-01-17 18:12 - 2009-04-11 08:10 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\diskpart.exe 2014-01-17 18:12 - 2009-04-11 08:10 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\dwm.exe 2014-01-17 18:12 - 2009-04-11 08:10 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\hdwwiz.exe 2014-01-17 18:12 - 2009-04-11 08:10 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\newdev.exe 2014-01-17 18:12 - 2009-04-11 08:10 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2014-01-17 18:12 - 2009-04-11 08:10 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\drvinst.exe 2014-01-17 18:12 - 2009-04-11 08:10 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\TSTheme.exe 2014-01-17 18:12 - 2009-04-11 08:10 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\DeviceEject.exe 2014-01-17 18:12 - 2009-04-11 08:09 - 01060352 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl 2014-01-17 18:12 - 2009-04-11 08:09 - 00750592 _____ (Microsoft Corporation) C:\Windows\system32\autoconv.exe 2014-01-17 18:12 - 2009-04-11 08:09 - 00734720 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe 2014-01-17 18:12 - 2009-04-11 08:09 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\autofmt.exe 2014-01-17 18:12 - 2009-04-11 08:09 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Kswdmcap.ax 2014-01-17 18:12 - 2009-04-11 08:05 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime 2014-01-17 18:12 - 2009-04-11 07:28 - 02225664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcenter.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 02205184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncCenter.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 01823744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pnidui.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 01671680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chsbrkr.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 01575936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL 2014-01-17 18:12 - 2009-04-11 07:28 - 01541120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\onex.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 01502720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certmgr.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 01107968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pidgenx.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 01020928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00971264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00876032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00869888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00860160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe 2014-01-17 18:12 - 2009-04-11 07:28 - 00825856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdlg.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00759296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ipsecsnp.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00757248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\azroles.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00638976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Utilman.exe 2014-01-17 18:12 - 2009-04-11 07:28 - 00633856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnrollUI.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00593408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comuid.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00551936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnntfy.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00507904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vdsdyn.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00444416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsound.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00399360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlangpui.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00396800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00368640 _____ () C:\Windows\SysWOW64\msjetoledb40.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RelMon.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00314368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winlogon.exe 2014-01-17 18:12 - 2009-04-11 07:28 - 00286720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iassdo.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00242176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscntfy.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00217088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe 2014-01-17 18:12 - 2009-04-11 07:28 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00197632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVol.exe 2014-01-17 18:12 - 2009-04-11 07:28 - 00194560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offfilt.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iassam.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00181760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pnpsetup.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00171008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasrad.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasnap.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spp.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00140800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe 2014-01-17 18:12 - 2009-04-11 07:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00114688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00108544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imapi.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ulib.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IPHLPAPI.DLL 2014-01-17 18:12 - 2009-04-11 07:28 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshext.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iassvcs.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iashlpr.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasdatastore.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdProxy.dll 2014-01-17 18:12 - 2009-04-11 07:28 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spcmsg.dll 2014-01-17 18:12 - 2009-04-11 07:27 - 01122304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl 2014-01-17 18:12 - 2009-04-11 07:27 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoconv.exe 2014-01-17 18:12 - 2009-04-11 07:27 - 00643072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe 2014-01-17 18:12 - 2009-04-11 07:27 - 00636416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autofmt.exe 2014-01-17 18:12 - 2009-04-11 07:27 - 00627200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sethc.exe 2014-01-17 18:12 - 2009-04-11 07:27 - 00389632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx 2014-01-17 18:12 - 2009-04-11 07:27 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskraid.exe 2014-01-17 18:12 - 2009-04-11 07:27 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-01-17 18:12 - 2009-04-11 07:27 - 00130024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll 2014-01-17 18:12 - 2009-04-11 07:27 - 00119808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskpart.exe 2014-01-17 18:12 - 2009-04-11 07:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Kswdmcap.ax 2014-01-17 18:12 - 2009-04-11 07:27 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\audiodg.exe 2014-01-17 18:12 - 2009-04-11 07:27 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe 2014-01-17 18:12 - 2009-04-11 07:27 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\findstr.exe 2014-01-17 18:12 - 2009-04-11 07:27 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe 2014-01-17 18:12 - 2009-04-11 07:26 - 00116224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imm32.dll 2014-01-17 18:12 - 2009-04-11 07:22 - 00413696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime 2014-01-17 18:12 - 2009-04-11 06:43 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-01-17 18:12 - 2009-04-11 06:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys 2014-01-17 18:12 - 2009-04-11 06:42 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys 2014-01-17 18:12 - 2009-04-11 06:39 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys 2014-01-17 18:12 - 2009-04-11 06:33 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys 2014-01-17 18:12 - 2009-04-11 05:54 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys 2014-01-17 18:12 - 2009-03-30 05:42 - 00155456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-01-17 18:12 - 2009-03-30 05:39 - 00154960 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-01-17 18:12 - 2009-03-30 05:39 - 00073024 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-01-17 18:12 - 2009-02-18 19:41 - 00092918 _____ () C:\Windows\system32\slmgr.vbs 2014-01-17 18:12 - 2009-02-18 19:39 - 00092918 _____ () C:\Windows\SysWOW64\slmgr.vbs 2014-01-17 18:11 - 2014-01-17 18:13 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4 2014-01-17 18:11 - 2009-04-11 08:11 - 03341312 _____ (Microsoft Corporation) C:\Windows\system32\netshell.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 02575360 _____ (Microsoft Corporation) C:\Windows\system32\SyncCenter.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 02535424 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 02438656 _____ (Microsoft Corporation) C:\Windows\system32\oobefldr.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 02247168 _____ (Microsoft Corporation) C:\Windows\system32\networkexplorer.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\WMPEncEn.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00946176 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL 2014-01-17 18:11 - 2009-04-11 08:11 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00688128 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00669184 _____ (Microsoft Corporation) C:\Windows\system32\wiaaut.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00644608 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL 2014-01-17 18:11 - 2009-04-11 08:11 - 00622592 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL 2014-01-17 18:11 - 2009-04-11 08:11 - 00616448 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00606208 _____ (Microsoft Corporation) C:\Windows\system32\riched20.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00557056 _____ (Microsoft Corporation) C:\Windows\system32\wmpeffects.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00539136 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmdev.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00521216 _____ (Microsoft Corporation) C:\Windows\system32\cmdial32.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\wlangpui.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00474624 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00458240 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL 2014-01-17 18:11 - 2009-04-11 08:11 - 00434176 _____ (Microsoft Corporation) C:\Windows\system32\wmpps.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmnet.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00403456 _____ (Microsoft Corporation) C:\Windows\system32\MediaMetadataHandler.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\rasplap.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00365568 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\thawbrkr.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\rasppp.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\raschap.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00291840 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\mscandui.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\input.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\mstask.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\wscntfy.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\msutb.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\wpdwcn.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00221696 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\wlanui.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\rasmontr.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\mdminst.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\netplwiz.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\MSAC3ENC.DLL 2014-01-17 18:11 - 2009-04-11 08:11 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\tcpmon.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\dsprop.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00163328 _____ (Microsoft Corporation) C:\Windows\system32\fontext.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\softkbd.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\mydocs.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\mprapi.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00116736 _____ (Microsoft) C:\Windows\system32\SMBHelperClass.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\oleprn.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\msctfui.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\btpanui.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\wlgpclnt.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\dot3msm.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\fdWCN.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\fdSSDP.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\fdWSD.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\PNPXAssoc.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\Storprop.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\dot3cfg.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\vss_ps.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\l2nacp.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\rshx32.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\networkitemfactory.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\hbaapi.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\deskadp.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\dataclen.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\slcinst.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\deskmon.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\bthci.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\bitsigd.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\odbcconf.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msimtf.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\cscapi.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\iaspolcy.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\ifmon.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\whealogr.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\uxsms.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\cscdll.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\version.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\MsCtfMonitor.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\wsdchngr.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\NcdProp.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\hidserv.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\wscisvif.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\midimap.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\spwinsat.dll 2014-01-17 18:11 - 2009-04-11 08:11 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\CHxReadingStringIME.dll 2014-01-17 18:11 - 2009-04-11 08:10 - 00339968 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2014-01-17 18:11 - 2009-04-11 08:10 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\certreq.exe 2014-01-17 18:11 - 2009-04-11 08:10 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SLLUA.exe 2014-01-17 18:11 - 2009-04-11 08:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\SndVol.exe 2014-01-17 18:11 - 2009-04-11 08:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\logagent.exe 2014-01-17 18:11 - 2009-04-11 08:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\conime.exe 2014-01-17 18:11 - 2009-04-11 08:10 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\cipher.exe 2014-01-17 18:11 - 2009-04-11 08:10 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\PnPUnattend.exe 2014-01-17 18:11 - 2009-04-11 08:10 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\cmmon32.exe 2014-01-17 18:11 - 2009-04-11 08:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\rekeywiz.exe 2014-01-17 18:11 - 2009-04-11 08:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ftp.exe 2014-01-17 18:11 - 2009-04-11 08:10 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cbsra.exe 2014-01-17 18:11 - 2009-04-11 08:10 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\ocsetup.exe 2014-01-17 18:11 - 2009-04-11 08:10 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\PnPutil.exe 2014-01-17 18:11 - 2009-04-11 08:10 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\bthudtask.exe 2014-01-17 18:11 - 2009-04-11 08:10 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\findstr.exe 2014-01-17 18:11 - 2009-04-11 08:10 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\fc.exe 2014-01-17 18:11 - 2009-04-11 08:10 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\rasdial.exe 2014-01-17 18:11 - 2009-04-11 08:09 - 01738752 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl 2014-01-17 18:11 - 2009-04-11 08:09 - 00320000 _____ (Microsoft Corporation) C:\Windows\system32\unimdm.tsp 2014-01-17 18:11 - 2009-04-11 08:09 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\wdmaud.drv 2014-01-17 18:11 - 2009-04-11 08:09 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax 2014-01-17 18:11 - 2009-04-11 08:09 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\msacm32.drv 2014-01-17 18:11 - 2009-04-11 07:28 - 06103040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chtbrkr.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 03072000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\networkmap.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 02515968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\accessibilitycpl.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 02226688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\networkexplorer.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 02153472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oobefldr.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 01671680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanpref.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 01645568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\connect.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 01642496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPEncEn.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 01544704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PerfCenterCPL.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 01224192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sud.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 01152000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themecpl.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 01123840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00842240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\systemcpl.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00777216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slcc.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00758784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL 2014-01-17 18:11 - 2009-04-11 07:28 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powercpl.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00657408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL 2014-01-17 18:11 - 2009-04-11 07:28 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasgcw.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00547840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiaaut.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00542720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00533504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00532992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpcao.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00516608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoplay.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL 2014-01-17 18:11 - 2009-04-11 07:28 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmdial32.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00464384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pcaui.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00445952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptui.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00425472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shwebsvc.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmdev.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasplap.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00356864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MediaMetadataHandler.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00347648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmnet.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\thawbrkr.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpeffects.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00288256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\modemui.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00284672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00281088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\raschap.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasppp.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scansetting.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tapisrv.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00218624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscandui.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00217600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdwcn.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00202752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanui.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00187904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00180736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netplwiz.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00178176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00177664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDMon.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00177152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scecli.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00170496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tcpipcfg.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00166400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00163328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msutb.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSAC3ENC.DLL 2014-01-17 18:11 - 2009-04-11 07:28 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmontr.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontext.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpcsvc.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsprop.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00135680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tcpmon.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00134656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00131072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpps.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vdsutil.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\softkbd.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00121344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntmarta.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00105472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmsynth.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmusic.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00101376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsetup.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powrprof.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00097792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleprn.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00097792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprapi.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SCardSvr.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00085504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctfui.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstlsapi.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00083456 _____ (Microsoft) C:\Windows\SysWOW64\SMBHelperClass.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlgpclnt.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3msm.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sendmail.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWCN.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpr.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdSSDP.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\regapi.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWSD.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasacct.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasads.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00054784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\feclient.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00053760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdeploy.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmci.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsnmp32.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3cfg.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\l2nacp.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dataclen.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slcinst.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hbaapi.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcconf.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\networkitemfactory.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSTheme.exe 2014-01-17 18:11 - 2009-04-11 07:28 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshbth.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iaspolcy.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfdisk.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscapi.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\whealogr.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimtf.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ifmon.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscdll.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsdchngr.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\version.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrnr.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NcdProp.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00019456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsCtfMonitor.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscisvif.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vdmdbg.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\midimap.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msisip.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcico.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwinsat.dll 2014-01-17 18:11 - 2009-04-11 07:28 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CHxReadingStringIME.dll 2014-01-17 18:11 - 2009-04-11 07:27 - 01689600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl 2014-01-17 18:11 - 2009-04-11 07:27 - 01102848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl 2014-01-17 18:11 - 2009-04-11 07:27 - 00408064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe 2014-01-17 18:11 - 2009-04-11 07:27 - 00407040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapimig.exe 2014-01-17 18:11 - 2009-04-11 07:27 - 00280064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unimdm.tsp 2014-01-17 18:11 - 2009-04-11 07:27 - 00215552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certreq.exe 2014-01-17 18:11 - 2009-04-11 07:27 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdmaud.drv 2014-01-17 18:11 - 2009-04-11 07:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpresult.exe 2014-01-17 18:11 - 2009-04-11 07:27 - 00094720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logagent.exe 2014-01-17 18:11 - 2009-04-11 07:27 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nslookup.exe 2014-01-17 18:11 - 2009-04-11 07:27 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSNP.ax 2014-01-17 18:11 - 2009-04-11 07:27 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hdwwiz.exe 2014-01-17 18:11 - 2009-04-11 07:27 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\newdev.exe 2014-01-17 18:11 - 2009-04-11 07:27 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\conime.exe 2014-01-17 18:11 - 2009-04-11 07:27 - 00058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cipher.exe 2014-01-17 18:11 - 2009-04-11 07:27 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmmon32.exe 2014-01-17 18:11 - 2009-04-11 07:27 - 00043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rekeywiz.exe 2014-01-17 18:11 - 2009-04-11 07:27 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ftp.exe 2014-01-17 18:11 - 2009-04-11 07:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ocsetup.exe 2014-01-17 18:11 - 2009-04-11 07:27 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bthudtask.exe 2014-01-17 18:11 - 2009-04-11 07:27 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ipconfig.exe 2014-01-17 18:11 - 2009-04-11 07:27 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msacm32.drv 2014-01-17 18:11 - 2009-04-11 07:27 - 00019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fc.exe 2014-01-17 18:11 - 2009-04-11 07:27 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdial.exe 2014-01-17 18:11 - 2009-04-11 07:27 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpupdate.exe 2014-01-17 18:11 - 2009-04-11 07:23 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime 2014-01-17 18:11 - 2009-04-11 07:23 - 00089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime 2014-01-17 18:11 - 2009-04-11 06:44 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys 2014-01-17 18:11 - 2009-04-11 06:43 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys 2014-01-17 18:11 - 2009-04-11 06:43 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rassstp.sys 2014-01-17 18:11 - 2009-04-11 06:43 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys 2014-01-17 18:11 - 2009-04-11 06:42 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys 2014-01-17 18:11 - 2009-04-11 06:42 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smb.sys 2014-01-17 18:11 - 2009-04-11 06:40 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys 2014-01-17 18:11 - 2009-04-11 06:39 - 00068224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys 2014-01-17 18:11 - 2009-04-11 06:39 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2014-01-17 18:11 - 2009-04-11 06:39 - 00032640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys 2014-01-17 18:11 - 2009-04-11 06:39 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys 2014-01-17 18:11 - 2009-04-11 06:36 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\iscsilog.dll 2014-01-17 18:11 - 2009-04-11 06:34 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys 2014-01-17 18:11 - 2009-04-11 06:34 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-01-17 18:11 - 2009-04-11 06:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxg.sys 2014-01-17 18:11 - 2009-04-11 06:09 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys 2014-01-17 18:11 - 2009-04-11 05:54 - 00299008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys 2014-01-17 18:11 - 2009-04-11 05:54 - 00198144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys 2014-01-17 18:11 - 2009-04-11 05:54 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys 2014-01-17 18:11 - 2009-02-20 01:20 - 00009239 _____ () C:\Windows\SysWOW64\spcinstrumentation.man 2014-01-17 18:11 - 2009-02-20 01:20 - 00009239 _____ () C:\Windows\system32\spcinstrumentation.man 2014-01-17 18:11 - 2009-02-20 01:20 - 00009212 _____ () C:\Windows\SysWOW64\RacUR.xml 2014-01-17 18:11 - 2009-02-20 01:20 - 00009212 _____ () C:\Windows\system32\RacUR.xml 2014-01-17 18:11 - 2009-02-18 19:39 - 00009048 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-01-17 18:11 - 2009-02-18 19:38 - 00009048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2014-01-17 18:10 - 2009-04-11 08:11 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-01-17 18:10 - 2009-04-11 08:04 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\f3ahvoas.dll 2014-01-17 18:10 - 2009-04-11 07:28 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvstore.dll 2014-01-17 18:10 - 2009-04-11 07:28 - 00218624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdscore.dll 2014-01-17 18:10 - 2009-04-11 07:26 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\f3ahvoas.dll 2014-01-17 18:10 - 2009-04-11 06:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspppoe.sys 2014-01-17 18:10 - 2009-04-11 06:15 - 00002560 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll 2014-01-17 18:10 - 2009-04-11 05:27 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll 2014-01-17 18:10 - 2009-02-18 19:45 - 00000153 _____ () C:\Windows\system32\RacUREx.xml 2014-01-17 18:10 - 2009-02-18 19:43 - 00000153 _____ () C:\Windows\SysWOW64\RacUREx.xml 2014-01-17 18:08 - 2009-04-11 08:11 - 00936448 _____ (Microsoft Corporation) C:\Windows\system32\SmiEngine.dll 2014-01-17 18:08 - 2009-04-11 08:11 - 00315904 _____ (Microsoft Corporation) C:\Windows\system32\drvstore.dll 2014-01-17 18:08 - 2009-04-11 08:11 - 00293888 _____ (Microsoft Corporation) C:\Windows\system32\wdscore.dll 2014-01-17 18:08 - 2009-04-11 08:10 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\PkgMgr.exe 2014-01-17 18:07 - 2014-01-17 18:07 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\AVAST Software 2014-01-17 17:43 - 2014-02-12 10:09 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-01-17 17:43 - 2014-01-24 01:24 - 00001829 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-01-17 17:42 - 2014-01-24 01:23 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-01-17 17:42 - 2014-01-24 01:23 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-01-17 17:42 - 2014-01-24 01:23 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-01-17 17:42 - 2014-01-24 01:23 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-01-17 17:42 - 2014-01-24 01:23 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2014-01-17 17:42 - 2014-01-24 01:23 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2014-01-17 17:42 - 2014-01-24 01:23 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-01-17 17:42 - 2014-01-17 18:07 - 215965696 _____ () C:\Users\Regina\Downloads\LibreOffice_4.1.4_Win_x86.msi 2014-01-17 17:42 - 2014-01-17 17:42 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-01-17 17:42 - 2014-01-17 17:42 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-01-17 17:41 - 2014-01-17 17:41 - 00000000 ____D () C:\Program Files\AVAST Software 2014-01-17 17:40 - 2014-01-17 17:41 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-01-17 17:35 - 2014-01-17 17:39 - 91412976 _____ (AVAST Software) C:\Users\Regina\Downloads\avast_free_antivirus_setup.exe 2014-01-17 17:16 - 2014-01-17 17:16 - 00812628 _____ () C:\Windows\dd_NET_Framework35_LangPack_MSI489E.txt 2014-01-17 17:15 - 2014-01-17 17:16 - 00076342 _____ () C:\Windows\dd_dotnetfx35install_lp.txt 2014-01-17 17:15 - 2014-01-17 17:16 - 00036116 _____ () C:\Windows\dd_depcheck_NETFX_EXP_35.txt 2014-01-17 17:15 - 2014-01-17 17:15 - 00000002 _____ () C:\Windows\dd_dotnetfx35error_lp.txt 2014-01-17 17:15 - 2009-11-08 10:55 - 01942856 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-01-17 17:15 - 2009-11-08 10:55 - 01130824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-01-17 17:15 - 2009-11-08 10:55 - 00444752 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll 2014-01-17 17:15 - 2009-11-08 10:55 - 00320352 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe 2014-01-17 17:15 - 2009-11-08 10:55 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll 2014-01-17 17:15 - 2009-11-08 10:55 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe 2014-01-17 17:15 - 2009-11-08 10:55 - 00109912 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll 2014-01-17 17:15 - 2009-11-08 10:55 - 00099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll 2014-01-17 17:15 - 2009-11-08 10:55 - 00049472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll 2014-01-17 17:15 - 2009-11-08 10:55 - 00048960 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll 2014-01-17 16:25 - 2010-09-06 19:28 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll 2014-01-17 16:25 - 2010-09-06 19:28 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll 2014-01-17 16:25 - 2010-09-06 19:27 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll 2014-01-17 16:25 - 2010-09-06 17:20 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll 2014-01-17 16:25 - 2010-09-06 17:19 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll 2014-01-17 16:24 - 2008-02-29 07:42 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\kbd106n.dll 2014-01-17 16:24 - 2008-02-29 07:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbd106n.dll 2014-01-17 15:52 - 2014-01-17 15:54 - 00000000 ____D () C:\Windows\system32\MRT 2014-01-17 15:29 - 2014-01-17 15:29 - 00003164 _____ () C:\Windows\System32\Tasks\CreateChoiceProcessTask 2014-01-17 15:29 - 2014-01-17 15:29 - 00001589 _____ () C:\Users\Public\Desktop\Browserwahl.lnk 2014-01-17 15:24 - 2014-01-17 15:24 - 00000000 ____D () C:\Windows\SysWOW64\WindowsPowerShell 2014-01-17 15:24 - 2014-01-17 15:24 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell 2014-01-17 15:02 - 2008-05-27 05:59 - 00018904 _____ () C:\Windows\SysWOW64\StructuredQuerySchemaTrivial.bin 2014-01-17 15:02 - 2008-05-27 05:59 - 00018904 _____ () C:\Windows\system32\StructuredQuerySchemaTrivial.bin 2014-01-17 15:02 - 2007-11-08 10:04 - 11967524 _____ () C:\Windows\SysWOW64\korwbrkr.lex 2014-01-17 15:02 - 2007-11-08 10:04 - 11967524 _____ () C:\Windows\system32\korwbrkr.lex 2014-01-17 14:18 - 2013-12-18 06:13 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-01-17 13:29 - 2010-02-24 10:28 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe 2014-01-17 13:22 - 2010-02-21 00:15 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\nshhttp.dll 2014-01-17 13:22 - 2010-02-21 00:14 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\httpapi.dll 2014-01-17 13:22 - 2010-02-21 00:06 - 00024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshhttp.dll 2014-01-17 13:22 - 2010-02-21 00:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\httpapi.dll 2014-01-17 13:22 - 2010-02-20 22:30 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys 2014-01-17 13:11 - 2009-10-09 22:56 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-01-17 13:11 - 2009-10-09 22:56 - 00246272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2014-01-17 13:11 - 2009-10-09 22:56 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrscmd.dll 2014-01-17 13:11 - 2009-10-09 22:56 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2014-01-17 13:11 - 2009-10-09 22:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2014-01-17 13:11 - 2009-10-09 22:56 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pwrshplugin.dll 2014-01-17 13:11 - 2009-10-09 22:56 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrs.exe 2014-01-17 13:11 - 2009-10-09 22:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrshost.exe 2014-01-17 13:11 - 2009-10-09 22:56 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe 2014-01-17 13:11 - 2009-10-09 22:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll 2014-01-17 13:11 - 2009-10-09 22:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrssrv.dll 2014-01-17 13:11 - 2009-10-09 22:56 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrsmgr.dll 2014-01-17 13:11 - 2009-10-09 22:55 - 00252416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-01-17 13:11 - 2009-10-09 22:55 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtfwd.dll 2014-01-17 13:11 - 2009-10-09 22:55 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wecutil.exe 2014-01-17 13:11 - 2009-10-09 22:55 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wecapi.dll 2014-01-17 13:11 - 2009-10-09 22:55 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll 2014-01-17 13:11 - 2009-10-09 22:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-01-17 13:11 - 2009-10-09 22:36 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\pwrshplugin.dll 2014-01-17 13:11 - 2009-10-09 22:35 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-01-17 13:11 - 2009-10-09 22:35 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\winrs.exe 2014-01-17 13:11 - 2009-10-09 22:35 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\winrshost.exe 2014-01-17 13:11 - 2009-10-09 22:35 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe 2014-01-17 13:11 - 2009-10-09 22:35 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll 2014-01-17 13:11 - 2009-10-09 22:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\winrsmgr.dll 2014-01-17 13:11 - 2009-10-09 22:34 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\winrscmd.dll 2014-01-17 13:11 - 2009-10-09 22:34 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-01-17 13:11 - 2009-10-09 22:34 - 00348672 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-01-17 13:11 - 2009-10-09 22:34 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\wecsvc.dll 2014-01-17 13:11 - 2009-10-09 22:34 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-01-17 13:11 - 2009-10-09 22:34 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\wevtfwd.dll 2014-01-17 13:11 - 2009-10-09 22:34 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\wecutil.exe 2014-01-17 13:11 - 2009-10-09 22:34 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\wecapi.dll 2014-01-17 13:11 - 2009-10-09 22:34 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll 2014-01-17 13:11 - 2009-10-09 22:34 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\winrssrv.dll 2014-01-17 13:11 - 2009-08-01 07:27 - 00201184 _____ () C:\Windows\SysWOW64\winrm.vbs 2014-01-17 13:11 - 2009-08-01 07:27 - 00201184 _____ () C:\Windows\system32\winrm.vbs 2014-01-17 13:11 - 2009-07-16 18:30 - 00004675 _____ () C:\Windows\SysWOW64\wsmanconfig_schema.xml 2014-01-17 13:11 - 2009-07-16 18:30 - 00004675 _____ () C:\Windows\system32\wsmanconfig_schema.xml 2014-01-17 13:11 - 2009-07-16 18:30 - 00002426 _____ () C:\Windows\SysWOW64\WsmTxt.xsl 2014-01-17 13:11 - 2009-07-16 18:30 - 00002426 _____ () C:\Windows\system32\WsmTxt.xsl 2014-01-17 12:53 - 2009-08-14 17:04 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\netiohlp.dll 2014-01-17 12:53 - 2009-08-14 15:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\NETSTAT.EXE 2014-01-17 12:53 - 2009-08-14 15:10 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\ARP.EXE 2014-01-17 12:53 - 2009-08-14 15:10 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\ROUTE.EXE 2014-01-17 12:53 - 2009-08-14 15:10 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\MRINFO.EXE 2014-01-17 12:53 - 2009-08-14 15:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\finger.exe 2014-01-17 12:53 - 2009-08-14 15:10 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\TCPSVCS.EXE 2014-01-17 12:53 - 2009-08-14 15:10 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\HOSTNAME.EXE 2014-01-17 12:53 - 2009-08-14 14:49 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NETSTAT.EXE 2014-01-17 12:53 - 2009-08-14 14:49 - 00019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ARP.EXE 2014-01-17 12:53 - 2009-08-14 14:49 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ROUTE.EXE 2014-01-17 12:53 - 2009-08-14 14:49 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MRINFO.EXE 2014-01-17 12:53 - 2009-08-14 14:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\finger.exe 2014-01-17 12:53 - 2009-08-14 14:49 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TCPSVCS.EXE 2014-01-17 12:53 - 2009-08-14 14:49 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\HOSTNAME.EXE 2014-01-17 12:53 - 2009-08-14 14:48 - 00105984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netiohlp.dll 2014-01-17 12:53 - 2009-05-08 13:59 - 00818688 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL 2014-01-17 12:53 - 2009-05-08 13:53 - 00604672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL 2014-01-17 12:52 - 2010-09-13 17:13 - 13426688 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-01-17 12:52 - 2010-09-13 16:46 - 10627072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2014-01-17 12:52 - 2010-09-13 15:32 - 08147968 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-01-17 12:52 - 2010-09-13 14:56 - 08147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2014-01-17 12:52 - 2009-09-10 16:27 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\unregmp2.exe 2014-01-17 12:52 - 2009-09-10 15:58 - 00310784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unregmp2.exe 2014-01-17 12:52 - 2009-07-15 15:46 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2014-01-17 12:52 - 2009-07-15 15:46 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2014-01-17 12:52 - 2009-07-15 15:46 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2014-01-17 12:52 - 2009-07-15 13:39 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2014-01-17 12:52 - 2009-07-15 13:39 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2014-01-17 12:52 - 2009-07-15 13:39 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2014-01-17 12:51 - 2010-08-26 18:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll 2014-01-17 12:51 - 2010-08-26 17:37 - 00157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll 2014-01-17 12:51 - 2010-06-16 17:30 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2014-01-17 12:51 - 2010-06-16 16:30 - 00072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2014-01-17 12:51 - 2009-08-10 13:47 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll 2014-01-17 12:51 - 2009-08-10 13:35 - 00355328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll 2014-01-17 12:51 - 2009-07-11 20:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll 2014-01-17 12:51 - 2009-07-11 20:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll 2014-01-17 12:51 - 2009-07-11 20:11 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll 2014-01-17 12:51 - 2009-07-11 20:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll 2014-01-17 12:51 - 2009-07-11 20:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll 2014-01-17 12:51 - 2009-07-11 20:08 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\L2SecHC.dll 2014-01-17 12:51 - 2009-07-11 20:01 - 00302592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll 2014-01-17 12:51 - 2009-07-11 20:01 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll 2014-01-17 12:51 - 2009-07-11 20:01 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll 2014-01-17 12:51 - 2009-07-11 18:24 - 02608861 _____ () C:\Windows\system32\wlan.tmf 2014-01-17 12:51 - 2009-07-11 18:03 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\L2SecHC.dll 2014-01-17 12:51 - 2009-07-10 12:51 - 00302080 _____ (Microsoft Corporation) C:\Windows\system32\shsvcs.dll 2014-01-17 12:51 - 2009-07-10 12:47 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsvcs.dll 2014-01-17 12:51 - 2009-06-15 16:10 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2014-01-17 12:51 - 2009-06-15 15:51 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2014-01-17 12:51 - 2009-04-11 07:28 - 00068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll 2014-01-17 12:51 - 2009-04-11 07:26 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2014-01-17 12:49 - 2010-01-25 13:10 - 00539136 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-01-17 12:49 - 2010-01-25 13:10 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-01-17 12:49 - 2010-01-25 13:10 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-01-17 12:49 - 2010-01-25 13:10 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-01-17 12:49 - 2010-01-25 13:08 - 00460288 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-01-17 12:49 - 2010-01-25 13:00 - 00471552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll 2014-01-17 12:49 - 2010-01-25 13:00 - 00471552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll 2014-01-17 12:49 - 2010-01-25 13:00 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll 2014-01-17 12:49 - 2010-01-25 13:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll 2014-01-17 12:49 - 2010-01-25 12:58 - 00332288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll 2014-01-17 12:49 - 2010-01-25 09:29 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-01-17 12:49 - 2010-01-25 09:29 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-01-17 12:49 - 2010-01-25 09:29 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-01-17 12:49 - 2010-01-25 09:29 - 00409600 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-01-17 12:49 - 2010-01-25 09:21 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe 2014-01-17 12:49 - 2010-01-25 09:21 - 00518144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe 2014-01-17 12:49 - 2010-01-25 09:21 - 00347136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe 2014-01-17 12:49 - 2010-01-25 09:21 - 00346624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe 2014-01-17 12:48 - 2011-03-03 16:59 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Apphlpdm.dll 2014-01-17 12:48 - 2011-03-03 16:40 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Apphlpdm.dll 2014-01-17 12:48 - 2011-03-03 15:00 - 04240384 _____ (Microsoft) C:\Windows\system32\GameUXLegacyGDFs.dll 2014-01-17 12:48 - 2011-03-03 14:35 - 04240384 _____ (Microsoft) C:\Windows\SysWOW64\GameUXLegacyGDFs.dll 2014-01-17 12:48 - 2010-08-26 18:42 - 01927680 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll 2014-01-17 12:48 - 2010-08-26 17:34 - 01696256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll 2014-01-17 12:48 - 2010-06-28 18:21 - 01915904 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2014-01-17 12:48 - 2010-06-28 18:00 - 01316864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2014-01-17 12:48 - 2010-02-18 14:49 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll 2014-01-17 12:48 - 2010-02-18 12:59 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys 2014-01-17 12:48 - 2009-12-08 18:55 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys 2014-01-17 12:48 - 2009-07-15 15:47 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\wmpdxm.dll 2014-01-17 12:48 - 2009-07-15 13:39 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpdxm.dll 2014-01-17 12:48 - 2009-07-15 11:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.tlb 2014-01-17 12:48 - 2009-07-15 11:23 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\amcompat.tlb 2014-01-17 12:48 - 2009-07-15 11:21 - 00043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.tlb 2014-01-17 12:48 - 2009-07-15 11:21 - 00018432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\amcompat.tlb 2014-01-17 12:48 - 2009-06-15 16:11 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-01-17 12:48 - 2009-06-15 15:52 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-01-17 12:47 - 2011-03-10 18:18 - 01398784 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll 2014-01-17 12:47 - 2011-03-10 18:18 - 01360384 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll 2014-01-17 12:47 - 2011-03-10 18:03 - 01162240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll 2014-01-17 12:47 - 2011-03-10 18:03 - 01136640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll 2014-01-17 12:47 - 2011-02-24 17:38 - 00991104 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2014-01-17 12:47 - 2011-02-24 17:38 - 00979840 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2014-01-17 12:47 - 2011-02-24 17:37 - 01076608 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2014-01-17 12:47 - 2011-02-24 17:37 - 01063296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2014-01-17 12:47 - 2011-02-24 17:37 - 00020864 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll 2014-01-17 12:47 - 2011-02-24 17:37 - 00018816 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll 2014-01-17 12:47 - 2011-02-24 17:37 - 00017792 _____ (Microsoft Corporation) C:\Windows\system32\kdcom.dll 2014-01-17 12:47 - 2010-12-28 17:08 - 00466944 _____ (Microsoft Corporation) C:\Windows\system32\odbc32.dll 2014-01-17 12:47 - 2010-12-28 16:55 - 00413696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbc32.dll 2014-01-17 12:47 - 2010-12-17 16:41 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-01-17 12:47 - 2010-12-17 14:54 - 00677888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-01-17 12:47 - 2010-12-14 17:15 - 01251840 _____ (Microsoft Corporation) C:\Windows\system32\sdclt.exe 2014-01-17 12:47 - 2010-08-17 15:54 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe 2014-01-17 12:47 - 2009-12-04 19:52 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\tsbyuv.dll 2014-01-17 12:47 - 2009-12-04 19:50 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\msvidc32.dll 2014-01-17 12:47 - 2009-12-04 19:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\msyuv.dll 2014-01-17 12:47 - 2009-12-04 19:50 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\msrle32.dll 2014-01-17 12:47 - 2009-12-04 19:49 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\iyuv_32.dll 2014-01-17 12:47 - 2009-12-04 19:30 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsbyuv.dll 2014-01-17 12:47 - 2009-12-04 19:28 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvfw32.dll 2014-01-17 12:47 - 2009-12-04 19:28 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mciavi32.dll 2014-01-17 12:47 - 2009-12-04 19:28 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iyuv_32.dll 2014-01-17 12:47 - 2009-12-04 19:28 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvidc32.dll 2014-01-17 12:47 - 2009-12-04 19:28 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msyuv.dll 2014-01-17 12:47 - 2009-12-04 19:28 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrle32.dll 2014-01-17 12:47 - 2009-12-04 19:27 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\avifil32.dll 2014-01-17 12:47 - 2009-10-07 13:20 - 00280576 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-01-17 12:47 - 2009-10-07 12:36 - 00243712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-01-17 12:47 - 2009-09-10 18:09 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-01-17 12:47 - 2009-09-10 17:48 - 00218624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-01-17 12:47 - 2009-09-04 12:54 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\msasn1.dll 2014-01-17 12:47 - 2009-09-04 12:41 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msasn1.dll 2014-01-17 12:47 - 2009-06-15 16:13 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-01-17 12:47 - 2009-06-15 15:54 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-01-17 12:47 - 2009-06-10 12:52 - 02900480 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL 2014-01-17 12:47 - 2009-06-10 12:51 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\mciavi32.dll 2014-01-17 12:47 - 2009-06-10 12:49 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\avifil32.dll 2014-01-17 12:47 - 2009-06-10 12:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\avicap32.dll 2014-01-17 12:47 - 2009-06-10 12:41 - 02386944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVCORE.DLL 2014-01-17 12:47 - 2009-04-11 08:11 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2014-01-17 12:47 - 2009-04-11 08:11 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-01-17 12:47 - 2009-04-11 08:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tscupgrd.exe 2014-01-17 12:47 - 2009-04-11 08:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2014-01-17 12:47 - 2009-04-11 07:28 - 00136192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2014-01-17 12:47 - 2009-04-11 07:28 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tscupgrd.exe 2014-01-17 12:47 - 2009-04-11 07:28 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2014-01-17 12:47 - 2009-04-11 07:27 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2014-01-17 12:47 - 2009-04-11 07:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2014-01-17 12:47 - 2009-04-11 06:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2014-01-17 12:47 - 2009-04-11 05:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2014-01-17 12:46 - 2011-07-06 16:49 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2014-01-17 12:46 - 2011-05-02 18:16 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2014-01-17 12:46 - 2011-05-02 18:13 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2014-01-17 12:46 - 2011-04-29 14:41 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2014-01-17 12:46 - 2011-04-29 14:40 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2014-01-17 12:46 - 2011-04-29 14:39 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2014-01-17 12:46 - 2011-04-29 14:39 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2014-01-17 12:46 - 2011-04-14 16:14 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys 2014-01-17 12:46 - 2011-03-02 17:12 - 00221696 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll 2014-01-17 12:46 - 2011-03-02 17:12 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll 2014-01-17 12:46 - 2011-03-02 16:44 - 00168448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll 2014-01-17 12:46 - 2011-02-18 15:18 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2014-01-17 12:46 - 2010-12-29 20:01 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll 2014-01-17 12:46 - 2010-12-29 20:01 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\sbeio.dll 2014-01-17 12:46 - 2010-12-29 19:59 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax 2014-01-17 12:46 - 2010-12-29 19:28 - 00322560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll 2014-01-17 12:46 - 2010-12-29 19:28 - 00153088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbeio.dll 2014-01-17 12:46 - 2010-12-29 19:26 - 00177664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax 2014-01-17 12:46 - 2010-08-31 16:46 - 00954752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc40.dll 2014-01-17 12:46 - 2010-08-31 16:46 - 00954288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc40u.dll 2014-01-17 12:46 - 2010-06-18 18:48 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\rtutils.dll 2014-01-17 12:46 - 2010-06-18 18:31 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtutils.dll 2014-01-17 12:46 - 2010-04-16 18:07 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-01-17 12:46 - 2010-04-16 17:46 - 00502272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2014-01-17 12:46 - 2010-04-05 18:33 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL 2014-01-17 12:46 - 2010-04-05 18:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll 2014-01-17 12:46 - 2010-04-05 18:02 - 00317952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL 2014-01-17 12:46 - 2010-04-05 18:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll 2014-01-17 12:46 - 2010-01-21 16:37 - 00072192 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\system32\l3codeca.acm 2014-01-17 12:46 - 2010-01-21 16:05 - 00062464 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\SysWOW64\l3codeca.acm 2014-01-17 12:46 - 2009-10-23 18:30 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl 2014-01-17 12:46 - 2009-10-23 18:10 - 00714240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl 2014-01-17 12:46 - 2009-07-17 15:14 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\atl.dll 2014-01-17 12:46 - 2009-07-17 14:54 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atl.dll 2014-01-17 12:46 - 2009-06-10 12:53 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll 2014-01-17 12:46 - 2009-05-04 11:21 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe 2014-01-17 12:46 - 2009-05-04 10:59 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe 2014-01-17 12:46 - 2009-04-11 08:09 - 00181760 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\system32\l3codecp.acm 2014-01-17 12:46 - 2009-04-11 07:27 - 00220672 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\SysWOW64\l3codecp.acm 2014-01-17 12:44 - 2011-02-18 15:16 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys 2014-01-17 12:44 - 2010-10-18 16:35 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-01-17 12:44 - 2010-08-20 17:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll 2014-01-17 12:44 - 2010-08-20 17:05 - 00867328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll 2014-01-17 12:44 - 2010-05-27 21:08 - 00081920 _____ (Radius Inc.) C:\Windows\SysWOW64\iccvid.dll 2014-01-17 12:44 - 2010-01-13 18:49 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\cabview.dll 2014-01-17 12:44 - 2010-01-13 18:34 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cabview.dll 2014-01-17 12:41 - 2010-11-06 12:18 - 00855040 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2014-01-17 12:41 - 2010-11-06 12:18 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll 2014-01-17 12:41 - 2010-11-06 12:18 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\wmicmiplugin.dll 2014-01-17 12:41 - 2010-11-06 12:18 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll 2014-01-17 12:41 - 2010-11-05 00:58 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe 2014-01-17 12:41 - 2010-11-04 19:55 - 00352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll 2014-01-17 12:41 - 2010-11-04 19:55 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll 2014-01-17 12:41 - 2010-11-04 17:34 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe 2014-01-17 12:13 - 2014-01-17 12:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-01-17 12:13 - 2014-01-17 12:13 - 00000000 ____D () C:\Windows\SysWOW64\Atheros_L1e 2014-01-17 12:10 - 2014-01-17 14:56 - 00000000 ____D () C:\Program Files (x86)\Intel 2014-01-17 12:10 - 2014-01-17 12:10 - 00000000 ____D () C:\Intel 2014-01-17 12:10 - 2008-07-16 16:05 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll 2014-01-17 12:09 - 2014-01-17 12:10 - 00000000 ____D () C:\acer 5810t 2014-01-17 12:09 - 2014-01-17 12:09 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_00_00.Wdf 2014-01-17 11:10 - 2014-01-27 10:57 - 00000000 ___RD () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-17 11:10 - 2014-01-26 13:13 - 00001189 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-01-17 11:10 - 2014-01-26 13:13 - 00001183 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2014-01-17 11:10 - 2014-01-20 10:15 - 00062768 _____ () C:\Users\Regina\AppData\Local\GDIPFONTCACHEV1.DAT 2014-01-17 11:10 - 2014-01-17 11:10 - 00000974 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-01-17 11:10 - 2014-01-17 11:10 - 00000000 ___RD () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-01-17 11:09 - 2014-02-12 12:37 - 00000000 ____D () C:\Users\Regina 2014-01-17 11:09 - 2014-01-20 10:14 - 00000915 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk 2014-01-17 11:09 - 2014-01-17 11:27 - 00000732 _____ () C:\Users\Regina\AppData\Local\d3d9caps64.dat 2014-01-17 11:09 - 2014-01-17 11:09 - 00000020 ___SH () C:\Users\Regina\ntuser.ini 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\Vorlagen 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\Startmenü 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\Netzwerkumgebung 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\Lokale Einstellungen 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\Eigene Dateien 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\Druckumgebung 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\Documents\Eigene Musik 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\Documents\Eigene Bilder 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\AppData\Local\Verlauf 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\AppData\Local\Anwendungsdaten 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\Anwendungsdaten 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\Vorlagen 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\Startmenü 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\Druckumgebung 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Programme 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\ProgramData\Vorlagen 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\ProgramData\Startmenü 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\ProgramData\Favoriten 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\ProgramData\Dokumente 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Dokumente und Einstellungen 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 ____D () C:\Users\Regina\AppData\Local\VirtualStore 2014-01-17 11:09 - 2008-01-21 04:20 - 00000000 ___RD () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-01-17 11:09 - 2008-01-21 04:20 - 00000000 ___RD () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-01-17 11:04 - 2014-01-17 11:04 - 00001355 _____ () C:\Windows\TSSysprep.log 2014-01-17 10:59 - 2014-01-17 11:05 - 00000000 ____D () C:\Windows\Panther 2014-01-17 10:58 - 2014-01-17 10:58 - 00008192 ___RS () C:\BOOTSECT.BAK 2014-01-17 10:58 - 2009-04-11 07:36 - 00333257 __RSH () C:\bootmgr ==================== One Month Modified Files and Folders ======= 2014-02-12 12:41 - 2014-02-12 12:41 - 00010906 _____ () C:\Users\Regina\Desktop\FRST.txt 2014-02-12 12:41 - 2014-02-12 12:41 - 00000000 ____D () C:\FRST 2014-02-12 12:40 - 2014-02-12 12:39 - 02151424 _____ (Farbar) C:\Users\Regina\Desktop\FRST64.exe 2014-02-12 12:38 - 2014-02-12 12:37 - 00000474 _____ () C:\Users\Regina\Desktop\defogger_disable.log 2014-02-12 12:38 - 2006-11-02 16:22 - 00004576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-12 12:38 - 2006-11-02 16:22 - 00004576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-12 12:37 - 2014-02-12 12:37 - 00000000 _____ () C:\Users\Regina\defogger_reenable 2014-02-12 12:37 - 2014-01-17 11:09 - 00000000 ____D () C:\Users\Regina 2014-02-12 12:33 - 2008-01-21 02:53 - 01465198 _____ () C:\Windows\WindowsUpdate.log 2014-02-12 12:28 - 2014-01-24 20:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-12 10:09 - 2014-01-17 17:43 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-02-11 23:03 - 2014-02-11 23:03 - 00010506 _____ () C:\Users\Regina\Desktop\prefs.js 2014-02-11 21:57 - 2008-01-21 12:10 - 01565124 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-11 21:57 - 2008-01-21 12:09 - 00673502 _____ () C:\Windows\system32\perfh007.dat 2014-02-11 21:57 - 2008-01-21 12:09 - 00145482 _____ () C:\Windows\system32\perfc007.dat 2014-02-11 21:52 - 2014-01-26 17:13 - 00000000 ___RD () C:\Users\Regina\Dropbox 2014-02-11 21:52 - 2014-01-26 17:08 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Dropbox 2014-02-11 21:51 - 2006-11-02 16:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-11 15:51 - 2006-11-02 16:42 - 00017100 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-02-11 15:29 - 2014-02-11 15:28 - 00277280 _____ () C:\Windows\Minidump\Mini021114-02.dmp 2014-02-11 15:28 - 2014-02-11 15:00 - 390989177 _____ () C:\Windows\MEMORY.DMP 2014-02-11 15:28 - 2014-02-11 15:00 - 00000000 ____D () C:\Windows\Minidump 2014-02-11 15:00 - 2014-02-11 15:00 - 00277256 _____ () C:\Windows\Minidump\Mini021114-01.dmp 2014-02-11 15:00 - 2014-01-20 11:33 - 00001576 _____ () C:\Windows\system32\spsys.log 2014-02-10 17:43 - 2014-02-10 17:43 - 00050477 _____ () C:\Users\Regina\Desktop\Defogger.exe 2014-02-06 14:29 - 2014-01-24 20:26 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-02-06 14:29 - 2014-01-24 20:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-02-06 14:29 - 2014-01-24 20:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-06 14:18 - 2014-02-06 14:18 - 00000000 ____D () C:\ProgramData\Mozilla 2014-02-06 14:18 - 2014-02-06 14:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-06 14:18 - 2014-01-23 20:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-02-04 18:32 - 2014-01-23 20:46 - 00000000 ____D () C:\Users\Regina\AppData\Local\Thunderbird 2014-02-02 19:41 - 2014-01-24 22:01 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\vlc 2014-02-02 19:40 - 2014-02-02 19:40 - 00000000 ____D () C:\Users\Regina\Desktop\Bilder 2014 2014-02-02 19:35 - 2006-11-02 16:27 - 00090574 _____ () C:\Windows\setupact.log 2014-02-02 14:37 - 2014-01-26 17:45 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Skype 2014-01-31 18:15 - 2014-01-28 21:33 - 00000000 ____D () C:\Users\Regina\Desktop\Jobs 2014-01-30 23:35 - 2014-01-24 20:08 - 00000000 ____D () C:\ProgramData\Adobe 2014-01-29 21:59 - 2014-01-28 22:45 - 00000000 ___RD () C:\Users\Regina\Desktop\Projekte 2014-01-29 21:59 - 2014-01-28 21:45 - 00000000 ___RD () C:\Users\Regina\Desktop\Freizeit 2014-01-29 12:25 - 2014-01-29 12:25 - 00000000 ___HD () C:\ProgramData\CanonBJ 2014-01-29 00:17 - 2014-01-28 23:04 - 00000000 ___RD () C:\Users\Regina\Desktop\Fotos_Videos_ReginaBerthold_2005-2014 2014-01-28 22:58 - 2014-01-28 22:57 - 00000000 ____D () C:\Users\Regina\Desktop\Uni BA MA 2014-01-28 22:56 - 2014-01-28 22:56 - 00003584 _____ () C:\Users\Regina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-28 22:56 - 2014-01-28 22:56 - 00000000 ____D () C:\Users\Regina\Desktop\Ungeordnete Dateien Regina 2014-01-28 22:53 - 2014-01-28 22:46 - 00000000 ____D () C:\Users\Regina\Desktop\Musik von Regina 2014-01-28 21:34 - 2014-01-28 21:34 - 00000000 ____D () C:\Users\Regina\Desktop\Bewerbung 2014-01-27 10:58 - 2014-01-26 13:12 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\systweak 2014-01-27 10:57 - 2014-01-26 13:14 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup 2014-01-27 10:57 - 2014-01-17 11:10 - 00000000 ___RD () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-26 17:45 - 2014-01-26 17:45 - 00000000 ____D () C:\Users\Regina\AppData\Local\Skype 2014-01-26 17:44 - 2014-01-26 17:44 - 00001892 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-01-26 17:44 - 2014-01-26 17:44 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-01-26 17:44 - 2014-01-26 17:44 - 00000000 ____D () C:\ProgramData\Skype 2014-01-26 17:43 - 2014-01-26 17:42 - 35671200 _____ (Skype Technologies S.A.) C:\Users\Regina\Downloads\SkypeSetupFull.exe 2014-01-26 17:17 - 2014-01-24 20:10 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Adobe 2014-01-26 17:17 - 2014-01-24 20:00 - 00000000 ____D () C:\Users\Regina\AppData\Local\Adobe 2014-01-26 17:13 - 2014-01-26 17:13 - 00000942 _____ () C:\Users\Regina\Desktop\Dropbox.lnk 2014-01-26 17:13 - 2014-01-26 17:11 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\DropboxMaster 2014-01-26 17:11 - 2014-01-26 17:11 - 00000000 ____D () C:\Program Files (x86)\Dropbox 2014-01-26 17:10 - 2014-01-26 17:10 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-01-26 17:06 - 2014-01-26 17:05 - 37660568 _____ (Dropbox, Inc.) C:\Users\Regina\Downloads\Dropbox 2.6.2.exe 2014-01-26 14:14 - 2014-01-26 13:13 - 00000000 ____D () C:\Program Files (x86)\RightSurf 2014-01-26 13:15 - 2014-01-26 13:15 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\0F1F1C2Y1H1P1C0I0T 2014-01-26 13:15 - 2014-01-26 13:15 - 00000000 ____D () C:\ProgramData\IePluginService 2014-01-26 13:15 - 2014-01-26 13:15 - 00000000 ____D () C:\Program Files (x86)\SupTab 2014-01-26 13:14 - 2014-01-26 13:14 - 00000000 ____D () C:\ProgramData\WPM 2014-01-26 13:14 - 2014-01-26 13:13 - 00437118 _____ () C:\Users\Regina\AppData\Local\dd_vcredistMSI4E0F.txt 2014-01-26 13:14 - 2014-01-26 13:13 - 00012072 _____ () C:\Users\Regina\AppData\Local\dd_vcredistUI4E0F.txt 2014-01-26 13:13 - 2014-01-23 20:16 - 00001098 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-01-26 13:13 - 2014-01-17 11:10 - 00001189 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-01-26 13:13 - 2014-01-17 11:10 - 00001183 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2014-01-26 13:13 - 2006-11-02 14:33 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-01-26 13:11 - 2014-01-26 13:12 - 00608840 _____ () C:\Users\Regina\Downloads\adblock-plus.xpi 2014-01-26 13:11 - 2014-01-26 13:11 - 00675736 _____ ( ) C:\Users\Regina\Downloads\adblock-plus.exe 2014-01-24 21:49 - 2014-01-24 21:49 - 00000901 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-01-24 21:49 - 2014-01-24 21:49 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2014-01-24 21:39 - 2014-01-24 21:38 - 24097311 _____ () C:\Users\Regina\Downloads\vlc-2.1.2-win32.exe 2014-01-24 20:10 - 2014-01-24 20:10 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Macromedia 2014-01-24 20:10 - 2014-01-24 20:10 - 00000000 ____D () C:\Users\Regina\AppData\Local\Macromedia 2014-01-24 20:09 - 2014-01-24 20:09 - 00001922 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk 2014-01-24 20:09 - 2014-01-24 20:09 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-01-24 20:02 - 2014-01-24 20:02 - 00000000 ____D () C:\Windows\SysWOW64\Macromed 2014-01-24 20:02 - 2014-01-24 20:02 - 00000000 ____D () C:\Windows\system32\Macromed 2014-01-24 01:24 - 2014-01-17 17:43 - 00001829 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-01-24 01:23 - 2014-01-17 17:42 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-01-24 01:23 - 2014-01-17 17:42 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-01-24 01:23 - 2014-01-17 17:42 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-01-24 01:23 - 2014-01-17 17:42 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-01-24 01:23 - 2014-01-17 17:42 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2014-01-24 01:23 - 2014-01-17 17:42 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2014-01-24 01:23 - 2014-01-17 17:42 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-01-23 21:02 - 2014-01-23 21:02 - 00001003 _____ () C:\Users\Regina\Documents\MailShield.der 2014-01-23 20:46 - 2014-01-23 20:46 - 00001844 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk 2014-01-23 20:46 - 2014-01-23 20:46 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Thunderbird 2014-01-23 20:18 - 2014-01-23 20:17 - 21981704 _____ (Mozilla) C:\Users\Regina\Downloads\Thunderbird Setup 24.2.0.exe 2014-01-23 20:16 - 2014-01-23 20:16 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Mozilla 2014-01-23 20:16 - 2014-01-23 20:16 - 00000000 ____D () C:\Users\Regina\AppData\Local\Mozilla 2014-01-23 20:16 - 2014-01-23 20:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-01-23 19:43 - 2008-01-21 04:26 - 00020702 _____ () C:\Windows\PFRO.log 2014-01-20 16:09 - 2014-01-20 16:09 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\LibreOffice 2014-01-20 15:06 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\rescache 2014-01-20 15:00 - 2014-01-20 14:46 - 01541636 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-01-20 14:04 - 2014-01-20 14:04 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-01-20 14:01 - 2006-11-02 16:21 - 00290832 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-01-20 13:58 - 2014-01-20 13:58 - 00000000 ____D () C:\Windows\SysWOW64\spool 2014-01-20 13:58 - 2014-01-20 13:58 - 00000000 ____D () C:\Program Files\Windows Portable Devices 2014-01-20 13:58 - 2014-01-20 13:58 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices 2014-01-20 13:58 - 2006-11-02 16:07 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer 2014-01-20 13:58 - 2006-11-02 16:07 - 00000000 ____D () C:\Program Files\Windows Journal 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\uk-UA 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\th-TH 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\sr-Latn-CS 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\sl-SI 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\ro-RO 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\lv-LV 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\lt-LT 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\hr-HR 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\he-IL 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\et-EE 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\zh-HK 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\uk-UA 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\tr-TR 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\th-TH 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\sl-SI 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\sk-SK 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\ro-RO 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\lv-LV 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\lt-LT 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\hr-HR 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\he-IL 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\et-EE 2014-01-20 13:58 - 2006-11-02 14:33 - 00000000 ___RD () C:\Windows\Offline Web Pages 2014-01-20 13:58 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\system32\bg-BG 2014-01-20 13:58 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\system32\ar-SA 2014-01-20 13:58 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-01-20 13:58 - 2006-11-02 14:33 - 00000000 ____D () C:\Program Files\Common Files\System 2014-01-20 13:57 - 2014-01-20 13:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_07_00.Wdf |
13.02.2014, 19:04 | #5 |
| Sweet Page nicht entfernbar FRST Teil III Code:
ATTFilter 2014-01-20 12:21 - 2014-01-20 12:16 - 00004287 _____ () C:\Windows\IE9_main.log 2014-01-20 12:20 - 2014-01-20 12:20 - 17847296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 12344320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2014-01-20 12:20 - 2014-01-20 12:20 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-01-20 12:20 - 2014-01-20 12:20 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-01-20 12:20 - 2014-01-20 12:20 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-01-20 12:20 - 2014-01-20 12:20 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-01-20 12:20 - 2014-01-20 12:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-01-20 12:20 - 2014-01-20 12:20 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-01-20 12:20 - 2014-01-20 12:20 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-01-20 12:20 - 2014-01-20 12:20 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\advpack.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-01-20 12:20 - 2014-01-20 12:20 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-01-20 12:20 - 2014-01-20 12:20 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-01-20 12:20 - 2006-11-02 13:16 - 00008798 _____ () C:\Windows\SysWOW64\icrav03.rat 2014-01-20 12:20 - 2006-11-02 13:16 - 00001988 _____ () C:\Windows\SysWOW64\ticrf.rat 2014-01-20 12:20 - 2006-11-02 07:36 - 00008798 _____ () C:\Windows\system32\icrav03.rat 2014-01-20 12:20 - 2006-11-02 07:36 - 00001988 _____ () C:\Windows\system32\ticrf.rat 2014-01-20 12:18 - 2014-01-20 12:18 - 03548672 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 03068416 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 01554432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsservices.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\MFH264Dec.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 01075712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 01032192 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe 2014-01-20 12:18 - 2014-01-20 12:18 - 00979456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFH264Dec.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00847360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00625152 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00586240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00428544 _____ (Microsoft Corporation) C:\Windows\system32\MFHEAACdec.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4src.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv 2014-01-20 12:18 - 2014-01-20 12:18 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFHEAACdec.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00345088 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00302592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4src.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00258048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv 2014-01-20 12:18 - 2014-01-20 12:18 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00135680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelineprxy.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-01-20 12:17 - 2014-01-20 12:17 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00449024 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00369664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\dxdiag.exe 2014-01-20 12:17 - 2014-01-20 12:17 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\dxdiagn.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiag.exe 2014-01-20 12:17 - 2014-01-20 12:17 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiagn.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00189440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll 2014-01-20 10:15 - 2014-01-17 11:10 - 00062768 _____ () C:\Users\Regina\AppData\Local\GDIPFONTCACHEV1.DAT 2014-01-20 10:14 - 2014-01-17 11:09 - 00000915 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk 2014-01-17 19:31 - 2014-01-17 19:31 - 00000000 ____D () C:\Windows\SysWOW64\vi-VN 2014-01-17 19:31 - 2014-01-17 19:31 - 00000000 ____D () C:\Windows\SysWOW64\eu-ES 2014-01-17 19:31 - 2014-01-17 19:31 - 00000000 ____D () C:\Windows\SysWOW64\ca-ES 2014-01-17 19:31 - 2014-01-17 19:31 - 00000000 ____D () C:\Windows\system32\vi-VN 2014-01-17 19:31 - 2014-01-17 19:31 - 00000000 ____D () C:\Windows\system32\eu-ES 2014-01-17 19:31 - 2014-01-17 19:31 - 00000000 ____D () C:\Windows\system32\ca-ES 2014-01-17 19:31 - 2006-11-02 16:07 - 00000000 ____D () C:\Program Files\Windows Sidebar 2014-01-17 19:31 - 2006-11-02 16:07 - 00000000 ____D () C:\Program Files\Windows Photo Gallery 2014-01-17 19:31 - 2006-11-02 16:07 - 00000000 ____D () C:\Program Files\Windows Defender 2014-01-17 19:31 - 2006-11-02 16:07 - 00000000 ____D () C:\Program Files\Windows Collaboration 2014-01-17 19:31 - 2006-11-02 16:07 - 00000000 ____D () C:\Program Files\Movie Maker 2014-01-17 19:31 - 2006-11-02 16:07 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar 2014-01-17 19:31 - 2006-11-02 16:07 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Gallery 2014-01-17 19:31 - 2006-11-02 16:07 - 00000000 ____D () C:\Program Files (x86)\Windows Calendar 2014-01-17 19:31 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\SLUI 2014-01-17 19:31 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\setup 2014-01-17 19:31 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\oobe 2014-01-17 19:31 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\migwiz 2014-01-17 19:31 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\manifeststore 2014-01-17 19:31 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\AdvancedInstallers 2014-01-17 19:31 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\SLUI 2014-01-17 19:31 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\setup 2014-01-17 19:31 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\oobe 2014-01-17 19:31 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\migwiz 2014-01-17 19:31 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\manifeststore 2014-01-17 19:31 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers 2014-01-17 19:31 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\servicing 2014-01-17 19:31 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\IME 2014-01-17 18:16 - 2014-01-17 18:16 - 00000000 ____D () C:\Windows\system32\EventProviders 2014-01-17 18:13 - 2014-01-17 18:13 - 00000973 _____ () C:\Users\Public\Desktop\LibreOffice 4.1.lnk 2014-01-17 18:13 - 2014-01-17 18:11 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4 2014-01-17 18:07 - 2014-01-17 18:07 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\AVAST Software 2014-01-17 18:07 - 2014-01-17 17:42 - 215965696 _____ () C:\Users\Regina\Downloads\LibreOffice_4.1.4_Win_x86.msi 2014-01-17 17:42 - 2014-01-17 17:42 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-01-17 17:42 - 2014-01-17 17:42 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-01-17 17:41 - 2014-01-17 17:41 - 00000000 ____D () C:\Program Files\AVAST Software 2014-01-17 17:41 - 2014-01-17 17:40 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-01-17 17:39 - 2014-01-17 17:35 - 91412976 _____ (AVAST Software) C:\Users\Regina\Downloads\avast_free_antivirus_setup.exe 2014-01-17 17:16 - 2014-01-17 17:16 - 00812628 _____ () C:\Windows\dd_NET_Framework35_LangPack_MSI489E.txt 2014-01-17 17:16 - 2014-01-17 17:15 - 00076342 _____ () C:\Windows\dd_dotnetfx35install_lp.txt 2014-01-17 17:16 - 2014-01-17 17:15 - 00036116 _____ () C:\Windows\dd_depcheck_NETFX_EXP_35.txt 2014-01-17 17:15 - 2014-01-17 17:15 - 00000002 _____ () C:\Windows\dd_dotnetfx35error_lp.txt 2014-01-17 15:54 - 2014-01-17 15:52 - 00000000 ____D () C:\Windows\system32\MRT 2014-01-17 15:29 - 2014-01-17 15:29 - 00003164 _____ () C:\Windows\System32\Tasks\CreateChoiceProcessTask 2014-01-17 15:29 - 2014-01-17 15:29 - 00001589 _____ () C:\Users\Public\Desktop\Browserwahl.lnk 2014-01-17 15:24 - 2014-01-17 15:24 - 00000000 ____D () C:\Windows\SysWOW64\WindowsPowerShell 2014-01-17 15:24 - 2014-01-17 15:24 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell 2014-01-17 14:56 - 2014-01-17 12:10 - 00000000 ____D () C:\Program Files (x86)\Intel 2014-01-17 12:13 - 2014-01-17 12:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-01-17 12:13 - 2014-01-17 12:13 - 00000000 ____D () C:\Windows\SysWOW64\Atheros_L1e 2014-01-17 12:10 - 2014-01-17 12:10 - 00000000 ____D () C:\Intel 2014-01-17 12:10 - 2014-01-17 12:09 - 00000000 ____D () C:\acer 5810t 2014-01-17 12:10 - 2006-11-02 16:07 - 00000000 ____D () C:\Windows\system32\restore 2014-01-17 12:09 - 2014-01-17 12:09 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_00_00.Wdf 2014-01-17 11:27 - 2014-01-17 11:09 - 00000732 _____ () C:\Users\Regina\AppData\Local\d3d9caps64.dat 2014-01-17 11:10 - 2014-01-17 11:10 - 00000974 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-01-17 11:10 - 2014-01-17 11:10 - 00000000 ___RD () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-01-17 11:09 - 2014-01-17 11:09 - 00000020 ___SH () C:\Users\Regina\ntuser.ini 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\Vorlagen 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\Startmenü 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\Netzwerkumgebung 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\Lokale Einstellungen 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\Eigene Dateien 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\Druckumgebung 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\Documents\Eigene Musik 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\Documents\Eigene Bilder 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\AppData\Local\Verlauf 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\AppData\Local\Anwendungsdaten 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Regina\Anwendungsdaten 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\Vorlagen 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\Startmenü 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\Druckumgebung 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Programme 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\ProgramData\Vorlagen 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\ProgramData\Startmenü 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\ProgramData\Favoriten 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\ProgramData\Dokumente 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 _SHDL () C:\Dokumente und Einstellungen 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 ____D () C:\Users\Regina\AppData\Local\VirtualStore 2014-01-17 11:09 - 2006-11-02 14:33 - 00000000 __RHD () C:\Users\Default 2014-01-17 11:09 - 2006-11-02 14:33 - 00000000 ____D () C:\Program Files\Windows NT 2014-01-17 11:05 - 2014-01-17 10:59 - 00000000 ____D () C:\Windows\Panther 2014-01-17 11:04 - 2014-01-17 11:04 - 00001355 _____ () C:\Windows\TSSysprep.log 2014-01-17 11:04 - 2006-11-02 16:22 - 00003257 _____ () C:\Windows\DtcInstall.log 2014-01-17 10:58 - 2014-01-17 10:58 - 00008192 ___RS () C:\BOOTSECT.BAK 2014-01-17 10:58 - 2006-11-02 16:17 - 00041984 ____H () C:\Windows\system32\config\BCD-Template.LOG 2014-01-17 10:58 - 2006-11-02 16:07 - 00262144 _____ () C:\Windows\system32\config\BCD-Template Some content of TEMP: ==================== C:\Users\Regina\AppData\Local\Temp\BackupSetup.exe C:\Users\Regina\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzwg_xn.dll C:\Users\Regina\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-11 21:58 ==================== End Of Log ============================ FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-02-2014 01 Ran by Regina at 2014-02-12 12:43:19 Running from C:\Users\Regina\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== Adblock Plus Packages (HKCU Version: - ) <==== ATTENTION Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated) Adobe Reader X (10.1.9) - Deutsch (x32 Version: 10.1.9 - Adobe Systems Incorporated) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.18 - Atheros Communications Inc.) avast! Free Antivirus (x32 Version: 9.0.2013 - Avast Software) Dropbox (HKCU Version: 2.6.2 - Dropbox, Inc.) IePluginService12.27.0.3326 (x32 Version: 12.27.0.3326 - Cherished Technololgy LIMITED) <==== ATTENTION LibreOffice 4.1.4.2 (x32 Version: 4.1.4.2 - The Document Foundation) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation) Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla) Mozilla Maintenance Service (x32 Version: 24.3.0 - Mozilla) Mozilla Thunderbird 24.3.0 (x86 de) (x32 Version: 24.3.0 - Mozilla) RightSurf (Version: 2014.01.25.024532 - RightSurf) <==== ATTENTION Skype™ 6.13 (x32 Version: 6.13.104 - Skype Technologies S.A.) SupTab (x32 Version: 1.1.1.0 - ) <==== ATTENTION Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1 - Microsoft Corporation) VLC media player 2.1.2 (x32 Version: 2.1.2 - VideoLAN) WPM17.8.0.3325 (x32 Version: 17.8.0.3325 - Cherished Technololgy LIMITED) <==== ATTENTION ==================== Restore Points ========================= 28-01-2014 11:55:45 Windows Update 31-01-2014 17:43:41 Windows Update 04-02-2014 16:50:05 Windows Update 06-02-2014 20:23:17 Geplanter Prüfpunkt 08-02-2014 10:38:12 Windows Update 10-02-2014 10:04:45 Geplanter Prüfpunkt 11-02-2014 11:04:25 Windows Update ==================== Hosts content: ========================== 2006-11-02 13:34 - 2006-09-18 22:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0973451A-EEB5-4F31-8485-FC44851D4338} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {80941BA5-64EA-4774-AB52-BD833D856D0B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-06] (Adobe Systems Incorporated) Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () Task: {F30A1974-276C-43BE-A31E-1E80BD5E79F0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-24] (AVAST Software) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2014-02-12 10:09 - 2014-02-12 08:49 - 02172928 _____ () C:\Program Files\AVAST Software\Avast\defs\14021200\algo.dll 2014-02-11 21:52 - 2014-02-11 21:52 - 00041984 _____ () c:\users\regina\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzwg_xn.dll 2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\libcef.dll 2014-01-17 17:42 - 2014-01-17 17:42 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-01-25 04:09 - 2014-02-11 11:17 - 00080160 _____ () C:\Program Files (x86)\RightSurf\updateRightSurf.exe 2014-01-26 14:14 - 2014-02-11 10:44 - 00080160 _____ () C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe 2014-01-23 20:16 - 2013-12-05 20:36 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/11/2014 11:17:26 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung firefox.exe, Version 26.0.0.5087, Zeitstempel 0x52a0d273, fehlerhaftes Modul xul.dll, Version 26.0.0.5087, Zeitstempel 0x52a0d20a, Ausnahmecode 0xc0000005, Fehleroffset 0x0014e1a8, Prozess-ID 0x73c, Anwendungsstartzeit firefox.exe0. Error: (02/11/2014 10:47:40 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung firefox.exe, Version 26.0.0.5087, Zeitstempel 0x52a0d273, fehlerhaftes Modul xul.dll, Version 26.0.0.5087, Zeitstempel 0x52a0d20a, Ausnahmecode 0xc0000005, Fehleroffset 0x0014e1a8, Prozess-ID 0xb0c, Anwendungsstartzeit firefox.exe0. Error: (02/11/2014 09:53:02 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2014 03:29:54 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2014 10:41:47 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/10/2014 03:27:16 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/10/2014 10:18:09 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/09/2014 03:22:39 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/08/2014 11:26:57 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung firefox.exe, Version 26.0.0.5087, Zeitstempel 0x52a0d273, fehlerhaftes Modul xul.dll, Version 26.0.0.5087, Zeitstempel 0x52a0d20a, Ausnahmecode 0xc0000005, Fehleroffset 0x0014e1a8, Prozess-ID 0xd5c, Anwendungsstartzeit firefox.exe0. Error: (02/08/2014 09:23:54 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung firefox.exe, Version 26.0.0.5087, Zeitstempel 0x52a0d273, fehlerhaftes Modul xul.dll, Version 26.0.0.5087, Zeitstempel 0x52a0d20a, Ausnahmecode 0xc0000005, Fehleroffset 0x0014e1a8, Prozess-ID 0xb14, Anwendungsstartzeit firefox.exe0. System errors: ============= Error: (02/11/2014 03:28:45 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 11.02.2014 um 15:01:06 unerwartet heruntergefahren. Error: (02/11/2014 03:00:16 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 11.02.2014 um 14:55:01 unerwartet heruntergefahren. Error: (02/06/2014 08:13:38 PM) (Source: Service Control Manager) (User: ) Description: Windows Search%%1053 Error: (02/06/2014 08:13:38 PM) (Source: Service Control Manager) (User: ) Description: 30000Windows Search Error: (02/06/2014 08:13:38 PM) (Source: DCOM) (User: ) Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (01/28/2014 00:56:21 PM) (Source: volsnap) (User: ) Description: Die Schattenkopien von Volume "C:" wurden aufgrund von einem fehlgeschlagenen Rechenvorgang bezüglich verfügbarem Speicher abgebrochen. Error: (01/27/2014 10:51:47 AM) (Source: Service Control Manager) (User: ) Description: Computer Backup (MyPC Backup)%%1053 Error: (01/27/2014 10:51:47 AM) (Source: Service Control Manager) (User: ) Description: 30000Computer Backup (MyPC Backup) Error: (01/24/2014 08:09:10 PM) (Source: Service Control Manager) (User: ) Description: Windows Search%%1053 Error: (01/24/2014 08:09:10 PM) (Source: Service Control Manager) (User: ) Description: 30000Windows Search Microsoft Office Sessions: ========================= Error: (02/11/2014 11:17:26 PM) (Source: Application Error)(User: ) Description: firefox.exe26.0.0.508752a0d273xul.dll26.0.0.508752a0d20ac00000050014e1a873c01cf2776a78b79d8 Error: (02/11/2014 10:47:40 PM) (Source: Application Error)(User: ) Description: firefox.exe26.0.0.508752a0d273xul.dll26.0.0.508752a0d20ac00000050014e1a8b0c01cf276d3e045d58 Error: (02/11/2014 09:53:02 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2014 03:29:54 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2014 10:41:47 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/10/2014 03:27:16 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/10/2014 10:18:09 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/09/2014 03:22:39 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/08/2014 11:26:57 PM) (Source: Application Error)(User: ) Description: firefox.exe26.0.0.508752a0d273xul.dll26.0.0.508752a0d20ac00000050014e1a8d5c01cf250dcb408ed0 Error: (02/08/2014 09:23:54 PM) (Source: Application Error)(User: ) Description: firefox.exe26.0.0.508752a0d273xul.dll26.0.0.508752a0d20ac00000050014e1a8b1401cf24ea1744a5fe CodeIntegrity Errors: =================================== Date: 2014-01-17 18:24:04.570 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-17 18:24:04.477 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-17 18:24:04.383 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-17 18:24:04.290 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-17 18:24:04.180 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 45% Total physical RAM: 4024.86 MB Available physical RAM: 2187.31 MB Total Pagefile: 8273.02 MB Available Pagefile: 6392.32 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:455.99 GB) (Free:216.17 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: DD1DBD6C) Partition 1: (Not Active) - (Size=10 GB) - (Type=27) Partition 2: (Active) - (Size=456 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
13.02.2014, 19:08 | #6 |
| Sweet Page nicht entfernbar GMER Teil I Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-02-12 14:42:56 Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD5000BEVT-22ZAT0 rev.01.01A01 465,76GB Running: Gmer-19357.exe; Driver: C:\Users\Regina\AppData\Local\Temp\awdiqpod.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff9600018fa00 3 bytes [80, 82, 02] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 4 fffff9600018fa04 3 bytes [C1, B0, FA] .text ... * 129 .text C:\Windows\System32\win32k.sys!EngGetProcessHandle + 300 fffff96000238c6c 6 bytes {JMP QWORD [RIP-0xf7dca]} ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077796f20 5 bytes JMP 0000000149a90460 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077796f70 5 bytes JMP 0000000149a90450 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtOpenProcess 00000000777970d0 5 bytes JMP 0000000149a90370 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077797120 5 bytes JMP 0000000149a90470 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077797130 5 bytes JMP 0000000149a903e0 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtOpenSection 00000000777971e0 5 bytes JMP 0000000149a90320 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077797210 5 bytes JMP 0000000149a903b0 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077797230 5 bytes JMP 0000000149a90390 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077797270 5 bytes JMP 0000000149a902e0 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtQueueApcThread 00000000777972c0 5 bytes JMP 0000000149a90440 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtCreateEvent 00000000777972f0 5 bytes JMP 0000000149a902d0 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077797310 5 bytes JMP 0000000149a90310 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077797350 5 bytes JMP 0000000149a903c0 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtTerminateThread 00000000777973a0 5 bytes JMP 0000000149a903f0 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077797510 5 bytes JMP 0000000149a90230 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777976c0 5 bytes JMP 0000000149a90480 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 00000000777976f0 5 bytes JMP 0000000149a903a0 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtCreateEventPair 00000000777977e0 5 bytes JMP 0000000149a902f0 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 00000000777977f0 5 bytes JMP 0000000149a90350 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077797850 5 bytes JMP 0000000149a90290 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 00000000777978d0 5 bytes JMP 0000000149a902b0 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 00000000777978f0 5 bytes JMP 0000000149a903d0 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077797900 5 bytes JMP 0000000149a90330 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077797970 5 bytes JMP 0000000149a90410 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 00000000777979a0 5 bytes JMP 0000000149a90240 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077797c30 5 bytes JMP 0000000149a901e0 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077797cf0 5 bytes JMP 0000000149a90250 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077797d20 5 bytes JMP 0000000149a90490 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077797d30 5 bytes JMP 0000000149a904a0 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077797d50 5 bytes JMP 0000000149a90300 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077797d60 5 bytes JMP 0000000149a90360 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077797da0 5 bytes JMP 0000000149a902a0 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077797df0 5 bytes JMP 0000000149a902c0 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077797e20 5 bytes JMP 0000000149a90380 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077797e30 5 bytes JMP 0000000149a90340 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077798310 5 bytes JMP 0000000149a90260 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077798320 5 bytes JMP 0000000149a90270 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077798330 5 bytes JMP 0000000149a90400 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 00000000777984e0 5 bytes JMP 0000000149a901f0 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 00000000777984f0 5 bytes JMP 0000000149a90210 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077798550 5 bytes JMP 0000000149a90200 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtSuspendProcess 00000000777985b0 5 bytes JMP 0000000149a90420 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtSuspendThread 00000000777985c0 5 bytes JMP 0000000149a90430 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 00000000777985d0 5 bytes JMP 0000000149a90220 .text C:\Windows\system32\csrss.exe[488] C:\Windows\system32\ntdll.dll!NtVdmControl 00000000777986a0 5 bytes JMP 0000000149a90280 .text C:\Windows\system32\wininit.exe[532] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077542c52 1 byte [62] .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077796f20 5 bytes JMP 0000000149a90460 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077796f70 5 bytes JMP 0000000149a90450 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtOpenProcess 00000000777970d0 5 bytes JMP 0000000149a90370 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077797120 5 bytes JMP 0000000149a90470 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077797130 5 bytes JMP 0000000149a903e0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtOpenSection 00000000777971e0 5 bytes JMP 0000000149a90320 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077797210 5 bytes JMP 0000000149a903b0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077797230 5 bytes JMP 0000000149a90390 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077797270 5 bytes JMP 0000000149a902e0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtQueueApcThread 00000000777972c0 5 bytes JMP 0000000149a90440 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtCreateEvent 00000000777972f0 5 bytes JMP 0000000149a902d0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077797310 5 bytes JMP 0000000149a90310 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077797350 5 bytes JMP 0000000149a903c0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtTerminateThread 00000000777973a0 5 bytes JMP 0000000149a903f0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077797510 5 bytes JMP 0000000149a90230 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777976c0 5 bytes JMP 0000000149a90480 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 00000000777976f0 5 bytes JMP 0000000149a903a0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtCreateEventPair 00000000777977e0 5 bytes JMP 0000000149a902f0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 00000000777977f0 5 bytes JMP 0000000149a90350 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077797850 5 bytes JMP 0000000149a90290 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 00000000777978d0 5 bytes JMP 0000000149a902b0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 00000000777978f0 5 bytes JMP 0000000149a903d0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077797900 5 bytes JMP 0000000149a90330 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077797970 5 bytes JMP 0000000149a90410 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 00000000777979a0 5 bytes JMP 0000000149a90240 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077797c30 5 bytes JMP 0000000149a901e0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077797cf0 5 bytes JMP 0000000149a90250 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077797d20 5 bytes JMP 0000000149a90490 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077797d30 5 bytes JMP 0000000149a904a0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077797d50 5 bytes JMP 0000000149a90300 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077797d60 5 bytes JMP 0000000149a90360 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077797da0 5 bytes JMP 0000000149a902a0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077797df0 5 bytes JMP 0000000149a902c0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077797e20 5 bytes JMP 0000000149a90380 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077797e30 5 bytes JMP 0000000149a90340 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077798310 5 bytes JMP 0000000149a90260 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077798320 5 bytes JMP 0000000149a90270 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077798330 5 bytes JMP 0000000149a90400 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 00000000777984e0 5 bytes JMP 0000000149a901f0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 00000000777984f0 5 bytes JMP 0000000149a90210 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077798550 5 bytes JMP 0000000149a90200 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtSuspendProcess 00000000777985b0 5 bytes JMP 0000000149a90420 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtSuspendThread 00000000777985c0 5 bytes JMP 0000000149a90430 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 00000000777985d0 5 bytes JMP 0000000149a90220 .text C:\Windows\system32\csrss.exe[540] C:\Windows\system32\ntdll.dll!NtVdmControl 00000000777986a0 5 bytes JMP 0000000149a90280 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077796f20 5 bytes JMP 00000000778e0460 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077796f70 5 bytes JMP 00000000778e0450 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtOpenProcess 00000000777970d0 5 bytes JMP 00000000778e0370 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077797120 5 bytes JMP 00000000778e0470 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077797130 5 bytes JMP 00000000778e03e0 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtOpenSection 00000000777971e0 5 bytes JMP 00000000778e0320 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077797210 5 bytes JMP 00000000778e03b0 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077797230 5 bytes JMP 00000000778e0390 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077797270 5 bytes JMP 00000000778e02e0 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtQueueApcThread 00000000777972c0 5 bytes JMP 00000000778e0440 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtCreateEvent 00000000777972f0 5 bytes JMP 00000000778e02d0 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077797310 5 bytes JMP 00000000778e0310 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077797350 5 bytes JMP 00000000778e03c0 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtTerminateThread 00000000777973a0 5 bytes JMP 00000000778e03f0 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077797510 5 bytes JMP 00000000778e0230 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777976c0 5 bytes JMP 00000000778e0480 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 00000000777976f0 5 bytes JMP 00000000778e03a0 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtCreateEventPair 00000000777977e0 5 bytes JMP 00000000778e02f0 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 00000000777977f0 5 bytes JMP 00000000778e0350 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077797850 5 bytes JMP 00000000778e0290 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 00000000777978d0 5 bytes JMP 00000000778e02b0 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 00000000777978f0 5 bytes JMP 00000000778e03d0 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077797900 5 bytes JMP 00000000778e0330 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077797970 5 bytes JMP 00000000778e0410 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 00000000777979a0 5 bytes JMP 00000000778e0240 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077797c30 5 bytes JMP 00000000778e01e0 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077797cf0 5 bytes JMP 00000000778e0250 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077797d20 5 bytes JMP 00000000778e0490 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077797d30 5 bytes JMP 00000000778e04a0 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077797d50 5 bytes JMP 00000000778e0300 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077797d60 5 bytes JMP 00000000778e0360 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077797da0 5 bytes JMP 00000000778e02a0 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077797df0 5 bytes JMP 00000000778e02c0 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077797e20 5 bytes JMP 00000000778e0380 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077797e30 5 bytes JMP 00000000778e0340 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077798310 5 bytes JMP 00000000778e0260 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077798320 5 bytes JMP 00000000778e0270 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077798330 5 bytes JMP 00000000778e0400 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 00000000777984e0 5 bytes JMP 00000000778e01f0 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 00000000777984f0 5 bytes JMP 00000000778e0210 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077798550 5 bytes JMP 00000000778e0200 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtSuspendProcess 00000000777985b0 5 bytes JMP 00000000778e0420 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtSuspendThread 00000000777985c0 5 bytes JMP 00000000778e0430 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 00000000777985d0 5 bytes JMP 00000000778e0220 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\ntdll.dll!NtVdmControl 00000000777986a0 5 bytes JMP 00000000778e0280 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077542c52 1 byte [62] .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077796f20 5 bytes JMP 00000000778e0460 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077796f70 5 bytes JMP 00000000778e0450 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtOpenProcess 00000000777970d0 5 bytes JMP 00000000778e0370 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077797120 5 bytes JMP 00000000778e0470 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077797130 5 bytes JMP 00000000778e03e0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtOpenSection 00000000777971e0 5 bytes JMP 00000000778e0320 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077797210 5 bytes JMP 00000000778e03b0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077797230 5 bytes JMP 00000000778e0390 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077797270 5 bytes JMP 00000000778e02e0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtQueueApcThread 00000000777972c0 5 bytes JMP 00000000778e0440 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtCreateEvent 00000000777972f0 5 bytes JMP 00000000778e02d0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077797310 5 bytes JMP 00000000778e0310 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077797350 5 bytes JMP 00000000778e03c0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtTerminateThread 00000000777973a0 5 bytes JMP 00000000778e03f0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077797510 5 bytes JMP 00000000778e0230 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777976c0 5 bytes JMP 00000000778e0480 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 00000000777976f0 5 bytes JMP 00000000778e03a0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtCreateEventPair 00000000777977e0 5 bytes JMP 00000000778e02f0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 00000000777977f0 5 bytes JMP 00000000778e0350 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077797850 5 bytes JMP 00000000778e0290 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 00000000777978d0 5 bytes JMP 00000000778e02b0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 00000000777978f0 5 bytes JMP 00000000778e03d0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077797900 5 bytes JMP 00000000778e0330 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077797970 5 bytes JMP 00000000778e0410 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 00000000777979a0 5 bytes JMP 00000000778e0240 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077797c30 5 bytes JMP 00000000778e01e0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077797cf0 5 bytes JMP 00000000778e0250 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077797d20 5 bytes JMP 00000000778e0490 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077797d30 5 bytes JMP 00000000778e04a0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077797d50 5 bytes JMP 00000000778e0300 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077797d60 5 bytes JMP 00000000778e0360 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077797da0 5 bytes JMP 00000000778e02a0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077797df0 5 bytes JMP 00000000778e02c0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077797e20 5 bytes JMP 00000000778e0380 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077797e30 5 bytes JMP 00000000778e0340 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077798310 5 bytes JMP 00000000778e0260 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077798320 5 bytes JMP 00000000778e0270 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077798330 5 bytes JMP 00000000778e0400 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 00000000777984e0 5 bytes JMP 00000000778e01f0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 00000000777984f0 5 bytes JMP 00000000778e0210 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077798550 5 bytes JMP 00000000778e0200 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtSuspendProcess 00000000777985b0 5 bytes JMP 00000000778e0420 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtSuspendThread 00000000777985c0 5 bytes JMP 00000000778e0430 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 00000000777985d0 5 bytes JMP 00000000778e0220 .text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\ntdll.dll!NtVdmControl 00000000777986a0 5 bytes JMP 00000000778e0280 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077796f20 5 bytes JMP 00000000778e0460 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077796f70 5 bytes JMP 00000000778e0450 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtOpenProcess 00000000777970d0 5 bytes JMP 00000000778e0370 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077797120 5 bytes JMP 00000000778e0470 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077797130 5 bytes JMP 00000000778e03e0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtOpenSection 00000000777971e0 5 bytes JMP 00000000778e0320 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077797210 5 bytes JMP 00000000778e03b0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077797230 5 bytes JMP 00000000778e0390 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077797270 5 bytes JMP 00000000778e02e0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtQueueApcThread 00000000777972c0 5 bytes JMP 00000000778e0440 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtCreateEvent 00000000777972f0 5 bytes JMP 00000000778e02d0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077797310 5 bytes JMP 00000000778e0310 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077797350 5 bytes JMP 00000000778e03c0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtTerminateThread 00000000777973a0 5 bytes JMP 00000000778e03f0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077797510 5 bytes JMP 00000000778e0230 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777976c0 5 bytes JMP 00000000778e0480 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 00000000777976f0 5 bytes JMP 00000000778e03a0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtCreateEventPair 00000000777977e0 5 bytes JMP 00000000778e02f0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 00000000777977f0 5 bytes JMP 00000000778e0350 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077797850 5 bytes JMP 00000000778e0290 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 00000000777978d0 5 bytes JMP 00000000778e02b0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 00000000777978f0 5 bytes JMP 00000000778e03d0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077797900 5 bytes JMP 00000000778e0330 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077797970 5 bytes JMP 00000000778e0410 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 00000000777979a0 5 bytes JMP 00000000778e0240 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077797c30 5 bytes JMP 00000000778e01e0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077797cf0 5 bytes JMP 00000000778e0250 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077797d20 5 bytes JMP 00000000778e0490 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077797d30 5 bytes JMP 00000000778e04a0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077797d50 5 bytes JMP 00000000778e0300 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077797d60 5 bytes JMP 00000000778e0360 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077797da0 5 bytes JMP 00000000778e02a0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077797df0 5 bytes JMP 00000000778e02c0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077797e20 5 bytes JMP 00000000778e0380 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077797e30 5 bytes JMP 00000000778e0340 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077798310 5 bytes JMP 00000000778e0260 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077798320 5 bytes JMP 00000000778e0270 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077798330 5 bytes JMP 00000000778e0400 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 00000000777984e0 5 bytes JMP 00000000778e01f0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 00000000777984f0 5 bytes JMP 00000000778e0210 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077798550 5 bytes JMP 00000000778e0200 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtSuspendProcess 00000000777985b0 5 bytes JMP 00000000778e0420 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtSuspendThread 00000000777985c0 5 bytes JMP 00000000778e0430 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 00000000777985d0 5 bytes JMP 00000000778e0220 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\ntdll.dll!NtVdmControl 00000000777986a0 5 bytes JMP 00000000778e0280 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077796f20 5 bytes JMP 00000000778e0460 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077796f70 5 bytes JMP 00000000778e0450 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtOpenProcess 00000000777970d0 5 bytes JMP 00000000778e0370 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077797120 5 bytes JMP 00000000778e0470 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077797130 5 bytes JMP 00000000778e03e0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtOpenSection 00000000777971e0 5 bytes JMP 00000000778e0320 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077797210 5 bytes JMP 00000000778e03b0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077797230 5 bytes JMP 00000000778e0390 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077797270 5 bytes JMP 00000000778e02e0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtQueueApcThread 00000000777972c0 5 bytes JMP 00000000778e0440 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtCreateEvent 00000000777972f0 5 bytes JMP 00000000778e02d0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077797310 5 bytes JMP 00000000778e0310 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077797350 5 bytes JMP 00000000778e03c0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtTerminateThread 00000000777973a0 5 bytes JMP 00000000778e03f0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077797510 5 bytes JMP 00000000778e0230 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777976c0 5 bytes JMP 00000000778e0480 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 00000000777976f0 5 bytes JMP 00000000778e03a0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtCreateEventPair 00000000777977e0 5 bytes JMP 00000000778e02f0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 00000000777977f0 5 bytes JMP 00000000778e0350 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077797850 5 bytes JMP 00000000778e0290 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 00000000777978d0 5 bytes JMP 00000000778e02b0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 00000000777978f0 5 bytes JMP 00000000778e03d0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077797900 5 bytes JMP 00000000778e0330 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077797970 5 bytes JMP 00000000778e0410 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 00000000777979a0 5 bytes JMP 00000000778e0240 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077797c30 5 bytes JMP 00000000778e01e0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077797cf0 5 bytes JMP 00000000778e0250 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077797d20 5 bytes JMP 00000000778e0490 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077797d30 5 bytes JMP 00000000778e04a0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077797d50 5 bytes JMP 00000000778e0300 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077797d60 5 bytes JMP 00000000778e0360 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077797da0 5 bytes JMP 00000000778e02a0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077797df0 5 bytes JMP 00000000778e02c0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077797e20 5 bytes JMP 00000000778e0380 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077797e30 5 bytes JMP 00000000778e0340 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077798310 5 bytes JMP 00000000778e0260 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077798320 5 bytes JMP 00000000778e0270 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077798330 5 bytes JMP 00000000778e0400 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 00000000777984e0 5 bytes JMP 00000000778e01f0 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 00000000777984f0 5 bytes JMP 00000000778e0210 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077798550 5 bytes JMP 00000000778e0200 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtSuspendProcess 00000000777985b0 5 bytes JMP 00000000778e0420 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtSuspendThread 00000000777985c0 5 bytes JMP 00000000778e0430 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 00000000777985d0 5 bytes JMP 00000000778e0220 .text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\ntdll.dll!NtVdmControl 00000000777986a0 5 bytes JMP 00000000778e0280 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077796f20 5 bytes JMP 0000000100060460 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077796f70 5 bytes JMP 0000000100060450 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtOpenProcess 00000000777970d0 5 bytes JMP 0000000100060370 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077797120 5 bytes JMP 0000000100060470 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077797130 5 bytes JMP 00000001000603e0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtOpenSection 00000000777971e0 5 bytes JMP 0000000100060320 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077797210 5 bytes JMP 00000001000603b0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077797230 5 bytes JMP 0000000100060390 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077797270 5 bytes JMP 00000001000602e0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtQueueApcThread 00000000777972c0 5 bytes JMP 0000000100060440 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtCreateEvent 00000000777972f0 5 bytes JMP 00000001000602d0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077797310 5 bytes JMP 0000000100060310 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077797350 5 bytes JMP 00000001000603c0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtTerminateThread 00000000777973a0 5 bytes JMP 00000001000603f0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077797510 5 bytes JMP 0000000100060230 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777976c0 5 bytes JMP 0000000100060480 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 00000000777976f0 5 bytes JMP 00000001000603a0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtCreateEventPair 00000000777977e0 5 bytes JMP 00000001000602f0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 00000000777977f0 5 bytes JMP 0000000100060350 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077797850 5 bytes JMP 0000000100060290 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 00000000777978d0 5 bytes JMP 00000001000602b0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 00000000777978f0 5 bytes JMP 00000001000603d0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077797900 5 bytes JMP 0000000100060330 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077797970 5 bytes JMP 0000000100060410 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 00000000777979a0 5 bytes JMP 0000000100060240 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077797c30 5 bytes JMP 00000001000601e0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077797cf0 5 bytes JMP 0000000100060250 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077797d20 5 bytes JMP 0000000100060490 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077797d30 5 bytes JMP 00000001000604a0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077797d50 5 bytes JMP 0000000100060300 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077797d60 5 bytes JMP 0000000100060360 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077797da0 5 bytes JMP 00000001000602a0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077797df0 5 bytes JMP 00000001000602c0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077797e20 5 bytes JMP 0000000100060380 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077797e30 5 bytes JMP 0000000100060340 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077798310 5 bytes JMP 0000000100060260 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077798320 5 bytes JMP 0000000100060270 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077798330 5 bytes JMP 0000000100060400 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 00000000777984e0 5 bytes JMP 00000001000601f0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 00000000777984f0 5 bytes JMP 0000000100060210 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077798550 5 bytes JMP 0000000100060200 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtSuspendProcess 00000000777985b0 5 bytes JMP 0000000100060420 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtSuspendThread 00000000777985c0 5 bytes JMP 0000000100060430 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 00000000777985d0 5 bytes JMP 0000000100060220 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\ntdll.dll!NtVdmControl 00000000777986a0 5 bytes JMP 0000000100060280 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077542c52 1 byte [62] .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077796f20 5 bytes JMP 0000000100060460 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077796f70 5 bytes JMP 0000000100060450 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtOpenProcess 00000000777970d0 5 bytes JMP 0000000100060370 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077797120 5 bytes JMP 0000000100060470 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077797130 5 bytes JMP 00000001000603e0 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtOpenSection 00000000777971e0 5 bytes JMP 0000000100060320 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077797210 5 bytes JMP 00000001000603b0 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077797230 5 bytes JMP 0000000100060390 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077797270 5 bytes JMP 00000001000602e0 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtQueueApcThread 00000000777972c0 5 bytes JMP 0000000100060440 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtCreateEvent 00000000777972f0 5 bytes JMP 00000001000602d0 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077797310 5 bytes JMP 0000000100060310 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077797350 5 bytes JMP 00000001000603c0 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtTerminateThread 00000000777973a0 5 bytes JMP 00000001000603f0 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077797510 5 bytes JMP 0000000100060230 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777976c0 5 bytes JMP 0000000100060480 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 00000000777976f0 5 bytes JMP 00000001000603a0 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtCreateEventPair 00000000777977e0 5 bytes JMP 00000001000602f0 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 00000000777977f0 5 bytes JMP 0000000100060350 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077797850 5 bytes JMP 0000000100060290 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 00000000777978d0 5 bytes JMP 00000001000602b0 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 00000000777978f0 5 bytes JMP 00000001000603d0 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077797900 5 bytes JMP 0000000100060330 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077797970 5 bytes JMP 0000000100060410 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 00000000777979a0 5 bytes JMP 0000000100060240 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077797c30 5 bytes JMP 00000001000601e0 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077797cf0 5 bytes JMP 0000000100060250 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077797d20 5 bytes JMP 0000000100060490 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077797d30 5 bytes JMP 00000001000604a0 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077797d50 5 bytes JMP 0000000100060300 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077797d60 5 bytes JMP 0000000100060360 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077797da0 5 bytes JMP 00000001000602a0 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077797df0 5 bytes JMP 00000001000602c0 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077797e20 5 bytes JMP 0000000100060380 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077797e30 5 bytes JMP 0000000100060340 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077798310 5 bytes JMP 0000000100060260 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077798320 5 bytes JMP 0000000100060270 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077798330 5 bytes JMP 0000000100060400 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 00000000777984e0 5 bytes JMP 00000001000601f0 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 00000000777984f0 5 bytes JMP 0000000100060210 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077798550 5 bytes JMP 0000000100060200 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtSuspendProcess 00000000777985b0 5 bytes JMP 0000000100060420 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtSuspendThread 00000000777985c0 5 bytes JMP 0000000100060430 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 00000000777985d0 5 bytes JMP 0000000100060220 .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\ntdll.dll!NtVdmControl |
13.02.2014, 19:14 | #7 |
| Sweet Page nicht entfernbar GMER Teil II Code:
ATTFilter .text C:\Windows\System32\svchost.exe[240] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077542c52 1 byte [62] .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077796f20 5 bytes JMP 00000000778e0460 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077796f70 5 bytes JMP 00000000778e0450 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtOpenProcess 00000000777970d0 5 bytes JMP 00000000778e0370 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077797120 5 bytes JMP 00000000778e0470 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077797130 5 bytes JMP 00000000778e03e0 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtOpenSection 00000000777971e0 5 bytes JMP 00000000778e0320 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077797210 5 bytes JMP 00000000778e03b0 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077797230 5 bytes JMP 00000000778e0390 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077797270 5 bytes JMP 00000000778e02e0 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtQueueApcThread 00000000777972c0 5 bytes JMP 00000000778e0440 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtCreateEvent 00000000777972f0 5 bytes JMP 00000000778e02d0 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077797310 5 bytes JMP 00000000778e0310 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077797350 5 bytes JMP 00000000778e03c0 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtTerminateThread 00000000777973a0 5 bytes JMP 00000000778e03f0 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077797510 5 bytes JMP 00000000778e0230 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777976c0 5 bytes JMP 00000000778e0480 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 00000000777976f0 5 bytes JMP 00000000778e03a0 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtCreateEventPair 00000000777977e0 5 bytes JMP 00000000778e02f0 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 00000000777977f0 5 bytes JMP 00000000778e0350 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077797850 5 bytes JMP 00000000778e0290 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 00000000777978d0 5 bytes JMP 00000000778e02b0 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 00000000777978f0 5 bytes JMP 00000000778e03d0 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077797900 5 bytes JMP 00000000778e0330 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077797970 5 bytes JMP 00000000778e0410 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 00000000777979a0 5 bytes JMP 00000000778e0240 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077797c30 5 bytes JMP 00000000778e01e0 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077797cf0 5 bytes JMP 00000000778e0250 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077797d20 5 bytes JMP 00000000778e0490 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077797d30 5 bytes JMP 00000000778e04a0 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077797d50 5 bytes JMP 00000000778e0300 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077797d60 5 bytes JMP 00000000778e0360 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077797da0 5 bytes JMP 00000000778e02a0 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077797df0 5 bytes JMP 00000000778e02c0 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077797e20 5 bytes JMP 00000000778e0380 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077797e30 5 bytes JMP 00000000778e0340 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077798310 5 bytes JMP 00000000778e0260 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077798320 5 bytes JMP 00000000778e0270 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077798330 5 bytes JMP 00000000778e0400 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 00000000777984e0 5 bytes JMP 00000000778e01f0 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 00000000777984f0 5 bytes JMP 00000000778e0210 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077798550 5 bytes JMP 00000000778e0200 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtSuspendProcess 00000000777985b0 5 bytes JMP 00000000778e0420 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtSuspendThread 00000000777985c0 5 bytes JMP 00000000778e0430 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 00000000777985d0 5 bytes JMP 00000000778e0220 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\ntdll.dll!NtVdmControl 00000000777986a0 5 bytes JMP 00000000778e0280 .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077542c52 1 byte [62] .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077796f20 5 bytes JMP 00000000778e0460 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077796f70 5 bytes JMP 00000000778e0450 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtOpenProcess 00000000777970d0 5 bytes JMP 00000000778e0370 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077797120 5 bytes JMP 00000000778e0470 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077797130 5 bytes JMP 00000000778e03e0 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtOpenSection 00000000777971e0 5 bytes JMP 00000000778e0320 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077797210 5 bytes JMP 00000000778e03b0 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077797230 5 bytes JMP 00000000778e0390 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077797270 5 bytes JMP 00000000778e02e0 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtQueueApcThread 00000000777972c0 5 bytes JMP 00000000778e0440 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtCreateEvent 00000000777972f0 5 bytes JMP 00000000778e02d0 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077797310 5 bytes JMP 00000000778e0310 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077797350 5 bytes JMP 00000000778e03c0 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtTerminateThread 00000000777973a0 5 bytes JMP 00000000778e03f0 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077797510 5 bytes JMP 00000000778e0230 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777976c0 5 bytes JMP 00000000778e0480 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 00000000777976f0 5 bytes JMP 00000000778e03a0 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtCreateEventPair 00000000777977e0 5 bytes JMP 00000000778e02f0 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 00000000777977f0 5 bytes JMP 00000000778e0350 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077797850 5 bytes JMP 00000000778e0290 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 00000000777978d0 5 bytes JMP 00000000778e02b0 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 00000000777978f0 5 bytes JMP 00000000778e03d0 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077797900 5 bytes JMP 00000000778e0330 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077797970 5 bytes JMP 00000000778e0410 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 00000000777979a0 5 bytes JMP 00000000778e0240 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077797c30 5 bytes JMP 00000000778e01e0 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077797cf0 5 bytes JMP 00000000778e0250 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077797d20 5 bytes JMP 00000000778e0490 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077797d30 5 bytes JMP 00000000778e04a0 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077797d50 5 bytes JMP 00000000778e0300 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077797d60 5 bytes JMP 00000000778e0360 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077797da0 5 bytes JMP 00000000778e02a0 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077797df0 5 bytes JMP 00000000778e02c0 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077797e20 5 bytes JMP 00000000778e0380 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077797e30 5 bytes JMP 00000000778e0340 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077798310 5 bytes JMP 00000000778e0260 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077798320 5 bytes JMP 00000000778e0270 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077798330 5 bytes JMP 00000000778e0400 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 00000000777984e0 5 bytes JMP 00000000778e01f0 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 00000000777984f0 5 bytes JMP 00000000778e0210 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077798550 5 bytes JMP 00000000778e0200 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtSuspendProcess 00000000777985b0 5 bytes JMP 00000000778e0420 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtSuspendThread 00000000777985c0 5 bytes JMP 00000000778e0430 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 00000000777985d0 5 bytes JMP 00000000778e0220 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\ntdll.dll!NtVdmControl 00000000777986a0 5 bytes JMP 00000000778e0280 .text C:\Windows\system32\svchost.exe[308] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077542c52 1 byte [62] .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077796f20 5 bytes JMP 00000000778e0460 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077796f70 5 bytes JMP 00000000778e0450 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtOpenProcess 00000000777970d0 5 bytes JMP 00000000778e0370 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077797120 5 bytes JMP 00000000778e0470 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077797130 5 bytes JMP 00000000778e03e0 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtOpenSection 00000000777971e0 5 bytes JMP 00000000778e0320 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077797210 5 bytes JMP 00000000778e03b0 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077797230 5 bytes JMP 00000000778e0390 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077797270 5 bytes JMP 00000000778e02e0 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtQueueApcThread 00000000777972c0 5 bytes JMP 00000000778e0440 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtCreateEvent 00000000777972f0 5 bytes JMP 00000000778e02d0 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077797310 5 bytes JMP 00000000778e0310 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077797350 5 bytes JMP 00000000778e03c0 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtTerminateThread 00000000777973a0 5 bytes JMP 00000000778e03f0 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077797510 5 bytes JMP 00000000778e0230 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777976c0 5 bytes JMP 00000000778e0480 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 00000000777976f0 5 bytes JMP 00000000778e03a0 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtCreateEventPair 00000000777977e0 5 bytes JMP 00000000778e02f0 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 00000000777977f0 5 bytes JMP 00000000778e0350 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077797850 5 bytes JMP 00000000778e0290 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 00000000777978d0 5 bytes JMP 00000000778e02b0 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 00000000777978f0 5 bytes JMP 00000000778e03d0 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077797900 5 bytes JMP 00000000778e0330 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077797970 5 bytes JMP 00000000778e0410 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 00000000777979a0 5 bytes JMP 00000000778e0240 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077797c30 5 bytes JMP 00000000778e01e0 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077797cf0 5 bytes JMP 00000000778e0250 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077797d20 5 bytes JMP 00000000778e0490 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077797d30 5 bytes JMP 00000000778e04a0 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077797d50 5 bytes JMP 00000000778e0300 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077797d60 5 bytes JMP 00000000778e0360 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077797da0 5 bytes JMP 00000000778e02a0 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077797df0 5 bytes JMP 00000000778e02c0 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077797e20 5 bytes JMP 00000000778e0380 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077797e30 5 bytes JMP 00000000778e0340 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077798310 5 bytes JMP 00000000778e0260 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077798320 5 bytes JMP 00000000778e0270 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077798330 5 bytes JMP 00000000778e0400 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 00000000777984e0 5 bytes JMP 00000000778e01f0 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 00000000777984f0 5 bytes JMP 00000000778e0210 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077798550 5 bytes JMP 00000000778e0200 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtSuspendProcess 00000000777985b0 5 bytes JMP 00000000778e0420 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtSuspendThread 00000000777985c0 5 bytes JMP 00000000778e0430 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 00000000777985d0 5 bytes JMP 00000000778e0220 .text C:\Windows\system32\AUDIODG.EXE[492] C:\Windows\system32\ntdll.dll!NtVdmControl 00000000777986a0 5 bytes JMP 00000000778e0280 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077796f20 5 bytes JMP 00000000778e0460 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077796f70 5 bytes JMP 00000000778e0450 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtOpenProcess 00000000777970d0 5 bytes JMP 00000000778e0370 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077797120 5 bytes JMP 00000000778e0470 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077797130 5 bytes JMP 00000000778e03e0 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtOpenSection 00000000777971e0 5 bytes JMP 00000000778e0320 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077797210 5 bytes JMP 00000000778e03b0 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077797230 5 bytes JMP 00000000778e0390 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077797270 5 bytes JMP 00000000778e02e0 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtQueueApcThread 00000000777972c0 5 bytes JMP 00000000778e0440 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtCreateEvent 00000000777972f0 5 bytes JMP 00000000778e02d0 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077797310 5 bytes JMP 00000000778e0310 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077797350 5 bytes JMP 00000000778e03c0 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtTerminateThread 00000000777973a0 5 bytes JMP 00000000778e03f0 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077797510 5 bytes JMP 00000000778e0230 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777976c0 5 bytes JMP 00000000778e0480 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 00000000777976f0 5 bytes JMP 00000000778e03a0 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtCreateEventPair 00000000777977e0 5 bytes JMP 00000000778e02f0 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 00000000777977f0 5 bytes JMP 00000000778e0350 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077797850 5 bytes JMP 00000000778e0290 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 00000000777978d0 5 bytes JMP 00000000778e02b0 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 00000000777978f0 5 bytes JMP 00000000778e03d0 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077797900 5 bytes JMP 00000000778e0330 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077797970 5 bytes JMP 00000000778e0410 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 00000000777979a0 5 bytes JMP 00000000778e0240 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077797c30 5 bytes JMP 00000000778e01e0 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077797cf0 5 bytes JMP 00000000778e0250 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077797d20 5 bytes JMP 00000000778e0490 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077797d30 5 bytes JMP 00000000778e04a0 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077797d50 5 bytes JMP 00000000778e0300 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077797d60 5 bytes JMP 00000000778e0360 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077797da0 5 bytes JMP 00000000778e02a0 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077797df0 5 bytes JMP 00000000778e02c0 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077797e20 5 bytes JMP 00000000778e0380 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077797e30 5 bytes JMP 00000000778e0340 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077798310 5 bytes JMP 00000000778e0260 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077798320 5 bytes JMP 00000000778e0270 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077798330 5 bytes JMP 00000000778e0400 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 00000000777984e0 5 bytes JMP 00000000778e01f0 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 00000000777984f0 5 bytes JMP 00000000778e0210 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077798550 5 bytes JMP 00000000778e0200 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtSuspendProcess 00000000777985b0 5 bytes JMP 00000000778e0420 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtSuspendThread 00000000777985c0 5 bytes JMP 00000000778e0430 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 00000000777985d0 5 bytes JMP 00000000778e0220 .text C:\Windows\system32\SLsvc.exe[760] C:\Windows\system32\ntdll.dll!NtVdmControl 00000000777986a0 5 bytes JMP 00000000778e0280 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077796f20 5 bytes JMP 00000000778e0460 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077796f70 5 bytes JMP 00000000778e0450 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtOpenProcess 00000000777970d0 5 bytes JMP 00000000778e0370 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077797120 5 bytes JMP 00000000778e0470 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077797130 5 bytes JMP 00000000778e03e0 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtOpenSection 00000000777971e0 5 bytes JMP 00000000778e0320 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077797210 5 bytes JMP 00000000778e03b0 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077797230 5 bytes JMP 00000000778e0390 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077797270 5 bytes JMP 00000000778e02e0 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtQueueApcThread 00000000777972c0 5 bytes JMP 00000000778e0440 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtCreateEvent 00000000777972f0 5 bytes JMP 00000000778e02d0 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077797310 5 bytes JMP 00000000778e0310 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077797350 5 bytes JMP 00000000778e03c0 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtTerminateThread 00000000777973a0 5 bytes JMP 00000000778e03f0 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077797510 5 bytes JMP 00000000778e0230 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777976c0 5 bytes JMP 00000000778e0480 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 00000000777976f0 5 bytes JMP 00000000778e03a0 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtCreateEventPair 00000000777977e0 5 bytes JMP 00000000778e02f0 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 00000000777977f0 5 bytes JMP 00000000778e0350 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077797850 5 bytes JMP 00000000778e0290 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 00000000777978d0 5 bytes JMP 00000000778e02b0 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 00000000777978f0 5 bytes JMP 00000000778e03d0 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077797900 5 bytes JMP 00000000778e0330 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077797970 5 bytes JMP 00000000778e0410 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 00000000777979a0 5 bytes JMP 00000000778e0240 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077797c30 5 bytes JMP 00000000778e01e0 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077797cf0 5 bytes JMP 00000000778e0250 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077797d20 5 bytes JMP 00000000778e0490 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077797d30 5 bytes JMP 00000000778e04a0 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077797d50 5 bytes JMP 00000000778e0300 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077797d60 5 bytes JMP 00000000778e0360 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077797da0 5 bytes JMP 00000000778e02a0 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077797df0 5 bytes JMP 00000000778e02c0 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077797e20 5 bytes JMP 00000000778e0380 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077797e30 5 bytes JMP 00000000778e0340 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077798310 5 bytes JMP 00000000778e0260 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077798320 5 bytes JMP 00000000778e0270 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077798330 5 bytes JMP 00000000778e0400 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 00000000777984e0 5 bytes JMP 00000000778e01f0 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 00000000777984f0 5 bytes JMP 00000000778e0210 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077798550 5 bytes JMP 00000000778e0200 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtSuspendProcess 00000000777985b0 5 bytes JMP 00000000778e0420 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtSuspendThread 00000000777985c0 5 bytes JMP 00000000778e0430 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 00000000777985d0 5 bytes JMP 00000000778e0220 .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\ntdll.dll!NtVdmControl 00000000777986a0 5 bytes JMP 00000000778e0280 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077796f20 5 bytes JMP 00000000778e0460 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077796f70 5 bytes JMP 00000000778e0450 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtOpenProcess 00000000777970d0 5 bytes JMP 00000000778e0370 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077797120 5 bytes JMP 00000000778e0470 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077797130 5 bytes JMP 00000000778e03e0 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtOpenSection 00000000777971e0 5 bytes JMP 00000000778e0320 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077797210 5 bytes JMP 00000000778e03b0 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077797230 5 bytes JMP 00000000778e0390 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077797270 5 bytes JMP 00000000778e02e0 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtQueueApcThread 00000000777972c0 5 bytes JMP 00000000778e0440 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtCreateEvent 00000000777972f0 5 bytes JMP 00000000778e02d0 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077797310 5 bytes JMP 00000000778e0310 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077797350 5 bytes JMP 00000000778e03c0 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtTerminateThread 00000000777973a0 5 bytes JMP 00000000778e03f0 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077797510 5 bytes JMP 00000000778e0230 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777976c0 5 bytes JMP 00000000778e0480 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 00000000777976f0 5 bytes JMP 00000000778e03a0 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtCreateEventPair 00000000777977e0 5 bytes JMP 00000000778e02f0 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 00000000777977f0 5 bytes JMP 00000000778e0350 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077797850 5 bytes JMP 00000000778e0290 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 00000000777978d0 5 bytes JMP 00000000778e02b0 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 00000000777978f0 5 bytes JMP 00000000778e03d0 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077797900 5 bytes JMP 00000000778e0330 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077797970 5 bytes JMP 00000000778e0410 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 00000000777979a0 5 bytes JMP 00000000778e0240 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077797c30 5 bytes JMP 00000000778e01e0 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077797cf0 5 bytes JMP 00000000778e0250 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077797d20 5 bytes JMP 00000000778e0490 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077797d30 5 bytes JMP 00000000778e04a0 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077797d50 5 bytes JMP 00000000778e0300 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077797d60 5 bytes JMP 00000000778e0360 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077797da0 5 bytes JMP 00000000778e02a0 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077797df0 5 bytes JMP 00000000778e02c0 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077797e20 5 bytes JMP 00000000778e0380 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077797e30 5 bytes JMP 00000000778e0340 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077798310 5 bytes JMP 00000000778e0260 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077798320 5 bytes JMP 00000000778e0270 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077798330 5 bytes JMP 00000000778e0400 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 00000000777984e0 5 bytes JMP 00000000778e01f0 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 00000000777984f0 5 bytes JMP 00000000778e0210 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077798550 5 bytes JMP 00000000778e0200 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtSuspendProcess 00000000777985b0 5 bytes JMP 00000000778e0420 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtSuspendThread 00000000777985c0 5 bytes JMP 00000000778e0430 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 00000000777985d0 5 bytes JMP 00000000778e0220 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\ntdll.dll!NtVdmControl 00000000777986a0 5 bytes JMP 00000000778e0280 .text C:\Windows\system32\svchost.exe[1168] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077542c52 1 byte [62] .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077796f20 5 bytes JMP 00000000778e0460 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077796f70 5 bytes JMP 00000000778e0450 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtOpenProcess 00000000777970d0 5 bytes JMP 00000000778e0370 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077797120 5 bytes JMP 00000000778e0470 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077797130 5 bytes JMP 00000000778e03e0 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtOpenSection 00000000777971e0 5 bytes JMP 00000000778e0320 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077797210 5 bytes JMP 00000000778e03b0 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077797230 5 bytes JMP 00000000778e0390 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077797270 5 bytes JMP 00000000778e02e0 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtQueueApcThread 00000000777972c0 5 bytes JMP 00000000778e0440 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtCreateEvent 00000000777972f0 5 bytes JMP 00000000778e02d0 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077797310 5 bytes JMP 00000000778e0310 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077797350 5 bytes JMP 00000000778e03c0 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtTerminateThread 00000000777973a0 5 bytes JMP 00000000778e03f0 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077797510 5 bytes JMP 00000000778e0230 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777976c0 5 bytes JMP 00000000778e0480 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 00000000777976f0 5 bytes JMP 00000000778e03a0 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtCreateEventPair 00000000777977e0 5 bytes JMP 00000000778e02f0 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 00000000777977f0 5 bytes JMP 00000000778e0350 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077797850 5 bytes JMP 00000000778e0290 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 00000000777978d0 5 bytes JMP 00000000778e02b0 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 00000000777978f0 5 bytes JMP 00000000778e03d0 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077797900 5 bytes JMP 00000000778e0330 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077797970 5 bytes JMP 00000000778e0410 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 00000000777979a0 5 bytes JMP 00000000778e0240 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077797c30 5 bytes JMP 00000000778e01e0 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077797cf0 5 bytes JMP 00000000778e0250 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077797d20 5 bytes JMP 00000000778e0490 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077797d30 5 bytes JMP 00000000778e04a0 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077797d50 5 bytes JMP 00000000778e0300 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077797d60 5 bytes JMP 00000000778e0360 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077797da0 5 bytes JMP 00000000778e02a0 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077797df0 5 bytes JMP 00000000778e02c0 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077797e20 5 bytes JMP 00000000778e0380 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077797e30 5 bytes JMP 00000000778e0340 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077798310 5 bytes JMP 00000000778e0260 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077798320 5 bytes JMP 00000000778e0270 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077798330 5 bytes JMP 00000000778e0400 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 00000000777984e0 5 bytes JMP 00000000778e01f0 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 00000000777984f0 5 bytes JMP 00000000778e0210 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077798550 5 bytes JMP 00000000778e0200 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtSuspendProcess 00000000777985b0 5 bytes JMP 00000000778e0420 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtSuspendThread 00000000777985c0 5 bytes JMP 00000000778e0430 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 00000000777985d0 5 bytes JMP 00000000778e0220 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\ntdll.dll!NtVdmControl 00000000777986a0 5 bytes JMP 00000000778e0280 .text C:\Windows\Explorer.EXE[1392] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077542c52 1 byte [62] .text C:\ProgramData\IePluginService\PluginService.exe[1444] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130 0000000076a14228 1 byte [62] .text C:\ProgramData\WPM\wprotectmanager.exe[1484] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130 0000000076a14228 1 byte [62] .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077796f20 5 bytes JMP 00000000778e0460 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077796f70 5 bytes JMP 00000000778e0450 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtOpenProcess 00000000777970d0 5 bytes JMP 00000000778e0370 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077797120 5 bytes JMP 00000000778e0470 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077797130 5 bytes JMP 00000000778e03e0 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtOpenSection 00000000777971e0 5 bytes JMP 00000000778e0320 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077797210 5 bytes JMP 00000000778e03b0 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077797230 5 bytes JMP 00000000778e0390 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077797270 5 bytes JMP 00000000778e02e0 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtQueueApcThread 00000000777972c0 5 bytes JMP 00000000778e0440 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtCreateEvent 00000000777972f0 5 bytes JMP 00000000778e02d0 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077797310 5 bytes JMP 00000000778e0310 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077797350 5 bytes JMP 00000000778e03c0 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtTerminateThread 00000000777973a0 5 bytes JMP 00000000778e03f0 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077797510 5 bytes JMP 00000000778e0230 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777976c0 5 bytes JMP 00000000778e0480 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 00000000777976f0 5 bytes JMP 00000000778e03a0 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtCreateEventPair 00000000777977e0 5 bytes JMP 00000000778e02f0 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 00000000777977f0 5 bytes JMP 00000000778e0350 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077797850 5 bytes JMP 00000000778e0290 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 00000000777978d0 5 bytes JMP 00000000778e02b0 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 00000000777978f0 5 bytes JMP 00000000778e03d0 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077797900 5 bytes JMP 00000000778e0330 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077797970 5 bytes JMP 00000000778e0410 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 00000000777979a0 5 bytes JMP 00000000778e0240 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077797c30 5 bytes JMP 00000000778e01e0 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077797cf0 5 bytes JMP 00000000778e0250 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077797d20 5 bytes JMP 00000000778e0490 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077797d30 5 bytes JMP 00000000778e04a0 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077797d50 5 bytes JMP 00000000778e0300 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077797d60 5 bytes JMP 00000000778e0360 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077797da0 5 bytes JMP 00000000778e02a0 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077797df0 5 bytes JMP 00000000778e02c0 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077797e20 5 bytes JMP 00000000778e0380 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077797e30 5 bytes JMP 00000000778e0340 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077798310 5 bytes JMP 00000000778e0260 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077798320 5 bytes JMP 00000000778e0270 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077798330 5 bytes JMP 00000000778e0400 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 00000000777984e0 5 bytes JMP 00000000778e01f0 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 00000000777984f0 5 bytes JMP 00000000778e0210 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077798550 5 bytes JMP 00000000778e0200 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtSuspendProcess 00000000777985b0 5 bytes JMP 00000000778e0420 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtSuspendThread 00000000777985c0 5 bytes JMP 00000000778e0430 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 00000000777985d0 5 bytes JMP 00000000778e0220 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\ntdll.dll!NtVdmControl 00000000777986a0 5 bytes JMP 00000000778e0280 .text C:\Program Files\Windows Defender\MSASCui.exe[1576] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 |
13.02.2014, 19:14 | #8 |
| Sweet Page nicht entfernbar GMER Teil III Code:
ATTFilter .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077796f20 5 bytes JMP 00000000778e0460 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077796f70 5 bytes JMP 00000000778e0450 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtOpenProcess 00000000777970d0 5 bytes JMP 00000000778e0370 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077797120 5 bytes JMP 00000000778e0470 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077797130 5 bytes JMP 00000000778e03e0 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtOpenSection 00000000777971e0 5 bytes JMP 00000000778e0320 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077797210 5 bytes JMP 00000000778e03b0 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077797230 5 bytes JMP 00000000778e0390 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077797270 5 bytes JMP 00000000778e02e0 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtQueueApcThread 00000000777972c0 5 bytes JMP 00000000778e0440 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtCreateEvent 00000000777972f0 5 bytes JMP 00000000778e02d0 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077797310 5 bytes JMP 00000000778e0310 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077797350 5 bytes JMP 00000000778e03c0 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtTerminateThread 00000000777973a0 5 bytes JMP 00000000778e03f0 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077797510 5 bytes JMP 00000000778e0230 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777976c0 5 bytes JMP 00000000778e0480 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 00000000777976f0 5 bytes JMP 00000000778e03a0 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtCreateEventPair 00000000777977e0 5 bytes JMP 00000000778e02f0 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 00000000777977f0 5 bytes JMP 00000000778e0350 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077797850 5 bytes JMP 00000000778e0290 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 00000000777978d0 5 bytes JMP 00000000778e02b0 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 00000000777978f0 5 bytes JMP 00000000778e03d0 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077797900 5 bytes JMP 00000000778e0330 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077797970 5 bytes JMP 00000000778e0410 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 00000000777979a0 5 bytes JMP 00000000778e0240 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077797c30 5 bytes JMP 00000000778e01e0 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077797cf0 5 bytes JMP 00000000778e0250 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077797d20 5 bytes JMP 00000000778e0490 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077797d30 5 bytes JMP 00000000778e04a0 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077797d50 5 bytes JMP 00000000778e0300 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077797d60 5 bytes JMP 00000000778e0360 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077797da0 5 bytes JMP 00000000778e02a0 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077797df0 5 bytes JMP 00000000778e02c0 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077797e20 5 bytes JMP 00000000778e0380 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077797e30 5 bytes JMP 00000000778e0340 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077798310 5 bytes JMP 00000000778e0260 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077798320 5 bytes JMP 00000000778e0270 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077798330 5 bytes JMP 00000000778e0400 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 00000000777984e0 5 bytes JMP 00000000778e01f0 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 00000000777984f0 5 bytes JMP 00000000778e0210 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077798550 5 bytes JMP 00000000778e0200 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtSuspendProcess 00000000777985b0 5 bytes JMP 00000000778e0420 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtSuspendThread 00000000777985c0 5 bytes JMP 00000000778e0430 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 00000000777985d0 5 bytes JMP 00000000778e0220 .text C:\Windows\System32\igfxtray.exe[1584] C:\Windows\system32\ntdll.dll!NtVdmControl 00000000777986a0 5 bytes JMP 00000000778e0280 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077796f20 5 bytes JMP 00000000778e0460 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077796f70 5 bytes JMP 00000000778e0450 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtOpenProcess 00000000777970d0 5 bytes JMP 00000000778e0370 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077797120 5 bytes JMP 00000000778e0470 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077797130 5 bytes JMP 00000000778e03e0 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtOpenSection 00000000777971e0 5 bytes JMP 00000000778e0320 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077797210 5 bytes JMP 00000000778e03b0 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077797230 5 bytes JMP 00000000778e0390 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077797270 5 bytes JMP 00000000778e02e0 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtQueueApcThread 00000000777972c0 5 bytes JMP 00000000778e0440 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtCreateEvent 00000000777972f0 5 bytes JMP 00000000778e02d0 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077797310 5 bytes JMP 00000000778e0310 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077797350 5 bytes JMP 00000000778e03c0 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtTerminateThread 00000000777973a0 5 bytes JMP 00000000778e03f0 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077797510 5 bytes JMP 00000000778e0230 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777976c0 5 bytes JMP 00000000778e0480 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 00000000777976f0 5 bytes JMP 00000000778e03a0 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtCreateEventPair 00000000777977e0 5 bytes JMP 00000000778e02f0 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 00000000777977f0 5 bytes JMP 00000000778e0350 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077797850 5 bytes JMP 00000000778e0290 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 00000000777978d0 5 bytes JMP 00000000778e02b0 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 00000000777978f0 5 bytes JMP 00000000778e03d0 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077797900 5 bytes JMP 00000000778e0330 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077797970 5 bytes JMP 00000000778e0410 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 00000000777979a0 5 bytes JMP 00000000778e0240 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077797c30 5 bytes JMP 00000000778e01e0 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077797cf0 5 bytes JMP 00000000778e0250 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077797d20 5 bytes JMP 00000000778e0490 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077797d30 5 bytes JMP 00000000778e04a0 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077797d50 5 bytes JMP 00000000778e0300 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077797d60 5 bytes JMP 00000000778e0360 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077797da0 5 bytes JMP 00000000778e02a0 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077797df0 5 bytes JMP 00000000778e02c0 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077797e20 5 bytes JMP 00000000778e0380 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077797e30 5 bytes JMP 00000000778e0340 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077798310 5 bytes JMP 00000000778e0260 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077798320 5 bytes JMP 00000000778e0270 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077798330 5 bytes JMP 00000000778e0400 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 00000000777984e0 5 bytes JMP 00000000778e01f0 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 00000000777984f0 5 bytes JMP 00000000778e0210 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077798550 5 bytes JMP 00000000778e0200 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtSuspendProcess 00000000777985b0 5 bytes JMP 00000000778e0420 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtSuspendThread 00000000777985c0 5 bytes JMP 00000000778e0430 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 00000000777985d0 5 bytes JMP 00000000778e0220 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\ntdll.dll!NtVdmControl 00000000777986a0 5 bytes JMP 00000000778e0280 .text C:\Windows\System32\hkcmd.exe[1592] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077542c52 1 byte [62] .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077796f20 5 bytes JMP 00000000778e0460 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077796f70 5 bytes JMP 00000000778e0450 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtOpenProcess 00000000777970d0 5 bytes JMP 00000000778e0370 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077797120 5 bytes JMP 00000000778e0470 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077797130 5 bytes JMP 00000000778e03e0 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtOpenSection 00000000777971e0 5 bytes JMP 00000000778e0320 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077797210 5 bytes JMP 00000000778e03b0 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077797230 5 bytes JMP 00000000778e0390 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077797270 5 bytes JMP 00000000778e02e0 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtQueueApcThread 00000000777972c0 5 bytes JMP 00000000778e0440 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtCreateEvent 00000000777972f0 5 bytes JMP 00000000778e02d0 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077797310 5 bytes JMP 00000000778e0310 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077797350 5 bytes JMP 00000000778e03c0 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtTerminateThread 00000000777973a0 5 bytes JMP 00000000778e03f0 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077797510 5 bytes JMP 00000000778e0230 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777976c0 5 bytes JMP 00000000778e0480 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 00000000777976f0 5 bytes JMP 00000000778e03a0 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtCreateEventPair 00000000777977e0 5 bytes JMP 00000000778e02f0 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 00000000777977f0 5 bytes JMP 00000000778e0350 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077797850 5 bytes JMP 00000000778e0290 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 00000000777978d0 5 bytes JMP 00000000778e02b0 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 00000000777978f0 5 bytes JMP 00000000778e03d0 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077797900 5 bytes JMP 00000000778e0330 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077797970 5 bytes JMP 00000000778e0410 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 00000000777979a0 5 bytes JMP 00000000778e0240 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077797c30 5 bytes JMP 00000000778e01e0 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077797cf0 5 bytes JMP 00000000778e0250 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077797d20 5 bytes JMP 00000000778e0490 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077797d30 5 bytes JMP 00000000778e04a0 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077797d50 5 bytes JMP 00000000778e0300 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077797d60 5 bytes JMP 00000000778e0360 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077797da0 5 bytes JMP 00000000778e02a0 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077797df0 5 bytes JMP 00000000778e02c0 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077797e20 5 bytes JMP 00000000778e0380 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077797e30 5 bytes JMP 00000000778e0340 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077798310 5 bytes JMP 00000000778e0260 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077798320 5 bytes JMP 00000000778e0270 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077798330 5 bytes JMP 00000000778e0400 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 00000000777984e0 5 bytes JMP 00000000778e01f0 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 00000000777984f0 5 bytes JMP 00000000778e0210 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077798550 5 bytes JMP 00000000778e0200 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtSuspendProcess 00000000777985b0 5 bytes JMP 00000000778e0420 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtSuspendThread 00000000777985c0 5 bytes JMP 00000000778e0430 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 00000000777985d0 5 bytes JMP 00000000778e0220 .text C:\Windows\System32\igfxpers.exe[1600] C:\Windows\system32\ntdll.dll!NtVdmControl 00000000777986a0 5 bytes JMP 00000000778e0280 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077796f20 5 bytes JMP 0000000100060460 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077796f70 5 bytes JMP 0000000100060450 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtOpenProcess 00000000777970d0 5 bytes JMP 0000000100060370 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077797120 5 bytes JMP 0000000100060470 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077797130 5 bytes JMP 00000001000603e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtOpenSection 00000000777971e0 5 bytes JMP 0000000100060320 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077797210 5 bytes JMP 00000001000603b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077797230 5 bytes JMP 0000000100060390 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077797270 5 bytes JMP 00000001000602e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtQueueApcThread 00000000777972c0 5 bytes JMP 0000000100060440 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtCreateEvent 00000000777972f0 5 bytes JMP 00000001000602d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077797310 5 bytes JMP 0000000100060310 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077797350 5 bytes JMP 00000001000603c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtTerminateThread 00000000777973a0 5 bytes JMP 00000001000603f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077797510 5 bytes JMP 0000000100060230 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777976c0 5 bytes JMP 0000000100060480 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 00000000777976f0 5 bytes JMP 00000001000603a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtCreateEventPair 00000000777977e0 5 bytes JMP 00000001000602f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 00000000777977f0 5 bytes JMP 0000000100060350 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077797850 5 bytes JMP 0000000100060290 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 00000000777978d0 5 bytes JMP 00000001000602b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 00000000777978f0 5 bytes JMP 00000001000603d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077797900 5 bytes JMP 0000000100060330 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077797970 5 bytes JMP 0000000100060410 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 00000000777979a0 5 bytes JMP 0000000100060240 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077797c30 5 bytes JMP 00000001000601e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077797cf0 5 bytes JMP 0000000100060250 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077797d20 5 bytes JMP 0000000100060490 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077797d30 5 bytes JMP 00000001000604a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077797d50 5 bytes JMP 0000000100060300 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077797d60 5 bytes JMP 0000000100060360 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077797da0 5 bytes JMP 00000001000602a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077797df0 5 bytes JMP 00000001000602c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077797e20 5 bytes JMP 0000000100060380 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077797e30 5 bytes JMP 0000000100060340 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077798310 5 bytes JMP 0000000100060260 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077798320 5 bytes JMP 0000000100060270 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077798330 5 bytes JMP 0000000100060400 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 00000000777984e0 5 bytes JMP 00000001000601f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 00000000777984f0 5 bytes JMP 0000000100060210 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077798550 5 bytes JMP 0000000100060200 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtSuspendProcess 00000000777985b0 5 bytes JMP 0000000100060420 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtSuspendThread 00000000777985c0 5 bytes JMP 0000000100060430 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 00000000777985d0 5 bytes JMP 0000000100060220 .text C:\Program Files\Windows Sidebar\sidebar.exe[1608] C:\Windows\system32\ntdll.dll!NtVdmControl 00000000777986a0 5 bytes JMP 0000000100060280 .text C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe[1624] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130 0000000076a14228 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077796f20 5 bytes JMP 00000000778e0460 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077796f70 5 bytes JMP 00000000778e0450 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtOpenProcess 00000000777970d0 5 bytes JMP 00000000778e0370 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077797120 5 bytes JMP 00000000778e0470 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077797130 5 bytes JMP 00000000778e03e0 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtOpenSection 00000000777971e0 5 bytes JMP 00000000778e0320 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077797210 5 bytes JMP 00000000778e03b0 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077797230 5 bytes JMP 00000000778e0390 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077797270 5 bytes JMP 00000000778e02e0 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtQueueApcThread 00000000777972c0 5 bytes JMP 00000000778e0440 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtCreateEvent 00000000777972f0 5 bytes JMP 00000000778e02d0 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077797310 5 bytes JMP 00000000778e0310 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077797350 5 bytes JMP 00000000778e03c0 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtTerminateThread 00000000777973a0 5 bytes JMP 00000000778e03f0 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077797510 5 bytes JMP 00000000778e0230 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777976c0 5 bytes JMP 00000000778e0480 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 00000000777976f0 5 bytes JMP 00000000778e03a0 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtCreateEventPair 00000000777977e0 5 bytes JMP 00000000778e02f0 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 00000000777977f0 5 bytes JMP 00000000778e0350 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077797850 5 bytes JMP 00000000778e0290 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 00000000777978d0 5 bytes JMP 00000000778e02b0 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 00000000777978f0 5 bytes JMP 00000000778e03d0 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077797900 5 bytes JMP 00000000778e0330 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077797970 5 bytes JMP 00000000778e0410 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 00000000777979a0 5 bytes JMP 00000000778e0240 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077797c30 5 bytes JMP 00000000778e01e0 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077797cf0 5 bytes JMP 00000000778e0250 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077797d20 5 bytes JMP 00000000778e0490 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077797d30 5 bytes JMP 00000000778e04a0 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077797d50 5 bytes JMP 00000000778e0300 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077797d60 5 bytes JMP 00000000778e0360 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077797da0 5 bytes JMP 00000000778e02a0 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077797df0 5 bytes JMP 00000000778e02c0 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077797e20 5 bytes JMP 00000000778e0380 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077797e30 5 bytes JMP 00000000778e0340 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077798310 5 bytes JMP 00000000778e0260 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077798320 5 bytes JMP 00000000778e0270 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077798330 5 bytes JMP 00000000778e0400 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 00000000777984e0 5 bytes JMP 00000000778e01f0 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 00000000777984f0 5 bytes JMP 00000000778e0210 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077798550 5 bytes JMP 00000000778e0200 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtSuspendProcess 00000000777985b0 5 bytes JMP 00000000778e0420 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtSuspendThread 00000000777985c0 5 bytes JMP 00000000778e0430 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 00000000777985d0 5 bytes JMP 00000000778e0220 .text C:\Windows\System32\spoolsv.exe[1720] C:\Windows\system32\ntdll.dll!NtVdmControl 00000000777986a0 5 bytes JMP 00000000778e0280 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077796f20 5 bytes JMP 00000000778e0460 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077796f70 5 bytes JMP 00000000778e0450 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtOpenProcess 00000000777970d0 5 bytes JMP 00000000778e0370 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077797120 5 bytes JMP 00000000778e0470 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077797130 5 bytes JMP 00000000778e03e0 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtOpenSection 00000000777971e0 5 bytes JMP 00000000778e0320 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077797210 5 bytes JMP 00000000778e03b0 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077797230 5 bytes JMP 00000000778e0390 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077797270 5 bytes JMP 00000000778e02e0 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtQueueApcThread 00000000777972c0 5 bytes JMP 00000000778e0440 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtCreateEvent 00000000777972f0 5 bytes JMP 00000000778e02d0 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077797310 5 bytes JMP 00000000778e0310 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077797350 5 bytes JMP 00000000778e03c0 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtTerminateThread 00000000777973a0 5 bytes JMP 00000000778e03f0 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077797510 5 bytes JMP 00000000778e0230 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777976c0 5 bytes JMP 00000000778e0480 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 00000000777976f0 5 bytes JMP 00000000778e03a0 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtCreateEventPair 00000000777977e0 5 bytes JMP 00000000778e02f0 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 00000000777977f0 5 bytes JMP 00000000778e0350 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077797850 5 bytes JMP 00000000778e0290 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 00000000777978d0 5 bytes JMP 00000000778e02b0 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 00000000777978f0 5 bytes JMP 00000000778e03d0 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077797900 5 bytes JMP 00000000778e0330 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077797970 5 bytes JMP 00000000778e0410 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 00000000777979a0 5 bytes JMP 00000000778e0240 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077797c30 5 bytes JMP 00000000778e01e0 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077797cf0 5 bytes JMP 00000000778e0250 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077797d20 5 bytes JMP 00000000778e0490 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077797d30 5 bytes JMP 00000000778e04a0 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077797d50 5 bytes JMP 00000000778e0300 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077797d60 5 bytes JMP 00000000778e0360 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077797da0 5 bytes JMP 00000000778e02a0 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077797df0 5 bytes JMP 00000000778e02c0 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077797e20 5 bytes JMP 00000000778e0380 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077797e30 5 bytes JMP 00000000778e0340 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077798310 5 bytes JMP 00000000778e0260 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077798320 5 bytes JMP 00000000778e0270 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077798330 5 bytes JMP 00000000778e0400 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 00000000777984e0 5 bytes JMP 00000000778e01f0 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 00000000777984f0 5 bytes JMP 00000000778e0210 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077798550 5 bytes JMP 00000000778e0200 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtSuspendProcess 00000000777985b0 5 bytes JMP 00000000778e0420 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtSuspendThread 00000000777985c0 5 bytes JMP 00000000778e0430 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 00000000777985d0 5 bytes JMP 00000000778e0220 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\ntdll.dll!NtVdmControl 00000000777986a0 5 bytes JMP 00000000778e0280 .text C:\Windows\system32\taskeng.exe[1732] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077542c52 1 byte [62] .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077796f20 5 bytes JMP 00000000778e0460 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077796f70 5 bytes JMP 00000000778e0450 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtOpenProcess 00000000777970d0 5 bytes JMP 00000000778e0370 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077797120 5 bytes JMP 00000000778e0470 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077797130 5 bytes JMP 00000000778e03e0 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtOpenSection 00000000777971e0 5 bytes JMP 00000000778e0320 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077797210 5 bytes JMP 00000000778e03b0 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077797230 5 bytes JMP 00000000778e0390 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077797270 5 bytes JMP 00000000778e02e0 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtQueueApcThread 00000000777972c0 5 bytes JMP 00000000778e0440 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtCreateEvent 00000000777972f0 5 bytes JMP 00000000778e02d0 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077797310 5 bytes JMP 00000000778e0310 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077797350 5 bytes JMP 00000000778e03c0 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtTerminateThread 00000000777973a0 5 bytes JMP 00000000778e03f0 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077797510 5 bytes JMP 00000000778e0230 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777976c0 5 bytes JMP 00000000778e0480 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 00000000777976f0 5 bytes JMP 00000000778e03a0 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtCreateEventPair 00000000777977e0 5 bytes JMP 00000000778e02f0 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 00000000777977f0 5 bytes JMP 00000000778e0350 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077797850 5 bytes JMP 00000000778e0290 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 00000000777978d0 5 bytes JMP 00000000778e02b0 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 00000000777978f0 5 bytes JMP 00000000778e03d0 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077797900 5 bytes JMP 00000000778e0330 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077797970 5 bytes JMP 00000000778e0410 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 00000000777979a0 5 bytes JMP 00000000778e0240 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077797c30 5 bytes JMP 00000000778e01e0 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077797cf0 5 bytes JMP 00000000778e0250 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077797d20 5 bytes JMP 00000000778e0490 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077797d30 5 bytes JMP 00000000778e04a0 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077797d50 5 bytes JMP 00000000778e0300 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077797d60 5 bytes JMP 00000000778e0360 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077797da0 5 bytes JMP 00000000778e02a0 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077797df0 5 bytes JMP 00000000778e02c0 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077797e20 5 bytes JMP 00000000778e0380 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077797e30 5 bytes JMP 00000000778e0340 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077798310 5 bytes JMP 00000000778e0260 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077798320 5 bytes JMP 00000000778e0270 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077798330 5 bytes JMP 00000000778e0400 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 00000000777984e0 5 bytes JMP 00000000778e01f0 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 00000000777984f0 5 bytes JMP 00000000778e0210 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077798550 5 bytes JMP 00000000778e0200 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtSuspendProcess 00000000777985b0 5 bytes JMP 00000000778e0420 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtSuspendThread 00000000777985c0 5 bytes JMP 00000000778e0430 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 00000000777985d0 5 bytes JMP 00000000778e0220 .text C:\Windows\system32\svchost.exe[1812] C:\Windows\system32\ntdll.dll!NtVdmControl 00000000777986a0 5 bytes JMP 00000000778e0280 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077796f20 5 bytes JMP 00000000778e0460 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077796f70 5 bytes JMP 00000000778e0450 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtOpenProcess 00000000777970d0 5 bytes JMP 00000000778e0370 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077797120 5 bytes JMP 00000000778e0470 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077797130 5 bytes JMP 00000000778e03e0 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtOpenSection 00000000777971e0 5 bytes JMP 00000000778e0320 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077797210 5 bytes JMP 00000000778e03b0 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077797230 5 bytes JMP 00000000778e0390 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077797270 5 bytes JMP 00000000778e02e0 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtQueueApcThread 00000000777972c0 5 bytes JMP 00000000778e0440 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtCreateEvent 00000000777972f0 5 bytes JMP 00000000778e02d0 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077797310 5 bytes JMP 00000000778e0310 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077797350 5 bytes JMP 00000000778e03c0 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtTerminateThread 00000000777973a0 5 bytes JMP 00000000778e03f0 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077797510 5 bytes JMP 00000000778e0230 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777976c0 5 bytes JMP 00000000778e0480 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject |
14.02.2014, 10:51 | #9 |
| Sweet Page nicht entfernbar GMER Teil IV Code:
ATTFilter .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtCreateEventPair 00000000777977e0 5 bytes JMP 00000000778e02f0 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 00000000777977f0 5 bytes JMP 00000000778e0350 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077797850 5 bytes JMP 00000000778e0290 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 00000000777978d0 5 bytes JMP 00000000778e02b0 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 00000000777978f0 5 bytes JMP 00000000778e03d0 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077797900 5 bytes JMP 00000000778e0330 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077797970 5 bytes JMP 00000000778e0410 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 00000000777979a0 5 bytes JMP 00000000778e0240 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077797c30 5 bytes JMP 00000000778e01e0 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077797cf0 5 bytes JMP 00000000778e0250 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077797d20 5 bytes JMP 00000000778e0490 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077797d30 5 bytes JMP 00000000778e04a0 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077797d50 5 bytes JMP 00000000778e0300 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077797d60 5 bytes JMP 00000000778e0360 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077797da0 5 bytes JMP 00000000778e02a0 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077797df0 5 bytes JMP 00000000778e02c0 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077797e20 5 bytes JMP 00000000778e0380 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077797e30 5 bytes JMP 00000000778e0340 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077798310 5 bytes JMP 00000000778e0260 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077798320 5 bytes JMP 00000000778e0270 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077798330 5 bytes JMP 00000000778e0400 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 00000000777984e0 5 bytes JMP 00000000778e01f0 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 00000000777984f0 5 bytes JMP 00000000778e0210 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077798550 5 bytes JMP 00000000778e0200 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtSuspendProcess 00000000777985b0 5 bytes JMP 00000000778e0420 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtSuspendThread 00000000777985c0 5 bytes JMP 00000000778e0430 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 00000000777985d0 5 bytes JMP 00000000778e0220 .text C:\Windows\system32\taskeng.exe[1940] C:\Windows\system32\ntdll.dll!NtVdmControl 00000000777986a0 5 bytes JMP 00000000778e0280 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077796f20 5 bytes JMP 00000000778e0460 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077796f70 5 bytes JMP 00000000778e0450 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtOpenProcess 00000000777970d0 5 bytes JMP 00000000778e0370 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077797120 5 bytes JMP 00000000778e0470 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077797130 5 bytes JMP 00000000778e03e0 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtOpenSection 00000000777971e0 5 bytes JMP 00000000778e0320 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077797210 5 bytes JMP 00000000778e03b0 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077797230 5 bytes JMP 00000000778e0390 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077797270 5 bytes JMP 00000000778e02e0 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtQueueApcThread 00000000777972c0 5 bytes JMP 00000000778e0440 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtCreateEvent 00000000777972f0 5 bytes JMP 00000000778e02d0 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077797310 5 bytes JMP 00000000778e0310 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077797350 5 bytes JMP 00000000778e03c0 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtTerminateThread 00000000777973a0 5 bytes JMP 00000000778e03f0 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077797510 5 bytes JMP 00000000778e0230 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777976c0 5 bytes JMP 00000000778e0480 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 00000000777976f0 5 bytes JMP 00000000778e03a0 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtCreateEventPair 00000000777977e0 5 bytes JMP 00000000778e02f0 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 00000000777977f0 5 bytes JMP 00000000778e0350 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077797850 5 bytes JMP 00000000778e0290 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 00000000777978d0 5 bytes JMP 00000000778e02b0 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 00000000777978f0 5 bytes JMP 00000000778e03d0 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077797900 5 bytes JMP 00000000778e0330 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077797970 5 bytes JMP 00000000778e0410 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 00000000777979a0 5 bytes JMP 00000000778e0240 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077797c30 5 bytes JMP 00000000778e01e0 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077797cf0 5 bytes JMP 00000000778e0250 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077797d20 5 bytes JMP 00000000778e0490 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077797d30 5 bytes JMP 00000000778e04a0 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077797d50 5 bytes JMP 00000000778e0300 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077797d60 5 bytes JMP 00000000778e0360 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077797da0 5 bytes JMP 00000000778e02a0 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077797df0 5 bytes JMP 00000000778e02c0 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077797e20 5 bytes JMP 00000000778e0380 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077797e30 5 bytes JMP 00000000778e0340 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077798310 5 bytes JMP 00000000778e0260 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077798320 5 bytes JMP 00000000778e0270 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077798330 5 bytes JMP 00000000778e0400 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 00000000777984e0 5 bytes JMP 00000000778e01f0 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 00000000777984f0 5 bytes JMP 00000000778e0210 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077798550 5 bytes JMP 00000000778e0200 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtSuspendProcess 00000000777985b0 5 bytes JMP 00000000778e0420 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtSuspendThread 00000000777985c0 5 bytes JMP 00000000778e0430 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 00000000777985d0 5 bytes JMP 00000000778e0220 .text C:\Windows\system32\igfxsrvc.exe[200] C:\Windows\system32\ntdll.dll!NtVdmControl 00000000777986a0 5 bytes JMP 00000000778e0280 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2212] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130 0000000076a14228 1 byte [62] .text C:\Program Files (x86)\RightSurf\updateRightSurf.exe[2928] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 130 0000000076a14228 1 byte [62] .text C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe[2088] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 130 0000000076a14228 1 byte [62] .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077796f20 5 bytes JMP 00000000778e0460 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077796f70 5 bytes JMP 00000000778e0450 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtOpenProcess 00000000777970d0 5 bytes JMP 00000000778e0370 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077797120 5 bytes JMP 00000000778e0470 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077797130 5 bytes JMP 00000000778e03e0 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtOpenSection 00000000777971e0 5 bytes JMP 00000000778e0320 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077797210 5 bytes JMP 00000000778e03b0 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077797230 5 bytes JMP 00000000778e0390 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077797270 5 bytes JMP 00000000778e02e0 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtQueueApcThread 00000000777972c0 5 bytes JMP 00000000778e0440 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtCreateEvent 00000000777972f0 5 bytes JMP 00000000778e02d0 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077797310 5 bytes JMP 00000000778e0310 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077797350 5 bytes JMP 00000000778e03c0 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtTerminateThread 00000000777973a0 5 bytes JMP 00000000778e03f0 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077797510 5 bytes JMP 00000000778e0230 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777976c0 5 bytes JMP 00000000778e0480 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 00000000777976f0 5 bytes JMP 00000000778e03a0 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtCreateEventPair 00000000777977e0 5 bytes JMP 00000000778e02f0 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 00000000777977f0 5 bytes JMP 00000000778e0350 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077797850 5 bytes JMP 00000000778e0290 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 00000000777978d0 5 bytes JMP 00000000778e02b0 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 00000000777978f0 5 bytes JMP 00000000778e03d0 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077797900 5 bytes JMP 00000000778e0330 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077797970 5 bytes JMP 00000000778e0410 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 00000000777979a0 5 bytes JMP 00000000778e0240 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077797c30 5 bytes JMP 00000000778e01e0 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077797cf0 5 bytes JMP 00000000778e0250 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077797d20 5 bytes JMP 00000000778e0490 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077797d30 5 bytes JMP 00000000778e04a0 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077797d50 5 bytes JMP 00000000778e0300 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077797d60 5 bytes JMP 00000000778e0360 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077797da0 5 bytes JMP 00000000778e02a0 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077797df0 5 bytes JMP 00000000778e02c0 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077797e20 5 bytes JMP 00000000778e0380 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077797e30 5 bytes JMP 00000000778e0340 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077798310 5 bytes JMP 00000000778e0260 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077798320 5 bytes JMP 00000000778e0270 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077798330 5 bytes JMP 00000000778e0400 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 00000000777984e0 5 bytes JMP 00000000778e01f0 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 00000000777984f0 5 bytes JMP 00000000778e0210 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077798550 5 bytes JMP 00000000778e0200 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtSuspendProcess 00000000777985b0 5 bytes JMP 00000000778e0420 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtSuspendThread 00000000777985c0 5 bytes JMP 00000000778e0430 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 00000000777985d0 5 bytes JMP 00000000778e0220 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\ntdll.dll!NtVdmControl 00000000777986a0 5 bytes JMP 00000000778e0280 .text C:\Windows\System32\svchost.exe[2400] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077542c52 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077796f20 5 bytes JMP 00000000778e0460 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077796f70 5 bytes JMP 00000000778e0450 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtOpenProcess 00000000777970d0 5 bytes JMP 00000000778e0370 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077797120 5 bytes JMP 00000000778e0470 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077797130 5 bytes JMP 00000000778e03e0 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtOpenSection 00000000777971e0 5 bytes JMP 00000000778e0320 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077797210 5 bytes JMP 00000000778e03b0 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077797230 5 bytes JMP 00000000778e0390 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077797270 5 bytes JMP 00000000778e02e0 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtQueueApcThread 00000000777972c0 5 bytes JMP 00000000778e0440 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtCreateEvent 00000000777972f0 5 bytes JMP 00000000778e02d0 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077797310 5 bytes JMP 00000000778e0310 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077797350 5 bytes JMP 00000000778e03c0 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtTerminateThread 00000000777973a0 5 bytes JMP 00000000778e03f0 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077797510 5 bytes JMP 00000000778e0230 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777976c0 5 bytes JMP 00000000778e0480 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 00000000777976f0 5 bytes JMP 00000000778e03a0 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtCreateEventPair 00000000777977e0 5 bytes JMP 00000000778e02f0 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 00000000777977f0 5 bytes JMP 00000000778e0350 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077797850 5 bytes JMP 00000000778e0290 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 00000000777978d0 5 bytes JMP 00000000778e02b0 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 00000000777978f0 5 bytes JMP 00000000778e03d0 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077797900 5 bytes JMP 00000000778e0330 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077797970 5 bytes JMP 00000000778e0410 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 00000000777979a0 5 bytes JMP 00000000778e0240 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077797c30 5 bytes JMP 00000000778e01e0 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077797cf0 5 bytes JMP 00000000778e0250 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077797d20 5 bytes JMP 00000000778e0490 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077797d30 5 bytes JMP 00000000778e04a0 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077797d50 5 bytes JMP 00000000778e0300 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077797d60 5 bytes JMP 00000000778e0360 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077797da0 5 bytes JMP 00000000778e02a0 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077797df0 5 bytes JMP 00000000778e02c0 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077797e20 5 bytes JMP 00000000778e0380 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077797e30 5 bytes JMP 00000000778e0340 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077798310 5 bytes JMP 00000000778e0260 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077798320 5 bytes JMP 00000000778e0270 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077798330 5 bytes JMP 00000000778e0400 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 00000000777984e0 5 bytes JMP 00000000778e01f0 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 00000000777984f0 5 bytes JMP 00000000778e0210 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077798550 5 bytes JMP 00000000778e0200 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtSuspendProcess 00000000777985b0 5 bytes JMP 00000000778e0420 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtSuspendThread 00000000777985c0 5 bytes JMP 00000000778e0430 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 00000000777985d0 5 bytes JMP 00000000778e0220 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\ntdll.dll!NtVdmControl 00000000777986a0 5 bytes JMP 00000000778e0280 .text C:\Windows\system32\SearchIndexer.exe[2508] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077542c52 1 byte [62] .text C:\Windows\SysWOW64\conime.exe[2576] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130 0000000076a14228 1 byte [62] .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePort 0000000077796f20 5 bytes JMP 00000000778e0460 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtQueryObject 0000000077796f70 5 bytes JMP 00000000778e0450 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtOpenProcess 00000000777970d0 5 bytes JMP 00000000778e0370 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077797120 5 bytes JMP 00000000778e0470 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtTerminateProcess 0000000077797130 5 bytes JMP 00000000778e03e0 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtOpenSection 00000000777971e0 5 bytes JMP 00000000778e0320 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtWriteVirtualMemory 0000000077797210 5 bytes JMP 00000000778e03b0 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtDuplicateObject 0000000077797230 5 bytes JMP 00000000778e0390 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtOpenEvent 0000000077797270 5 bytes JMP 00000000778e02e0 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtQueueApcThread 00000000777972c0 5 bytes JMP 00000000778e0440 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtCreateEvent 00000000777972f0 5 bytes JMP 00000000778e02d0 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtCreateSection 0000000077797310 5 bytes JMP 00000000778e0310 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtCreateThread 0000000077797350 5 bytes JMP 00000000778e03c0 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtTerminateThread 00000000777973a0 5 bytes JMP 00000000778e03f0 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtAddBootEntry 0000000077797510 5 bytes JMP 00000000778e0230 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777976c0 5 bytes JMP 00000000778e0480 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtAssignProcessToJobObject 00000000777976f0 5 bytes JMP 00000000778e03a0 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtCreateEventPair 00000000777977e0 5 bytes JMP 00000000778e02f0 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtCreateIoCompletion 00000000777977f0 5 bytes JMP 00000000778e0350 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtCreateMutant 0000000077797850 5 bytes JMP 00000000778e0290 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtCreateSemaphore 00000000777978d0 5 bytes JMP 00000000778e02b0 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtCreateThreadEx 00000000777978f0 5 bytes JMP 00000000778e03d0 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtCreateTimer 0000000077797900 5 bytes JMP 00000000778e0330 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtDebugActiveProcess 0000000077797970 5 bytes JMP 00000000778e0410 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtDeleteBootEntry 00000000777979a0 5 bytes JMP 00000000778e0240 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtLoadDriver 0000000077797c30 5 bytes JMP 00000000778e01e0 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtModifyBootEntry 0000000077797cf0 5 bytes JMP 00000000778e0250 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtNotifyChangeKey 0000000077797d20 5 bytes JMP 00000000778e0490 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077797d30 5 bytes JMP 00000000778e04a0 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtOpenEventPair 0000000077797d50 5 bytes JMP 00000000778e0300 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtOpenIoCompletion 0000000077797d60 5 bytes JMP 00000000778e0360 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtOpenMutant 0000000077797da0 5 bytes JMP 00000000778e02a0 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtOpenSemaphore 0000000077797df0 5 bytes JMP 00000000778e02c0 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtOpenThread 0000000077797e20 5 bytes JMP 00000000778e0380 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtOpenTimer 0000000077797e30 5 bytes JMP 00000000778e0340 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtSetBootEntryOrder 0000000077798310 5 bytes JMP 00000000778e0260 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtSetBootOptions 0000000077798320 5 bytes JMP 00000000778e0270 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtSetContextThread 0000000077798330 5 bytes JMP 00000000778e0400 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtSetSystemInformation 00000000777984e0 5 bytes JMP 00000000778e01f0 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtSetSystemPowerState 00000000777984f0 5 bytes JMP 00000000778e0210 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtShutdownSystem 0000000077798550 5 bytes JMP 00000000778e0200 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtSuspendProcess 00000000777985b0 5 bytes JMP 00000000778e0420 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtSuspendThread 00000000777985c0 5 bytes JMP 00000000778e0430 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtSystemDebugControl 00000000777985d0 5 bytes JMP 00000000778e0220 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\system32\ntdll.dll!NtVdmControl 00000000777986a0 5 bytes JMP 00000000778e0280 .text C:\Users\Regina\Desktop\Gmer-19357.exe[2416] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130 0000000076a14228 1 byte [62] ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification ---- Threads - GMER 2.1 ---- Thread [1740:1912] 000000007794dd19 Thread [1740:1916] 00000000779d810d Thread [1740:1920] 0000000074e4f28e Thread [1740:2632] 00000000725d13f0 Thread [1740:2636] 0000000073eb0140 Thread [1740:2640] 0000000074e4f28e Thread [1740:2732] 000000007106a031 Thread [1740:2748] 000000007106a031 Thread [1740:2752] 0000000071bfb90f Thread [1740:2772] 000000007106a031 Thread [1740:2872] 000000007106a031 Thread [1740:2880] 000000007106a031 Thread [1740:2892] 000000007106a031 Thread [1740:3040] 0000000074e4f28e Thread [1740:3048] 0000000074e4f28e Thread [1740:1768] 00000000742713dd Thread [1740:3792] 0000000072f17e7e Thread [1740:3588] 00000000768b77c6 Thread [1740:2924] 00000000742742fb Thread [1740:2520] 0000000070b460d0 Thread [1740:3640] 0000000070b460d0 Thread [1740:1856] 0000000070b460d0 Thread [1740:4072] 0000000070b460d0 Thread [1740:3500] 0000000070b460d0 Thread [1740:208] 0000000072f66488 Thread [1740:3284] 00000000768b77c6 ---- Processes - GMER 2.1 ---- Library C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2048311D-B9B9-4496-AE37-D2C5FD2C10A1}\mpengine.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [916] (Microsoft Malware Protection Engine/Microsoft Corporation)(2014-02-11 11:05:16) 000007fef4d70000 Library C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2048311D-B9B9-4496-AE37-D2C5FD2C10A1}\offreg.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [916] (Offline registry DLL/Microsoft Corporation)(2014-02-12 09:15:47) 000007fef61b0000 Library C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1392] (Dropbox Shell Extension/Dropbox, Inc.)(2013-09-10 23:54:20) 000007fefac20000 Process C:\ProgramData\IePluginService\PluginService.exe (*** suspicious ***) @ C:\ProgramData\IePluginService\PluginService.exe [1444] (IePlugin Service/Cherished Technololgy LIMITED)(2014-01-26 12:15:12) 0000000000330000 Process C:\ProgramData\WPM\wprotectmanager.exe (*** suspicious ***) @ C:\ProgramData\WPM\wprotectmanager.exe [1484] (WPM Service/Cherished Technololgy LIMITED)(2 00000000013d0000 Process C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe (*** suspicious ***) @ C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe [1624] (Dropbox/Dropbox, Inc.)(2014-01-03 00:32:12) 0000000000400000 Library C:\Users\Regina\AppData\Roaming\Dropbox\bin\Microsoft.VC90.CRT\MSVCR90.dll (*** suspicious ***) @ C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe [1624] (Microsoft® C Runtime Library/Microsoft Corporation)(2008-07-29 15:05:08) 0000000073020000 Library C:\Users\Regina\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe [1624](2013-12-18 02:25:54) 0000000003bb0000 Library C:\Users\Regina\AppData\Roaming\Dropbox\bin\Microsoft.VC90.CRT\MSVCP90.dll (*** suspicious ***) @ C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe [1624] (Microsoft® C++ Runtime Library/Microsoft Corporation)(2008-07-29 15:05:08) 0000000070d80000 Library c:\users\regina\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzwg_xn.dll (*** suspicious ***) @ C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe [1624](2014-02-11 20:52:13) 00000000044d0000 Library C:\Users\Regina\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe [1624](2013-10-18 23:55:02) 0000000063f70000 Library C:\Users\Regina\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe [1624] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 0000000067140000 ---- EOF - GMER 2.1 ---- |
15.02.2014, 15:14 | #10 |
/// the machine /// TB-Ausbilder | Sweet Page nicht entfernbar hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
16.02.2014, 12:24 | #11 |
| Sweet Page nicht entfernbar Combofix Log: Code:
ATTFilter Combofix Logfile: Ich wäre sehr froh, wenn du mir weiterhelfen kannst. Vielen Dank und viele Grüße. |
17.02.2014, 13:15 | #12 |
/// the machine /// TB-Ausbilder | Sweet Page nicht entfernbar Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
17.02.2014, 17:30 | #13 |
| Sweet Page nicht entfernbar Logfile Malwarebytes Anti-Malware: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.17.04 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Regina :: REGINA-PC [Administrator] 17.02.2014 14:44:21 mbam-log-2014-02-17 (14-44-21).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 364298 Laufzeit: 1 Stunde(n), 9 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 4 C:\ProgramData\IePluginService\PluginService.exe (PUP.Optional.IePluginService.A) -> 1452 -> Löschen bei Neustart. C:\Program Files (x86)\RightSurf\updateRightSurf.exe (PUP.Optional.RightSurf.A) -> 2328 -> Löschen bei Neustart. C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe (PUP.Optional.RightSurf.A) -> 2480 -> Löschen bei Neustart. C:\ProgramData\WPM\wprotectmanager.exe (PUP.Optional.WpManager.A) -> 1492 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 17 HKLM\SYSTEM\CurrentControlSet\Services\IePluginService (PUP.Optional.IePluginService.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IePlugins (PUP.Optional.IePluginService.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SYSTEM\CurrentControlSet\Services\Update RightSurf (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SYSTEM\CurrentControlSet\Services\Util RightSurf (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SupTab (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SYSTEM\CurrentControlSet\Services\Wpm (PUP.Optional.WpManager.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WPM (PUP.Optional.WpManager.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\RightSurf (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\sweet-pageSoftware (PUP.Optional.SweetPage.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\Software\RightSurf (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 3 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0X2O1C0R2R1R -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Mozilla\Firefox\Extensions|lightningnewtab@gmail.com (PUP.Optional.Lightning.A) -> Daten: C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\4o7rdo4p.default\extensions\lightningnewtab@gmail.com.xpi -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SYSTEM\CurrentControlSet\Services\Wpm|ImagePath (PUP.Optional.WpManager.A) -> Daten: C:\ProgramData\WPM\wprotectmanager.exe -service -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 6 HKCU\Software\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.SweetPage.A) -> Bösartig: (hxxp://www.sweet-page.com/?type=hp&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (PUP.Optional.SweetPage.A) -> Bösartig: (C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?type=sc&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263) Gut: (iexplore.exe) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.SweetPage.A) -> Bösartig: (hxxp://www.sweet-page.com/?type=hp&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (PUP.Optional.SweetPage.A) -> Bösartig: (hxxp://www.sweet-page.com/web/?type=ds&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263&q={searchTerms}) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bösartig: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\Software\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.SweetPage.A) -> Bösartig: (hxxp://www.sweet-page.com/?type=hp&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 28 C:\Program Files (x86)\SupTab (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\img (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\js (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\en-US (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\es-419 (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\es-ES (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\fr-BE (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\fr-CA (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\fr-CH (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\fr-FR (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\fr-LU (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\it-CH (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\it-IT (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\pl (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\pt-BR (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\ru (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\ru-MO (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\tr-TR (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\vi-VI (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\zh-CN (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\zh-TW (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\RightSurf (PUP.Optional.RightSurf.A) -> Löschen bei Neustart. C:\Program Files (x86)\RightSurf\bin (PUP.Optional.RightSurf.A) -> Löschen bei Neustart. C:\Program Files (x86)\RightSurf\bin\plugins (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\IePluginService (PUP.Optional.IePluginService.A) -> Löschen bei Neustart. C:\ProgramData\IePluginService\update (PUP.Optional.IePluginService.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 59 C:\ProgramData\IePluginService\PluginService.exe (PUP.Optional.IePluginService.A) -> Löschen bei Neustart. C:\Program Files (x86)\RightSurf\updateRightSurf.exe (PUP.Optional.RightSurf.A) -> Löschen bei Neustart. C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe (PUP.Optional.RightSurf.A) -> Löschen bei Neustart. C:\Program Files (x86)\SupTab\SupTab.dll (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe (PUP.Optional.IePluginService.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Regina\Downloads\adblock-plus.exe (PUP.Optional.ExtendedSetup.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\install.data (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\BHOEnabler.exe (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\uninstall.exe (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\indexIE.html (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\indexIE8.html (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\skin.css (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\style.css (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\ver.txt (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\img\default_logo.png (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\img\google.com.png (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\img\icon128.png (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\img\icon16.png (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\img\icon48.png (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\img\loading.gif (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\js\background.js (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\js\ga.js (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\js\jquery-base.js (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\js\js.js (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\js\json2.js (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\js\xa.js (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\js\xagainit.js (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\WPM\wprotectmanager.exe (PUP.Optional.WpManager.A) -> Löschen bei Neustart. C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\sweet-page.xml (PUP.Optional.SweetPage.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\RightSurf\RightSurf.ico (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\RightSurf\updateRightSurf.InstallState (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\RightSurf\bin\sqlite3.dll (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\RightSurf\bin\utilRightSurf.InstallState (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\RightSurf\bin\plugins\RightSurf.16.dll (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\RightSurf\bin\plugins\RightSurf.BrowserFilter.dll (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\RightSurf\bin\plugins\RightSurf.BrowserFilterG.dll (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\RightSurf\bin\plugins\RightSurf.CompatibilityChecker.dll (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\RightSurf\bin\plugins\RightSurf.FFUpdate.dll (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\RightSurf\bin\plugins\RightSurf.IEUpdate.dll (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\IePluginService\update\conf (PUP.Optional.IePluginService.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.019 - Bericht erstellt am 17/02/2014 um 16:39:05 # Aktualisiert 17/02/2014 von Xplode # Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits) # Benutzername : Regina - REGINA-PC # Gestartet von : C:\Users\Regina\Desktop\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** [!] Ordner Gelöscht : C:\ProgramData\WPM [!] Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup [!] Ordner Gelöscht : C:\Users\Regina\AppData\Roaming\Systweak Datei Gelöscht : C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\4o7rdo4p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi Datei Gelöscht : C:\Windows\System32\roboot64.exe ***** [ Verknüpfungen ] ***** Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk Verknüpfung Desinfiziert : C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk Verknüpfung Desinfiziert : C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk Verknüpfung Desinfiziert : C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Schlüssel Gelöscht : HKCU\Software\systweak Schlüssel Gelöscht : HKLM\Software\supTab Schlüssel Gelöscht : HKLM\Software\supWPM Schlüssel Gelöscht : HKLM\Software\systweak Schlüssel Gelöscht : HKLM\Software\Wpm Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IePlugins Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RightSurf Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\supTab Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wpm Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RightSurf ***** [ Browser ] ***** -\\ Internet Explorer v9.0.8112.16533 Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] -\\ Mozilla Firefox v27.0.1 (de) [ Datei : C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\4o7rdo4p.default\prefs.js ] ************************* AdwCleaner[R0].txt - [3747 octets] - [17/02/2014 16:28:02] AdwCleaner[S0].txt - [2878 octets] - [17/02/2014 16:39:05] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2938 octets] ########## [/CODE] ADW Cleaner [R0] AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.019 - Bericht erstellt am 17/02/2014 um 16:28:02 # Aktualisiert 17/02/2014 von Xplode # Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits) # Benutzername : Regina - REGINA-PC # Gestartet von : C:\Users\Regina\Desktop\adwcleaner.exe # Option : Suchen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Datei Gefunden : C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\4o7rdo4p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi Datei Gefunden : C:\Windows\System32\roboot64.exe Ordner Gefunden C:\Program Files (x86)\MyPC Backup Ordner Gefunden C:\ProgramData\WPM Ordner Gefunden C:\Users\Regina\AppData\Roaming\Systweak ***** [ Verknüpfungen ] ***** Verknüpfung Gefunden : C:\Users\Public\Desktop\Mozilla Firefox.lnk ( hxxp://www.sweet-page.com/?type=sc&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263 ) Verknüpfung Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://www.sweet-page.com/?type=sc&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263 ) Verknüpfung Gefunden : C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk ( hxxp://www.sweet-page.com/?type=sc&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263 ) Verknüpfung Gefunden : C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.sweet-page.com/?type=sc&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263 ) Verknüpfung Gefunden : C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.sweet-page.com/?type=sc&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263 ) ***** [ Registrierungsdatenbank ] ***** Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IePlugins Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RightSurf Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\supTab Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wpm Schlüssel Gefunden : HKCU\Software\systweak Schlüssel Gefunden : [x64] HKCU\Software\systweak Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Schlüssel Gefunden : HKLM\Software\supTab Schlüssel Gefunden : HKLM\Software\supWPM Schlüssel Gefunden : HKLM\Software\systweak Schlüssel Gefunden : HKLM\Software\Wpm Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RightSurf ***** [ Browser ] ***** -\\ Internet Explorer v9.0.8112.16533 Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.sweet-page.com/web/?type=ds&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263&q={searchTerms} Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.sweet-page.com/?type=hp&ts=1390738374&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309LE6263E6263 -\\ Mozilla Firefox v27.0.1 (de) [ Datei : C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\4o7rdo4p.default\prefs.js ] ************************* AdwCleaner[R0].txt - [3587 octets] - [17/02/2014 16:28:02] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3647 octets] ########## [/CODE] Ich habe hier 2 Logdateien bei ADW Cleaner gefunden einmal steht hinten [S0] und einmal [R0] . Da ich mir nicht sicher war welches ich posten soll, habe ich vorsichtshalber mal beide gepostet. Logfile Junkware Removal Tool: JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.1 (02.04.2014:1) OS: Windows (TM) Vista Home Premium x64 Ran by Regina on 17.02.2014 at 16:50:40,01 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\Regina\AppData\Roaming\mozilla\firefox\profiles\4o7rdo4p.default\minidumps [48 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 17.02.2014 at 17:01:03,97 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [/CODE] FRST Log FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-02-2014 Ran by Regina (administrator) on REGINA-PC on 17-02-2014 17:28:51 Running from C:\Users\Regina\Desktop Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Dropbox, Inc.) C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\conime.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-24] (AVAST Software) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Startup: C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x99035DB06E18CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\4o7rdo4p.default FF NewTab: chrome://lightning/content/newtab.html FF DefaultSearchEngine: LEO Eng-Deu FF SelectedSearchEngine: LEO Eng-Deu FF Homepage: https://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Extension_Protected - C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\4o7rdo4p.default\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi [2014-01-26] FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-17] ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-24] (AVAST Software) ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-24] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-01-24] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-17] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-24] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-24] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-01-24] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-17] () S1 Beep; No ImagePath R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [56832 2009-04-01] (Atheros Communications, Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-17 17:28 - 2014-02-17 17:28 - 00000000 ____D () C:\Users\Regina\Desktop\FRST-OlderVersion 2014-02-17 17:01 - 2014-02-17 17:01 - 00000768 _____ () C:\Users\Regina\Desktop\JRT.txt 2014-02-17 16:50 - 2014-02-17 16:50 - 00000000 ____D () C:\Windows\ERUNT 2014-02-17 16:38 - 2014-02-17 16:38 - 00003747 _____ () C:\Users\Regina\Desktop\AdwCleaner[R0].txt 2014-02-17 16:27 - 2014-02-17 16:39 - 00000000 ____D () C:\AdwCleaner 2014-02-17 16:21 - 2014-02-17 16:21 - 01037530 _____ (Thisisu) C:\Users\Regina\Desktop\JRT.exe 2014-02-17 14:42 - 2014-02-17 14:42 - 00000948 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-17 14:42 - 2014-02-17 14:42 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Malwarebytes 2014-02-17 14:42 - 2014-02-17 14:42 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-17 14:42 - 2014-02-17 14:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-02-17 14:42 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-02-17 14:35 - 2014-02-17 14:35 - 01037530 _____ (Thisisu) C:\Users\Regina\Desktop\JRT.exe.part 2014-02-17 14:34 - 2014-02-17 16:27 - 01241888 _____ () C:\Users\Regina\Desktop\adwcleaner.exe 2014-02-17 14:29 - 2014-02-17 14:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Regina\Desktop\mbam-setup-1.75.0.1300.exe 2014-02-16 18:34 - 2014-02-16 18:34 - 00031744 _____ () C:\Users\Regina\Desktop\Ausgaben Steffi+Regi_2013.xls 2014-02-16 18:33 - 2014-02-16 18:40 - 00018432 _____ () C:\Users\Regina\Desktop\Ausgaben Steffi+Regi_2014.xls 2014-02-16 12:08 - 2014-02-16 12:08 - 00018100 _____ () C:\ComboFix.txt 2014-02-16 11:52 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-02-16 11:52 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-02-16 11:52 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-02-16 11:52 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-02-16 11:52 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-02-16 11:52 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-02-16 11:52 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-02-16 11:52 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-02-16 11:48 - 2014-02-16 12:08 - 00000000 ____D () C:\Qoobox 2014-02-16 11:47 - 2014-02-16 12:06 - 00000000 ____D () C:\Windows\erdnt 2014-02-16 11:47 - 2014-02-16 11:51 - 00000000 ____D () C:\32788R22FWJFW 2014-02-16 11:46 - 2014-02-16 11:47 - 05183211 ____R (Swearware) C:\Users\Regina\Desktop\ComboFix.exe 2014-02-14 11:22 - 2014-02-14 11:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-13 10:20 - 2014-02-05 11:19 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-13 10:20 - 2014-02-05 11:02 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-13 10:20 - 2014-02-05 11:00 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-13 10:20 - 2014-02-05 10:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-13 10:20 - 2014-02-05 10:54 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-13 10:20 - 2014-02-05 10:52 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-13 10:20 - 2014-02-05 10:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-02-13 10:20 - 2014-02-05 10:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-13 10:20 - 2014-02-05 10:51 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-13 10:20 - 2014-02-05 10:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-02-13 10:20 - 2014-02-05 10:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-13 10:20 - 2014-02-05 10:51 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-13 10:20 - 2014-02-05 10:51 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-13 10:20 - 2014-02-05 10:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-13 10:20 - 2014-02-05 10:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-13 10:20 - 2014-02-05 10:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-02-13 10:20 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-13 10:20 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-13 10:20 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-13 10:20 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-13 10:20 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-13 10:20 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-02-13 10:20 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-02-13 10:20 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-13 10:20 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-02-13 10:20 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-02-13 10:20 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-02-13 10:20 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-13 10:20 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-13 10:20 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-13 10:20 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-02-13 10:20 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-02-13 01:08 - 2014-02-13 10:03 - 00055767 _____ () C:\Users\Regina\Downloads\7z920.exe 2014-02-13 01:08 - 2014-02-13 01:08 - 00000000 ____D () C:\Program Files (x86)\7-Zip 2014-02-12 14:55 - 2013-12-05 05:48 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-02-12 14:55 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-02-12 14:44 - 2014-02-12 14:45 - 00414571 _____ () C:\Users\Regina\Desktop\gmer.txt.txt 2014-02-12 13:07 - 2014-02-12 13:07 - 00380416 _____ () C:\Users\Regina\Desktop\Gmer-19357.exe 2014-02-12 12:43 - 2014-02-12 12:44 - 00014496 _____ () C:\Users\Regina\Desktop\Addition.txt 2014-02-12 12:41 - 2014-02-17 17:29 - 00006710 _____ () C:\Users\Regina\Desktop\FRST.txt 2014-02-12 12:41 - 2014-02-17 17:28 - 00000000 ____D () C:\FRST 2014-02-12 12:39 - 2014-02-17 17:28 - 02152448 _____ (Farbar) C:\Users\Regina\Desktop\FRST64.exe 2014-02-12 12:37 - 2014-02-12 12:38 - 00000474 _____ () C:\Users\Regina\Desktop\defogger_disable.log 2014-02-12 12:37 - 2014-02-12 12:37 - 00000000 _____ () C:\Users\Regina\defogger_reenable 2014-02-11 23:03 - 2014-02-11 23:03 - 00010506 _____ () C:\Users\Regina\Desktop\prefs.js 2014-02-11 15:28 - 2014-02-11 15:29 - 00277280 _____ () C:\Windows\Minidump\Mini021114-02.dmp 2014-02-11 15:00 - 2014-02-11 15:28 - 390989177 _____ () C:\Windows\MEMORY.DMP 2014-02-11 15:00 - 2014-02-11 15:28 - 00000000 ____D () C:\Windows\Minidump 2014-02-11 15:00 - 2014-02-11 15:00 - 00277256 _____ () C:\Windows\Minidump\Mini021114-01.dmp 2014-02-10 17:43 - 2014-02-10 17:43 - 00050477 _____ () C:\Users\Regina\Desktop\Defogger.exe 2014-02-06 14:18 - 2014-02-16 11:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-06 14:18 - 2014-02-06 14:18 - 00000000 ____D () C:\ProgramData\Mozilla 2014-02-02 19:40 - 2014-02-02 19:40 - 00000000 ____D () C:\Users\Regina\Desktop\Bilder 2014 2014-01-29 12:25 - 2014-01-29 12:25 - 00000000 ___HD () C:\ProgramData\CanonBJ 2014-01-28 23:04 - 2014-01-29 00:17 - 00000000 ___RD () C:\Users\Regina\Desktop\Fotos_Videos_ReginaBerthold_2005-2014 2014-01-28 22:57 - 2014-01-28 22:58 - 00000000 ____D () C:\Users\Regina\Desktop\Uni BA MA 2014-01-28 22:56 - 2014-01-28 22:56 - 00003584 _____ () C:\Users\Regina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-28 22:56 - 2014-01-28 22:56 - 00000000 ____D () C:\Users\Regina\Desktop\Ungeordnete Dateien Regina 2014-01-28 22:46 - 2014-01-28 22:53 - 00000000 ____D () C:\Users\Regina\Desktop\Musik von Regina 2014-01-28 22:45 - 2014-01-29 21:59 - 00000000 ___RD () C:\Users\Regina\Desktop\Projekte 2014-01-28 21:45 - 2014-01-29 21:59 - 00000000 ___RD () C:\Users\Regina\Desktop\Freizeit 2014-01-28 21:34 - 2014-01-28 21:34 - 00000000 ____D () C:\Users\Regina\Desktop\Bewerbung 2014-01-28 21:33 - 2014-01-31 18:15 - 00000000 ____D () C:\Users\Regina\Desktop\Jobs 2014-01-26 17:45 - 2014-02-02 14:37 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Skype 2014-01-26 17:45 - 2014-01-26 17:45 - 00000000 ____D () C:\Users\Regina\AppData\Local\Skype 2014-01-26 17:44 - 2014-01-26 17:44 - 00001892 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-01-26 17:44 - 2014-01-26 17:44 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-01-26 17:44 - 2014-01-26 17:44 - 00000000 ____D () C:\ProgramData\Skype 2014-01-26 17:42 - 2014-01-26 17:43 - 35671200 _____ (Skype Technologies S.A.) C:\Users\Regina\Downloads\SkypeSetupFull.exe 2014-01-26 17:13 - 2014-02-17 16:41 - 00000000 ___RD () C:\Users\Regina\Dropbox 2014-01-26 17:13 - 2014-01-26 17:13 - 00000942 _____ () C:\Users\Regina\Desktop\Dropbox.lnk 2014-01-26 17:11 - 2014-01-26 17:13 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\DropboxMaster 2014-01-26 17:11 - 2014-01-26 17:11 - 00000000 ____D () C:\Program Files (x86)\Dropbox 2014-01-26 17:10 - 2014-01-26 17:10 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-01-26 17:08 - 2014-02-17 16:41 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Dropbox 2014-01-26 17:05 - 2014-01-26 17:06 - 37660568 _____ (Dropbox, Inc.) C:\Users\Regina\Downloads\Dropbox 2.6.2.exe 2014-01-26 13:15 - 2014-01-26 13:15 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\0F1F1C2Y1H1P1C0I0T 2014-01-26 13:13 - 2014-01-26 13:14 - 00437118 _____ () C:\Users\Regina\AppData\Local\dd_vcredistMSI4E0F.txt 2014-01-26 13:13 - 2014-01-26 13:14 - 00012072 _____ () C:\Users\Regina\AppData\Local\dd_vcredistUI4E0F.txt 2014-01-26 13:12 - 2014-01-26 13:11 - 00608840 _____ () C:\Users\Regina\Downloads\adblock-plus.xpi 2014-01-24 22:01 - 2014-02-02 19:41 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\vlc 2014-01-24 21:49 - 2014-01-24 21:49 - 00000901 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-01-24 21:49 - 2014-01-24 21:49 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2014-01-24 21:38 - 2014-01-24 21:39 - 24097311 _____ () C:\Users\Regina\Downloads\vlc-2.1.2-win32.exe 2014-01-24 20:26 - 2014-02-17 17:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-24 20:26 - 2014-02-06 14:29 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-01-24 20:10 - 2014-01-26 17:17 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Adobe 2014-01-24 20:10 - 2014-01-24 20:10 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Macromedia 2014-01-24 20:10 - 2014-01-24 20:10 - 00000000 ____D () C:\Users\Regina\AppData\Local\Macromedia 2014-01-24 20:09 - 2014-01-24 20:09 - 00001922 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk 2014-01-24 20:09 - 2014-01-24 20:09 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-01-24 20:08 - 2014-01-30 23:35 - 00000000 ____D () C:\ProgramData\Adobe 2014-01-24 20:02 - 2014-02-06 14:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-01-24 20:02 - 2014-02-06 14:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-01-24 20:02 - 2014-01-24 20:02 - 00000000 ____D () C:\Windows\SysWOW64\Macromed 2014-01-24 20:02 - 2014-01-24 20:02 - 00000000 ____D () C:\Windows\system32\Macromed 2014-01-24 20:00 - 2014-01-26 17:17 - 00000000 ____D () C:\Users\Regina\AppData\Local\Adobe 2014-01-23 21:02 - 2014-01-23 21:02 - 00001003 _____ () C:\Users\Regina\Documents\MailShield.der 2014-01-23 20:46 - 2014-02-06 14:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-01-23 20:46 - 2014-02-04 18:32 - 00000000 ____D () C:\Users\Regina\AppData\Local\Thunderbird 2014-01-23 20:46 - 2014-01-23 20:46 - 00001844 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk 2014-01-23 20:46 - 2014-01-23 20:46 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Thunderbird 2014-01-23 20:17 - 2014-01-23 20:18 - 21981704 _____ (Mozilla) C:\Users\Regina\Downloads\Thunderbird Setup 24.2.0.exe 2014-01-23 20:16 - 2014-02-17 16:39 - 00000791 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-01-23 20:16 - 2014-01-23 20:16 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Mozilla 2014-01-23 20:16 - 2014-01-23 20:16 - 00000000 ____D () C:\Users\Regina\AppData\Local\Mozilla 2014-01-20 16:09 - 2014-01-20 16:09 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\LibreOffice 2014-01-20 14:46 - 2014-02-13 10:10 - 01541636 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-01-20 14:16 - 2013-08-27 04:39 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2014-01-20 14:16 - 2013-08-27 04:39 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2014-01-20 14:16 - 2013-08-27 04:39 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2014-01-20 14:16 - 2013-08-27 04:39 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2014-01-20 14:16 - 2013-08-27 03:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll 2014-01-20 14:16 - 2013-08-27 03:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll 2014-01-20 14:16 - 2013-08-27 03:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll 2014-01-20 14:16 - 2013-08-27 03:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll 2014-01-20 14:16 - 2013-08-27 03:32 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-01-20 14:16 - 2013-08-27 03:30 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2014-01-20 14:16 - 2013-08-27 03:06 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-01-20 14:16 - 2013-08-27 03:00 - 01556480 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2014-01-20 14:16 - 2013-08-27 03:00 - 01149952 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2014-01-20 14:16 - 2013-08-27 02:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-01-20 14:16 - 2013-08-27 02:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2014-01-20 14:16 - 2013-08-27 02:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2014-01-20 14:16 - 2013-08-27 02:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2014-01-20 14:16 - 2011-03-12 23:52 - 01653760 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll 2014-01-20 14:16 - 2011-03-12 22:55 - 00876032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll 2014-01-20 14:04 - 2014-01-20 14:04 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-01-20 13:58 - 2014-01-20 13:58 - 00000000 ____D () C:\Windows\SysWOW64\spool 2014-01-20 13:58 - 2014-01-20 13:58 - 00000000 ____D () C:\Program Files\Windows Portable Devices 2014-01-20 13:58 - 2014-01-20 13:58 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices 2014-01-20 13:57 - 2014-01-20 13:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_07_00.Wdf 2014-01-20 13:46 - 2009-10-01 02:02 - 02537472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll 2014-01-20 13:46 - 2009-10-01 02:02 - 00334848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceApi.dll 2014-01-20 13:46 - 2009-10-01 02:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDShServiceObj.dll 2014-01-20 13:46 - 2009-10-01 02:02 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDShextAutoplay.exe 2014-01-20 13:46 - 2009-10-01 02:01 - 00350208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDSp.dll 2014-01-20 13:46 - 2009-10-01 02:01 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceWMDRM.dll 2014-01-20 13:46 - 2009-10-01 02:01 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceTypes.dll 2014-01-20 13:46 - 2009-10-01 02:01 - 00100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceClassExtension.dll 2014-01-20 13:46 - 2009-10-01 02:01 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceConnectApi.dll 2014-01-20 13:46 - 2009-10-01 01:52 - 02727936 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2014-01-20 13:46 - 2009-10-01 01:52 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll 2014-01-20 13:46 - 2009-10-01 01:52 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\WPDShextAutoplay.exe 2014-01-20 13:46 - 2009-10-01 01:51 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll 2014-01-20 13:46 - 2009-10-01 01:51 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\WPDSp.dll 2014-01-20 13:46 - 2009-10-01 01:51 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWMDRM.dll 2014-01-20 13:46 - 2009-10-01 01:51 - 00214528 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceTypes.dll 2014-01-20 13:46 - 2009-10-01 01:51 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceClassExtension.dll 2014-01-20 13:46 - 2009-10-01 01:51 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll 2014-01-20 13:46 - 2009-10-01 01:51 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll 2014-01-20 13:46 - 2009-10-01 01:51 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceConnectApi.dll 2014-01-20 13:46 - 2009-10-01 01:51 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\BthMtpContextHandler.dll 2014-01-20 12:28 - 2012-07-26 04:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll 2014-01-20 12:28 - 2012-07-26 04:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe 2014-01-20 12:28 - 2012-07-26 04:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll 2014-01-20 12:28 - 2012-07-26 04:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll 2014-01-20 12:28 - 2012-07-26 04:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll 2014-01-20 12:28 - 2012-07-26 03:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys 2014-01-20 12:28 - 2012-07-26 03:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys 2014-01-20 12:28 - 2012-06-02 15:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2014-01-20 12:28 - 2009-07-14 13:19 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\winusb.dll 2014-01-20 12:28 - 2009-07-14 13:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winusb.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2014-01-20 12:20 - 2014-01-20 12:20 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-01-20 12:20 - 2014-01-20 12:20 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-01-20 12:20 - 2014-01-20 12:20 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-01-20 12:20 - 2014-01-20 12:20 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\advpack.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-01-20 12:20 - 2014-01-20 12:20 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-01-20 12:20 - 2014-01-20 12:20 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-01-20 12:18 - 2014-01-20 12:18 - 03548672 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 03068416 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 01554432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsservices.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\MFH264Dec.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 01075712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 01032192 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe 2014-01-20 12:18 - 2014-01-20 12:18 - 00979456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFH264Dec.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00847360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00625152 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00586240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00428544 _____ (Microsoft Corporation) C:\Windows\system32\MFHEAACdec.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4src.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv 2014-01-20 12:18 - 2014-01-20 12:18 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFHEAACdec.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00345088 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00302592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4src.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00258048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv 2014-01-20 12:18 - 2014-01-20 12:18 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00135680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelineprxy.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-01-20 12:17 - 2014-01-20 12:17 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00449024 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00369664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\dxdiag.exe 2014-01-20 12:17 - 2014-01-20 12:17 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\dxdiagn.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiag.exe 2014-01-20 12:17 - 2014-01-20 12:17 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiagn.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00189440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll 2014-01-20 12:16 - 2014-01-20 12:21 - 00004287 _____ () C:\Windows\IE9_main.log 2014-01-20 11:44 - 2009-09-10 03:07 - 03815424 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll 2014-01-20 11:44 - 2009-09-10 03:06 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll 2014-01-20 11:44 - 2009-09-10 03:05 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll 2014-01-20 11:44 - 2009-09-10 03:01 - 03023360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbon.dll 2014-01-20 11:44 - 2009-09-10 03:00 - 01164800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll 2014-01-20 11:44 - 2009-09-10 03:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2014-01-20 11:43 - 2012-02-29 16:37 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll 2014-01-20 11:43 - 2012-02-29 16:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll 2014-01-20 11:43 - 2012-02-29 14:52 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys 2014-01-20 11:33 - 2014-02-17 15:58 - 00002088 _____ () C:\Windows\system32\spsys.log 2014-01-20 11:20 - 2013-10-11 05:23 - 00781824 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2014-01-20 11:20 - 2013-10-11 05:23 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2014-01-20 11:20 - 2013-10-11 03:29 - 00217074 _____ () C:\Windows\system32\WFP.TMF 2014-01-20 11:20 - 2013-10-11 03:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2014-01-20 11:20 - 2013-08-02 15:06 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2014-01-20 11:20 - 2013-08-02 05:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2014-01-20 11:20 - 2013-07-09 13:04 - 01585256 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-01-20 11:20 - 2013-07-09 13:04 - 01168088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2014-01-20 11:20 - 2013-07-08 05:51 - 04691904 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-01-20 11:20 - 2013-07-08 05:20 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-01-20 11:20 - 2013-07-08 05:18 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-01-20 11:20 - 2013-07-08 05:15 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-01-20 11:20 - 2013-07-08 05:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-01-20 11:20 - 2013-07-08 02:39 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-01-20 11:20 - 2013-07-08 02:39 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-01-20 11:20 - 2013-07-08 02:39 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-01-20 11:20 - 2013-03-09 05:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2014-01-20 11:20 - 2013-03-09 02:48 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2014-01-20 11:20 - 2013-03-03 20:13 - 01513320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-01-20 11:20 - 2012-09-25 17:31 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll 2014-01-20 11:20 - 2012-09-25 17:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll 2014-01-20 11:20 - 2012-05-01 15:29 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-01-20 11:20 - 2011-12-14 17:38 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll 2014-01-20 11:20 - 2011-12-14 17:17 - 00680448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll 2014-01-20 11:20 - 2011-02-22 15:47 - 00479744 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll 2014-01-20 11:20 - 2011-02-22 15:13 - 00288768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2014-01-20 11:18 - 2013-07-10 10:47 - 00677888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2014-01-20 11:18 - 2013-07-10 10:42 - 01303552 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-01-20 11:18 - 2013-04-24 05:09 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll 2014-01-20 11:18 - 2013-04-24 05:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2014-01-20 11:18 - 2013-04-24 03:10 - 01078272 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe 2014-01-20 11:18 - 2013-04-24 02:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2014-01-20 11:18 - 2011-10-25 17:13 - 00352256 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-01-20 11:18 - 2011-10-25 16:58 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-01-20 11:17 - 2013-10-11 05:27 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2014-01-20 11:17 - 2013-10-11 05:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2014-01-20 11:17 - 2013-10-11 03:19 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2014-01-20 11:17 - 2013-10-11 03:19 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2014-01-20 11:17 - 2013-10-11 03:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2014-01-20 11:17 - 2013-10-11 03:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2014-01-20 11:17 - 2013-10-11 03:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshcon.dll 2014-01-20 11:17 - 2013-10-11 01:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2014-01-20 11:17 - 2013-10-11 01:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2014-01-20 11:17 - 2013-07-08 05:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2014-01-20 11:17 - 2013-07-08 05:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2014-01-20 11:17 - 2013-07-08 05:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2014-01-20 11:17 - 2013-07-08 05:15 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-01-20 11:17 - 2013-07-08 05:12 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-01-20 11:17 - 2013-07-08 05:12 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2014-01-20 11:17 - 2013-04-17 14:04 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll 2014-01-20 11:17 - 2013-04-17 13:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2014-01-20 11:17 - 2013-02-12 03:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys 2014-01-20 11:17 - 2012-11-02 11:47 - 01794560 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-01-20 11:17 - 2012-11-02 11:19 - 01400832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2014-01-20 11:17 - 2012-06-08 18:59 - 12899840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-01-20 11:17 - 2012-06-08 18:47 - 11586048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-01-20 11:17 - 2012-05-11 17:34 - 00788480 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2014-01-20 11:17 - 2012-05-11 16:57 - 00623616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\localspl.dll 2014-01-20 11:17 - 2012-02-01 16:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2014-01-20 11:17 - 2011-08-25 17:20 - 00735744 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll 2014-01-20 11:17 - 2011-08-25 17:19 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-01-20 11:17 - 2011-08-25 17:19 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll 2014-01-20 11:17 - 2011-08-25 17:15 - 00555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll 2014-01-20 11:17 - 2011-08-25 17:14 - 00563712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-01-20 11:17 - 2011-08-25 17:14 - 00238080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll 2014-01-20 11:17 - 2011-08-25 14:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\oleaccrc.dll 2014-01-20 11:17 - 2011-08-25 14:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaccrc.dll 2014-01-20 11:16 - 2013-10-03 16:02 - 01278976 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-01-20 11:16 - 2013-10-03 13:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2014-01-20 11:16 - 2013-07-20 11:45 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2014-01-20 11:16 - 2013-07-20 11:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2014-01-20 11:16 - 2013-07-17 21:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-01-20 11:16 - 2013-07-17 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-01-20 11:16 - 2013-07-16 10:25 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll 2014-01-20 11:16 - 2013-07-16 05:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll 2014-01-20 11:16 - 2013-07-03 03:22 - 00031616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2014-01-20 11:16 - 2013-06-01 05:19 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-01-20 11:16 - 2013-06-01 05:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-01-20 11:16 - 2013-05-02 05:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2014-01-20 11:16 - 2013-05-02 05:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2014-01-20 11:16 - 2013-05-02 05:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printcom.dll 2014-01-20 11:16 - 2013-03-08 05:17 - 02425344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-01-20 11:16 - 2013-03-08 04:52 - 02067968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-01-20 11:16 - 2012-11-22 05:22 - 00456192 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll 2014-01-20 11:16 - 2012-11-22 04:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shlwapi.dll 2014-01-20 11:16 - 2012-09-28 17:34 - 01210368 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-01-20 11:16 - 2012-09-28 17:13 - 00860160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-01-20 11:16 - 2012-06-04 16:29 - 00516480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-01-20 11:16 - 2012-06-02 01:22 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-01-20 11:16 - 2012-06-02 01:05 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-01-20 11:16 - 2012-06-02 01:04 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-01-20 11:16 - 2011-11-16 17:43 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll 2014-01-20 11:16 - 2011-11-16 17:42 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-01-20 11:16 - 2011-11-16 17:41 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-01-20 11:16 - 2011-11-16 17:23 - 00377344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll 2014-01-20 11:16 - 2011-11-16 15:34 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-01-20 11:16 - 2011-07-29 17:08 - 00375808 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll 2014-01-20 11:16 - 2011-07-29 17:08 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax 2014-01-20 11:16 - 2011-07-29 17:06 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\Mpeg2Data.ax 2014-01-20 11:16 - 2011-07-29 17:06 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax 2014-01-20 11:16 - 2011-07-29 17:01 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll 2014-01-20 11:16 - 2011-07-29 17:01 - 00217088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax 2014-01-20 11:16 - 2011-07-29 17:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax 2014-01-20 11:16 - 2011-07-29 17:00 - 00057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax 2014-01-20 11:14 - 2013-08-01 05:10 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-01-20 11:14 - 2013-08-01 04:37 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-01-20 11:13 - 2013-10-30 03:10 - 02776064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-20 11:13 - 2013-09-04 03:31 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-01-20 11:13 - 2013-07-05 05:45 - 01423808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-01-20 11:13 - 2013-07-04 05:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2014-01-20 11:13 - 2013-07-04 05:13 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2014-01-20 11:13 - 2013-06-29 03:25 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-20 11:13 - 2013-06-29 03:25 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-20 11:13 - 2013-06-29 03:25 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-20 11:13 - 2013-06-29 03:25 - 00007552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-20 11:13 - 2013-06-27 00:00 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2014-01-20 11:13 - 2013-06-27 00:00 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys 2014-01-20 11:13 - 2013-06-27 00:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll 2014-01-20 11:13 - 2013-06-15 14:27 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll 2014-01-20 11:13 - 2013-06-15 12:38 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-01-20 11:13 - 2013-06-04 05:16 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2014-01-20 11:13 - 2013-06-04 05:16 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2014-01-20 11:13 - 2013-06-04 03:01 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2014-01-20 11:13 - 2013-06-04 02:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2014-01-20 11:13 - 2011-10-14 18:31 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll 2014-01-20 11:13 - 2011-10-14 18:27 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\mcicda.dll 2014-01-20 11:13 - 2011-10-14 18:27 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\mciwave.dll 2014-01-20 11:13 - 2011-10-14 18:27 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\mciseq.dll 2014-01-20 11:13 - 2011-10-14 17:03 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll 2014-01-20 11:13 - 2011-10-14 17:00 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mciseq.dll 2014-01-20 11:13 - 2011-05-05 15:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-20 11:13 - 2011-05-05 15:17 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-20 11:12 - 2013-10-30 05:34 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll 2014-01-20 11:12 - 2013-10-30 04:55 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2014-01-20 11:12 - 2013-10-30 03:33 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2014-01-20 11:12 - 2013-10-22 10:31 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2014-01-20 11:12 - 2013-10-22 08:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2014-01-20 11:12 - 2013-10-03 16:03 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-01-20 11:12 - 2013-10-03 13:46 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-01-20 11:12 - 2013-07-12 10:19 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys 2014-01-20 11:12 - 2013-03-08 05:18 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2014-01-20 11:12 - 2012-11-20 05:22 - 00204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-01-20 11:12 - 2012-11-20 05:21 - 00253952 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-01-20 11:12 - 2012-11-08 05:26 - 01570816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2014-01-20 11:12 - 2012-11-08 04:48 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2014-01-20 11:12 - 2012-11-02 11:45 - 00477696 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll 2014-01-20 11:12 - 2012-11-02 11:45 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll 2014-01-20 11:12 - 2012-11-02 11:18 - 00376320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll 2014-01-20 11:12 - 2012-11-02 09:59 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe 2014-01-20 11:12 - 2012-11-02 09:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe 2014-01-20 11:12 - 2012-08-21 12:50 - 00267648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys 2014-01-20 11:12 - 2012-06-29 17:20 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll 2014-01-20 11:12 - 2012-06-29 17:01 - 00467968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll 2014-01-20 11:12 - 2012-03-21 00:34 - 00072576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys 2014-01-20 11:12 - 2011-11-18 19:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-01-20 11:12 - 2011-11-18 18:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-01-20 11:12 - 2011-10-14 18:30 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll 2014-01-20 11:12 - 2011-10-14 17:02 - 00429056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll 2014-01-20 11:12 - 2011-06-15 17:16 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll 2014-01-20 11:12 - 2011-06-15 17:12 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll 2014-01-20 11:12 - 2010-05-04 20:40 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msshsq.dll 2014-01-20 11:12 - 2010-05-04 20:13 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshsq.dll 2014-01-20 10:52 - 2012-01-09 17:16 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll 2014-01-20 10:52 - 2012-01-09 16:54 - 00613376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll 2014-01-20 10:25 - 2012-06-02 23:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-01-20 10:25 - 2012-06-02 23:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-01-20 10:25 - 2012-06-02 23:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-01-20 10:25 - 2012-06-02 23:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-01-20 10:24 - 2012-06-02 23:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-01-20 10:24 - 2012-06-02 23:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-01-20 10:24 - 2012-06-02 23:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-01-20 10:24 - 2012-06-02 23:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-01-20 10:24 - 2012-06-02 23:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-01-20 10:24 - 2012-06-02 23:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-01-20 10:23 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-01-20 10:23 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-01-20 10:23 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-01-20 10:23 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe ==================== One Month Modified Files and Folders ======= 2014-02-17 17:29 - 2014-02-12 12:41 - 00006710 _____ () C:\Users\Regina\Desktop\FRST.txt 2014-02-17 17:29 - 2014-01-24 20:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-17 17:28 - 2014-02-17 17:28 - 00000000 ____D () C:\Users\Regina\Desktop\FRST-OlderVersion 2014-02-17 17:28 - 2014-02-12 12:41 - 00000000 ____D () C:\FRST 2014-02-17 17:28 - 2014-02-12 12:39 - 02152448 _____ (Farbar) C:\Users\Regina\Desktop\FRST64.exe 2014-02-17 17:09 - 2008-01-21 02:53 - 01721052 _____ () C:\Windows\WindowsUpdate.log 2014-02-17 17:01 - 2014-02-17 17:01 - 00000768 _____ () C:\Users\Regina\Desktop\JRT.txt 2014-02-17 16:50 - 2014-02-17 16:50 - 00000000 ____D () C:\Windows\ERUNT 2014-02-17 16:47 - 2008-01-21 12:10 - 01565124 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-17 16:47 - 2008-01-21 12:09 - 00673502 _____ () C:\Windows\system32\perfh007.dat 2014-02-17 16:47 - 2008-01-21 12:09 - 00145482 _____ () C:\Windows\system32\perfc007.dat 2014-02-17 16:41 - 2014-01-26 17:13 - 00000000 ___RD () C:\Users\Regina\Dropbox 2014-02-17 16:41 - 2014-01-26 17:08 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Dropbox 2014-02-17 16:41 - 2006-11-02 16:22 - 00004576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-17 16:41 - 2006-11-02 16:22 - 00004576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-17 16:40 - 2006-11-02 16:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-17 16:39 - 2014-02-17 16:27 - 00000000 ____D () C:\AdwCleaner 2014-02-17 16:39 - 2014-01-23 20:16 - 00000791 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-02-17 16:39 - 2014-01-17 11:10 - 00000907 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-02-17 16:39 - 2014-01-17 11:10 - 00000907 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2014-02-17 16:39 - 2006-11-02 16:42 - 00020880 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-02-17 16:38 - 2014-02-17 16:38 - 00003747 _____ () C:\Users\Regina\Desktop\AdwCleaner[R0].txt 2014-02-17 16:27 - 2014-02-17 14:34 - 01241888 _____ () C:\Users\Regina\Desktop\adwcleaner.exe 2014-02-17 16:21 - 2014-02-17 16:21 - 01037530 _____ (Thisisu) C:\Users\Regina\Desktop\JRT.exe 2014-02-17 15:58 - 2014-01-20 11:33 - 00002088 _____ () C:\Windows\system32\spsys.log 2014-02-17 15:57 - 2008-01-21 04:26 - 00041218 _____ () C:\Windows\PFRO.log 2014-02-17 14:42 - 2014-02-17 14:42 - 00000948 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-17 14:42 - 2014-02-17 14:42 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Malwarebytes 2014-02-17 14:42 - 2014-02-17 14:42 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-17 14:42 - 2014-02-17 14:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-02-17 14:35 - 2014-02-17 14:35 - 01037530 _____ (Thisisu) C:\Users\Regina\Desktop\JRT.exe.part 2014-02-17 14:29 - 2014-02-17 14:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Regina\Desktop\mbam-setup-1.75.0.1300.exe 2014-02-17 12:00 - 2014-01-17 17:43 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-02-16 18:40 - 2014-02-16 18:33 - 00018432 _____ () C:\Users\Regina\Desktop\Ausgaben Steffi+Regi_2014.xls 2014-02-16 18:34 - 2014-02-16 18:34 - 00031744 _____ () C:\Users\Regina\Desktop\Ausgaben Steffi+Regi_2013.xls 2014-02-16 12:08 - 2014-02-16 12:08 - 00018100 _____ () C:\ComboFix.txt 2014-02-16 12:08 - 2014-02-16 11:48 - 00000000 ____D () C:\Qoobox 2014-02-16 12:06 - 2014-02-16 11:47 - 00000000 ____D () C:\Windows\erdnt 2014-02-16 12:04 - 2006-11-02 13:34 - 00000215 _____ () C:\Windows\system.ini 2014-02-16 11:51 - 2014-02-16 11:47 - 00000000 ____D () C:\32788R22FWJFW 2014-02-16 11:47 - 2014-02-16 11:46 - 05183211 ____R (Swearware) C:\Users\Regina\Desktop\ComboFix.exe 2014-02-16 11:24 - 2014-02-06 14:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-14 11:22 - 2014-02-14 11:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-13 10:10 - 2014-01-20 14:46 - 01541636 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-02-13 10:03 - 2014-02-13 01:08 - 00055767 _____ () C:\Users\Regina\Downloads\7z920.exe 2014-02-13 01:08 - 2014-02-13 01:08 - 00000000 ____D () C:\Program Files (x86)\7-Zip 2014-02-12 14:45 - 2014-02-12 14:44 - 00414571 _____ () C:\Users\Regina\Desktop\gmer.txt.txt 2014-02-12 13:07 - 2014-02-12 13:07 - 00380416 _____ () C:\Users\Regina\Desktop\Gmer-19357.exe 2014-02-12 12:44 - 2014-02-12 12:43 - 00014496 _____ () C:\Users\Regina\Desktop\Addition.txt 2014-02-12 12:38 - 2014-02-12 12:37 - 00000474 _____ () C:\Users\Regina\Desktop\defogger_disable.log 2014-02-12 12:37 - 2014-02-12 12:37 - 00000000 _____ () C:\Users\Regina\defogger_reenable 2014-02-12 12:37 - 2014-01-17 11:09 - 00000000 ____D () C:\Users\Regina 2014-02-11 23:03 - 2014-02-11 23:03 - 00010506 _____ () C:\Users\Regina\Desktop\prefs.js 2014-02-11 15:29 - 2014-02-11 15:28 - 00277280 _____ () C:\Windows\Minidump\Mini021114-02.dmp 2014-02-11 15:28 - 2014-02-11 15:00 - 390989177 _____ () C:\Windows\MEMORY.DMP 2014-02-11 15:28 - 2014-02-11 15:00 - 00000000 ____D () C:\Windows\Minidump 2014-02-11 15:00 - 2014-02-11 15:00 - 00277256 _____ () C:\Windows\Minidump\Mini021114-01.dmp 2014-02-10 17:43 - 2014-02-10 17:43 - 00050477 _____ () C:\Users\Regina\Desktop\Defogger.exe 2014-02-06 14:29 - 2014-01-24 20:26 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-02-06 14:29 - 2014-01-24 20:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-02-06 14:29 - 2014-01-24 20:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-06 14:18 - 2014-02-06 14:18 - 00000000 ____D () C:\ProgramData\Mozilla 2014-02-06 14:18 - 2014-01-23 20:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-02-05 11:19 - 2014-02-13 10:20 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-05 11:02 - 2014-02-13 10:20 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-05 11:00 - 2014-02-13 10:20 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-05 10:54 - 2014-02-13 10:20 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-05 10:54 - 2014-02-13 10:20 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-05 10:52 - 2014-02-13 10:20 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-05 10:52 - 2014-02-13 10:20 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-02-05 10:52 - 2014-02-13 10:20 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-05 10:51 - 2014-02-13 10:20 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-05 10:51 - 2014-02-13 10:20 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-02-05 10:51 - 2014-02-13 10:20 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-05 10:51 - 2014-02-13 10:20 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-05 10:51 - 2014-02-13 10:20 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-05 10:50 - 2014-02-13 10:20 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-05 10:50 - 2014-02-13 10:20 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-05 10:50 - 2014-02-13 10:20 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-02-05 09:58 - 2014-02-13 10:20 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-05 09:56 - 2014-02-13 10:20 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-05 09:53 - 2014-02-13 10:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-05 09:51 - 2014-02-13 10:20 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-05 09:50 - 2014-02-13 10:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-05 09:49 - 2014-02-13 10:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-02-05 09:49 - 2014-02-13 10:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-02-05 09:48 - 2014-02-13 10:20 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-05 09:48 - 2014-02-13 10:20 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-02-05 09:48 - 2014-02-13 10:20 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-02-05 09:48 - 2014-02-13 10:20 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-02-05 09:48 - 2014-02-13 10:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-05 09:47 - 2014-02-13 10:20 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-05 09:47 - 2014-02-13 10:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-05 09:47 - 2014-02-13 10:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-02-05 09:46 - 2014-02-13 10:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-02-04 18:32 - 2014-01-23 20:46 - 00000000 ____D () C:\Users\Regina\AppData\Local\Thunderbird 2014-02-02 19:41 - 2014-01-24 22:01 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\vlc 2014-02-02 19:40 - 2014-02-02 19:40 - 00000000 ____D () C:\Users\Regina\Desktop\Bilder 2014 2014-02-02 19:35 - 2006-11-02 16:27 - 00090574 _____ () C:\Windows\setupact.log 2014-02-02 14:37 - 2014-01-26 17:45 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Skype 2014-01-31 18:15 - 2014-01-28 21:33 - 00000000 ____D () C:\Users\Regina\Desktop\Jobs 2014-01-30 23:35 - 2014-01-24 20:08 - 00000000 ____D () C:\ProgramData\Adobe 2014-01-29 21:59 - 2014-01-28 22:45 - 00000000 ___RD () C:\Users\Regina\Desktop\Projekte 2014-01-29 21:59 - 2014-01-28 21:45 - 00000000 ___RD () C:\Users\Regina\Desktop\Freizeit 2014-01-29 12:25 - 2014-01-29 12:25 - 00000000 ___HD () C:\ProgramData\CanonBJ 2014-01-29 00:17 - 2014-01-28 23:04 - 00000000 ___RD () C:\Users\Regina\Desktop\Fotos_Videos_ReginaBerthold_2005-2014 2014-01-28 22:58 - 2014-01-28 22:57 - 00000000 ____D () C:\Users\Regina\Desktop\Uni BA MA 2014-01-28 22:56 - 2014-01-28 22:56 - 00003584 _____ () C:\Users\Regina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-28 22:56 - 2014-01-28 22:56 - 00000000 ____D () C:\Users\Regina\Desktop\Ungeordnete Dateien Regina 2014-01-28 22:53 - 2014-01-28 22:46 - 00000000 ____D () C:\Users\Regina\Desktop\Musik von Regina 2014-01-28 21:34 - 2014-01-28 21:34 - 00000000 ____D () C:\Users\Regina\Desktop\Bewerbung 2014-01-27 10:57 - 2014-01-17 11:10 - 00000000 ___RD () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-26 17:45 - 2014-01-26 17:45 - 00000000 ____D () C:\Users\Regina\AppData\Local\Skype 2014-01-26 17:44 - 2014-01-26 17:44 - 00001892 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-01-26 17:44 - 2014-01-26 17:44 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-01-26 17:44 - 2014-01-26 17:44 - 00000000 ____D () C:\ProgramData\Skype 2014-01-26 17:43 - 2014-01-26 17:42 - 35671200 _____ (Skype Technologies S.A.) C:\Users\Regina\Downloads\SkypeSetupFull.exe 2014-01-26 17:17 - 2014-01-24 20:10 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Adobe 2014-01-26 17:17 - 2014-01-24 20:00 - 00000000 ____D () C:\Users\Regina\AppData\Local\Adobe 2014-01-26 17:13 - 2014-01-26 17:13 - 00000942 _____ () C:\Users\Regina\Desktop\Dropbox.lnk 2014-01-26 17:13 - 2014-01-26 17:11 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\DropboxMaster 2014-01-26 17:11 - 2014-01-26 17:11 - 00000000 ____D () C:\Program Files (x86)\Dropbox 2014-01-26 17:10 - 2014-01-26 17:10 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-01-26 17:06 - 2014-01-26 17:05 - 37660568 _____ (Dropbox, Inc.) C:\Users\Regina\Downloads\Dropbox 2.6.2.exe 2014-01-26 13:15 - 2014-01-26 13:15 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\0F1F1C2Y1H1P1C0I0T 2014-01-26 13:14 - 2014-01-26 13:13 - 00437118 _____ () C:\Users\Regina\AppData\Local\dd_vcredistMSI4E0F.txt 2014-01-26 13:14 - 2014-01-26 13:13 - 00012072 _____ () C:\Users\Regina\AppData\Local\dd_vcredistUI4E0F.txt 2014-01-26 13:13 - 2006-11-02 14:33 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-01-26 13:11 - 2014-01-26 13:12 - 00608840 _____ () C:\Users\Regina\Downloads\adblock-plus.xpi 2014-01-24 21:49 - 2014-01-24 21:49 - 00000901 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-01-24 21:49 - 2014-01-24 21:49 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2014-01-24 21:39 - 2014-01-24 21:38 - 24097311 _____ () C:\Users\Regina\Downloads\vlc-2.1.2-win32.exe 2014-01-24 20:10 - 2014-01-24 20:10 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Macromedia 2014-01-24 20:10 - 2014-01-24 20:10 - 00000000 ____D () C:\Users\Regina\AppData\Local\Macromedia 2014-01-24 20:09 - 2014-01-24 20:09 - 00001922 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk 2014-01-24 20:09 - 2014-01-24 20:09 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-01-24 20:02 - 2014-01-24 20:02 - 00000000 ____D () C:\Windows\SysWOW64\Macromed 2014-01-24 20:02 - 2014-01-24 20:02 - 00000000 ____D () C:\Windows\system32\Macromed 2014-01-24 01:24 - 2014-01-17 17:43 - 00001829 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-01-24 01:23 - 2014-01-17 17:42 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-01-24 01:23 - 2014-01-17 17:42 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-01-24 01:23 - 2014-01-17 17:42 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-01-24 01:23 - 2014-01-17 17:42 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-01-24 01:23 - 2014-01-17 17:42 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2014-01-24 01:23 - 2014-01-17 17:42 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2014-01-24 01:23 - 2014-01-17 17:42 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-01-23 21:02 - 2014-01-23 21:02 - 00001003 _____ () C:\Users\Regina\Documents\MailShield.der 2014-01-23 20:46 - 2014-01-23 20:46 - 00001844 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk 2014-01-23 20:46 - 2014-01-23 20:46 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Thunderbird 2014-01-23 20:18 - 2014-01-23 20:17 - 21981704 _____ (Mozilla) C:\Users\Regina\Downloads\Thunderbird Setup 24.2.0.exe 2014-01-23 20:16 - 2014-01-23 20:16 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Mozilla 2014-01-23 20:16 - 2014-01-23 20:16 - 00000000 ____D () C:\Users\Regina\AppData\Local\Mozilla 2014-01-20 16:09 - 2014-01-20 16:09 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\LibreOffice 2014-01-20 15:06 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\rescache 2014-01-20 14:04 - 2014-01-20 14:04 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-01-20 14:01 - 2006-11-02 16:21 - 00290832 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-01-20 13:58 - 2014-01-20 13:58 - 00000000 ____D () C:\Windows\SysWOW64\spool 2014-01-20 13:58 - 2014-01-20 13:58 - 00000000 ____D () C:\Program Files\Windows Portable Devices 2014-01-20 13:58 - 2014-01-20 13:58 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices 2014-01-20 13:58 - 2006-11-02 16:07 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer 2014-01-20 13:58 - 2006-11-02 16:07 - 00000000 ____D () C:\Program Files\Windows Journal 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\uk-UA 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\th-TH 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\sr-Latn-CS 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\sl-SI 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\ro-RO 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\lv-LV 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\lt-LT 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\hr-HR 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\he-IL 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\et-EE 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\zh-HK 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\uk-UA 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\tr-TR 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\th-TH 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\sl-SI 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\sk-SK 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\ro-RO 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\lv-LV 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\lt-LT 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\hr-HR 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\he-IL 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\et-EE 2014-01-20 13:58 - 2006-11-02 14:33 - 00000000 ___RD () C:\Windows\Offline Web Pages 2014-01-20 13:58 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\system32\bg-BG 2014-01-20 13:58 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\system32\ar-SA 2014-01-20 13:58 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-01-20 13:58 - 2006-11-02 14:33 - 00000000 ____D () C:\Program Files\Common Files\System 2014-01-20 13:57 - 2014-01-20 13:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_07_00.Wdf 2014-01-20 12:21 - 2014-01-20 12:16 - 00004287 _____ () C:\Windows\IE9_main.log 2014-01-20 12:20 - 2014-01-20 12:20 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2014-01-20 12:20 - 2014-01-20 12:20 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-01-20 12:20 - 2014-01-20 12:20 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-01-20 12:20 - 2014-01-20 12:20 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-01-20 12:20 - 2014-01-20 12:20 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\advpack.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-01-20 12:20 - 2014-01-20 12:20 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-01-20 12:20 - 2014-01-20 12:20 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-01-20 12:20 - 2006-11-02 13:16 - 00008798 _____ () C:\Windows\SysWOW64\icrav03.rat 2014-01-20 12:20 - 2006-11-02 13:16 - 00001988 _____ () C:\Windows\SysWOW64\ticrf.rat 2014-01-20 12:20 - 2006-11-02 07:36 - 00008798 _____ () C:\Windows\system32\icrav03.rat 2014-01-20 12:20 - 2006-11-02 07:36 - 00001988 _____ () C:\Windows\system32\ticrf.rat 2014-01-20 12:18 - 2014-01-20 12:18 - 03548672 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 03068416 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 01554432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsservices.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\MFH264Dec.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 01075712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 01032192 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe 2014-01-20 12:18 - 2014-01-20 12:18 - 00979456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFH264Dec.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00847360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00625152 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00586240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00428544 _____ (Microsoft Corporation) C:\Windows\system32\MFHEAACdec.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4src.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv 2014-01-20 12:18 - 2014-01-20 12:18 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFHEAACdec.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00345088 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00302592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4src.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00258048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv 2014-01-20 12:18 - 2014-01-20 12:18 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00135680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelineprxy.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-01-20 12:17 - 2014-01-20 12:17 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00449024 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00369664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\dxdiag.exe 2014-01-20 12:17 - 2014-01-20 12:17 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\dxdiagn.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiag.exe 2014-01-20 12:17 - 2014-01-20 12:17 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiagn.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00189440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll 2014-01-20 10:15 - 2014-01-17 11:10 - 00062768 _____ () C:\Users\Regina\AppData\Local\GDIPFONTCACHEV1.DAT 2014-01-20 10:14 - 2014-01-17 11:09 - 00000915 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk Some content of TEMP: ==================== C:\Users\Regina\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvedswt.dll C:\Users\Regina\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-17 16:46 ==================== End Of Log ============================ --- --- --- |
18.02.2014, 12:33 | #14 |
/// the machine /// TB-Ausbilder | Sweet Page nicht entfernbarESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
19.02.2014, 12:29 | #15 |
| Sweet Page nicht entfernbar Eset Online Scanner Logfile: Code:
ATTFilter ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=3b23aa30f0c2a64d9dd6f45f6ef75028 # engine=17123 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-02-18 06:21:34 # local_time=2014-02-18 07:21:34 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=774 16777213 71 77 2170898 2228309 0 0 # compatibility_mode=5892 16776573 100 100 10561 230271600 0 0 # scanned=204366 # found=0 # cleaned=0 # scan_time=5744 Code:
ATTFilter Results of screen317's Security Check version 0.99.79 Windows Vista Service Pack 2 x64 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Adobe Flash Player 12.0.0.44 Adobe Reader 10.1.9 Adobe Reader out of Date! Mozilla Firefox (27.0.1) Mozilla Thunderbird (24.3.0) ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2014 Ran by Regina (administrator) on REGINA-PC on 19-02-2014 11:30:49 Running from C:\Users\Regina\Desktop Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Dropbox, Inc.) C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\SysWOW64\conime.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-24] (AVAST Software) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Startup: C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x99035DB06E18CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\4o7rdo4p.default FF NewTab: chrome://lightning/content/newtab.html FF DefaultSearchEngine: LEO Eng-Deu FF SelectedSearchEngine: LEO Eng-Deu FF Homepage: https://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Extension_Protected - C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\4o7rdo4p.default\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi [2014-01-26] FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-17] ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-24] (AVAST Software) ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-24] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-01-24] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-17] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-24] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-24] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-01-24] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-17] () S1 Beep; No ImagePath R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [56832 2009-04-01] (Atheros Communications, Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-19 11:26 - 2014-02-19 11:26 - 00000891 _____ () C:\Users\Regina\Desktop\checkup.txt 2014-02-19 11:17 - 2014-02-19 11:17 - 00000000 ____D () C:\Users\Regina\Desktop\Trojaner_Board Sweet Page Entfernung 2014-02-18 17:40 - 2014-02-18 17:40 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-02-18 17:34 - 2014-02-18 17:34 - 00987425 _____ () C:\Users\Regina\Desktop\SecurityCheck.exe 2014-02-18 17:33 - 2014-02-18 17:33 - 02347384 _____ (ESET) C:\Users\Regina\Desktop\esetsmartinstaller_enu.exe 2014-02-17 17:28 - 2014-02-19 11:30 - 00000000 ____D () C:\Users\Regina\Desktop\FRST-OlderVersion 2014-02-17 17:01 - 2014-02-17 17:01 - 00000768 _____ () C:\Users\Regina\Desktop\JRT.txt 2014-02-17 16:50 - 2014-02-17 16:50 - 00000000 ____D () C:\Windows\ERUNT 2014-02-17 16:38 - 2014-02-17 16:38 - 00003747 _____ () C:\Users\Regina\Desktop\AdwCleaner[R0].txt 2014-02-17 16:27 - 2014-02-17 16:39 - 00000000 ____D () C:\AdwCleaner 2014-02-17 16:21 - 2014-02-17 16:21 - 01037530 _____ (Thisisu) C:\Users\Regina\Desktop\JRT.exe 2014-02-17 14:42 - 2014-02-17 14:42 - 00000948 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-17 14:42 - 2014-02-17 14:42 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Malwarebytes 2014-02-17 14:42 - 2014-02-17 14:42 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-17 14:42 - 2014-02-17 14:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-02-17 14:42 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-02-17 14:35 - 2014-02-17 14:35 - 01037530 _____ (Thisisu) C:\Users\Regina\Desktop\JRT.exe.part 2014-02-17 14:34 - 2014-02-17 16:27 - 01241888 _____ () C:\Users\Regina\Desktop\adwcleaner.exe 2014-02-17 14:29 - 2014-02-17 14:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Regina\Desktop\mbam-setup-1.75.0.1300.exe 2014-02-16 18:34 - 2014-02-16 18:34 - 00031744 _____ () C:\Users\Regina\Desktop\Ausgaben Steffi+Regi_2013.xls 2014-02-16 18:33 - 2014-02-16 18:40 - 00018432 _____ () C:\Users\Regina\Desktop\Ausgaben Steffi+Regi_2014.xls 2014-02-16 12:08 - 2014-02-16 12:08 - 00018100 _____ () C:\ComboFix.txt 2014-02-16 11:52 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-02-16 11:52 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-02-16 11:52 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-02-16 11:52 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-02-16 11:52 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-02-16 11:52 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-02-16 11:52 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-02-16 11:52 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-02-16 11:48 - 2014-02-16 12:08 - 00000000 ____D () C:\Qoobox 2014-02-16 11:47 - 2014-02-16 12:06 - 00000000 ____D () C:\Windows\erdnt 2014-02-16 11:47 - 2014-02-16 11:51 - 00000000 ____D () C:\32788R22FWJFW 2014-02-16 11:46 - 2014-02-16 11:47 - 05183211 ____R (Swearware) C:\Users\Regina\Desktop\ComboFix.exe 2014-02-14 11:22 - 2014-02-14 11:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-13 10:20 - 2014-02-05 11:19 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-13 10:20 - 2014-02-05 11:02 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-13 10:20 - 2014-02-05 11:00 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-13 10:20 - 2014-02-05 10:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-13 10:20 - 2014-02-05 10:54 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-13 10:20 - 2014-02-05 10:52 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-13 10:20 - 2014-02-05 10:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-02-13 10:20 - 2014-02-05 10:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-13 10:20 - 2014-02-05 10:51 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-13 10:20 - 2014-02-05 10:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-02-13 10:20 - 2014-02-05 10:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-13 10:20 - 2014-02-05 10:51 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-13 10:20 - 2014-02-05 10:51 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-13 10:20 - 2014-02-05 10:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-13 10:20 - 2014-02-05 10:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-13 10:20 - 2014-02-05 10:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-02-13 10:20 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-13 10:20 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-13 10:20 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-13 10:20 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-13 10:20 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-13 10:20 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-02-13 10:20 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-02-13 10:20 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-13 10:20 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-02-13 10:20 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-02-13 10:20 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-02-13 10:20 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-13 10:20 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-13 10:20 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-13 10:20 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-02-13 10:20 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-02-13 01:08 - 2014-02-13 10:03 - 00055767 _____ () C:\Users\Regina\Downloads\7z920.exe 2014-02-13 01:08 - 2014-02-13 01:08 - 00000000 ____D () C:\Program Files (x86)\7-Zip 2014-02-12 14:55 - 2013-12-05 05:48 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-02-12 14:55 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-02-12 14:44 - 2014-02-12 14:45 - 00414571 _____ () C:\Users\Regina\Desktop\gmer.txt.txt 2014-02-12 13:07 - 2014-02-12 13:07 - 00380416 _____ () C:\Users\Regina\Desktop\Gmer-19357.exe 2014-02-12 12:43 - 2014-02-12 12:44 - 00014496 _____ () C:\Users\Regina\Desktop\Addition.txt 2014-02-12 12:41 - 2014-02-19 11:30 - 00006792 _____ () C:\Users\Regina\Desktop\FRST.txt 2014-02-12 12:41 - 2014-02-19 11:30 - 00000000 ____D () C:\FRST 2014-02-12 12:39 - 2014-02-19 11:30 - 02153472 _____ (Farbar) C:\Users\Regina\Desktop\FRST64.exe 2014-02-12 12:37 - 2014-02-12 12:38 - 00000474 _____ () C:\Users\Regina\Desktop\defogger_disable.log 2014-02-12 12:37 - 2014-02-12 12:37 - 00000000 _____ () C:\Users\Regina\defogger_reenable 2014-02-11 23:03 - 2014-02-11 23:03 - 00010506 _____ () C:\Users\Regina\Desktop\prefs.js 2014-02-11 15:28 - 2014-02-11 15:29 - 00277280 _____ () C:\Windows\Minidump\Mini021114-02.dmp 2014-02-11 15:00 - 2014-02-11 15:28 - 390989177 _____ () C:\Windows\MEMORY.DMP 2014-02-11 15:00 - 2014-02-11 15:28 - 00000000 ____D () C:\Windows\Minidump 2014-02-11 15:00 - 2014-02-11 15:00 - 00277256 _____ () C:\Windows\Minidump\Mini021114-01.dmp 2014-02-10 17:43 - 2014-02-10 17:43 - 00050477 _____ () C:\Users\Regina\Desktop\Defogger.exe 2014-02-06 14:18 - 2014-02-16 11:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-06 14:18 - 2014-02-06 14:18 - 00000000 ____D () C:\ProgramData\Mozilla 2014-02-02 19:40 - 2014-02-02 19:40 - 00000000 ____D () C:\Users\Regina\Desktop\Bilder 2014 2014-01-29 12:25 - 2014-01-29 12:25 - 00000000 ___HD () C:\ProgramData\CanonBJ 2014-01-28 23:04 - 2014-01-29 00:17 - 00000000 ___RD () C:\Users\Regina\Desktop\Fotos_Videos_ReginaBerthold_2005-2014 2014-01-28 22:57 - 2014-01-28 22:58 - 00000000 ____D () C:\Users\Regina\Desktop\Uni BA MA 2014-01-28 22:56 - 2014-01-28 22:56 - 00003584 _____ () C:\Users\Regina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-28 22:56 - 2014-01-28 22:56 - 00000000 ____D () C:\Users\Regina\Desktop\Ungeordnete Dateien Regina 2014-01-28 22:46 - 2014-01-28 22:53 - 00000000 ____D () C:\Users\Regina\Desktop\Musik von Regina 2014-01-28 22:45 - 2014-01-29 21:59 - 00000000 ___RD () C:\Users\Regina\Desktop\Projekte 2014-01-28 21:45 - 2014-01-29 21:59 - 00000000 ___RD () C:\Users\Regina\Desktop\Freizeit 2014-01-28 21:34 - 2014-01-28 21:34 - 00000000 ____D () C:\Users\Regina\Desktop\Bewerbung 2014-01-28 21:33 - 2014-01-31 18:15 - 00000000 ____D () C:\Users\Regina\Desktop\Jobs 2014-01-26 17:45 - 2014-02-02 14:37 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Skype 2014-01-26 17:45 - 2014-01-26 17:45 - 00000000 ____D () C:\Users\Regina\AppData\Local\Skype 2014-01-26 17:44 - 2014-01-26 17:44 - 00001892 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-01-26 17:44 - 2014-01-26 17:44 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-01-26 17:44 - 2014-01-26 17:44 - 00000000 ____D () C:\ProgramData\Skype 2014-01-26 17:42 - 2014-01-26 17:43 - 35671200 _____ (Skype Technologies S.A.) C:\Users\Regina\Downloads\SkypeSetupFull.exe 2014-01-26 17:13 - 2014-02-19 11:15 - 00000000 ___RD () C:\Users\Regina\Dropbox 2014-01-26 17:13 - 2014-01-26 17:13 - 00000942 _____ () C:\Users\Regina\Desktop\Dropbox.lnk 2014-01-26 17:11 - 2014-01-26 17:13 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\DropboxMaster 2014-01-26 17:11 - 2014-01-26 17:11 - 00000000 ____D () C:\Program Files (x86)\Dropbox 2014-01-26 17:10 - 2014-01-26 17:10 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-01-26 17:08 - 2014-02-19 11:15 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Dropbox 2014-01-26 17:05 - 2014-01-26 17:06 - 37660568 _____ (Dropbox, Inc.) C:\Users\Regina\Downloads\Dropbox 2.6.2.exe 2014-01-26 13:15 - 2014-01-26 13:15 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\0F1F1C2Y1H1P1C0I0T 2014-01-26 13:13 - 2014-01-26 13:14 - 00437118 _____ () C:\Users\Regina\AppData\Local\dd_vcredistMSI4E0F.txt 2014-01-26 13:13 - 2014-01-26 13:14 - 00012072 _____ () C:\Users\Regina\AppData\Local\dd_vcredistUI4E0F.txt 2014-01-26 13:12 - 2014-01-26 13:11 - 00608840 _____ () C:\Users\Regina\Downloads\adblock-plus.xpi 2014-01-24 22:01 - 2014-02-02 19:41 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\vlc 2014-01-24 21:49 - 2014-01-24 21:49 - 00000901 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-01-24 21:49 - 2014-01-24 21:49 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2014-01-24 21:38 - 2014-01-24 21:39 - 24097311 _____ () C:\Users\Regina\Downloads\vlc-2.1.2-win32.exe 2014-01-24 20:26 - 2014-02-19 11:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-24 20:26 - 2014-02-06 14:29 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-01-24 20:10 - 2014-01-26 17:17 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Adobe 2014-01-24 20:10 - 2014-01-24 20:10 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Macromedia 2014-01-24 20:10 - 2014-01-24 20:10 - 00000000 ____D () C:\Users\Regina\AppData\Local\Macromedia 2014-01-24 20:09 - 2014-01-24 20:09 - 00001922 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk 2014-01-24 20:09 - 2014-01-24 20:09 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-01-24 20:08 - 2014-01-30 23:35 - 00000000 ____D () C:\ProgramData\Adobe 2014-01-24 20:02 - 2014-02-06 14:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-01-24 20:02 - 2014-02-06 14:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-01-24 20:02 - 2014-01-24 20:02 - 00000000 ____D () C:\Windows\SysWOW64\Macromed 2014-01-24 20:02 - 2014-01-24 20:02 - 00000000 ____D () C:\Windows\system32\Macromed 2014-01-24 20:00 - 2014-01-26 17:17 - 00000000 ____D () C:\Users\Regina\AppData\Local\Adobe 2014-01-23 21:02 - 2014-01-23 21:02 - 00001003 _____ () C:\Users\Regina\Documents\MailShield.der 2014-01-23 20:46 - 2014-02-06 14:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-01-23 20:46 - 2014-02-04 18:32 - 00000000 ____D () C:\Users\Regina\AppData\Local\Thunderbird 2014-01-23 20:46 - 2014-01-23 20:46 - 00001844 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk 2014-01-23 20:46 - 2014-01-23 20:46 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Thunderbird 2014-01-23 20:17 - 2014-01-23 20:18 - 21981704 _____ (Mozilla) C:\Users\Regina\Downloads\Thunderbird Setup 24.2.0.exe 2014-01-23 20:16 - 2014-02-17 16:39 - 00000791 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-01-23 20:16 - 2014-01-23 20:16 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Mozilla 2014-01-23 20:16 - 2014-01-23 20:16 - 00000000 ____D () C:\Users\Regina\AppData\Local\Mozilla 2014-01-20 16:09 - 2014-01-20 16:09 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\LibreOffice 2014-01-20 14:46 - 2014-02-13 10:10 - 01541636 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-01-20 14:16 - 2013-08-27 04:39 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2014-01-20 14:16 - 2013-08-27 04:39 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2014-01-20 14:16 - 2013-08-27 04:39 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2014-01-20 14:16 - 2013-08-27 04:39 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2014-01-20 14:16 - 2013-08-27 03:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll 2014-01-20 14:16 - 2013-08-27 03:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll 2014-01-20 14:16 - 2013-08-27 03:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll 2014-01-20 14:16 - 2013-08-27 03:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll 2014-01-20 14:16 - 2013-08-27 03:32 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-01-20 14:16 - 2013-08-27 03:30 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2014-01-20 14:16 - 2013-08-27 03:06 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-01-20 14:16 - 2013-08-27 03:00 - 01556480 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2014-01-20 14:16 - 2013-08-27 03:00 - 01149952 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2014-01-20 14:16 - 2013-08-27 02:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-01-20 14:16 - 2013-08-27 02:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2014-01-20 14:16 - 2013-08-27 02:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2014-01-20 14:16 - 2013-08-27 02:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2014-01-20 14:16 - 2011-03-12 23:52 - 01653760 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll 2014-01-20 14:16 - 2011-03-12 22:55 - 00876032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll 2014-01-20 14:04 - 2014-01-20 14:04 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-01-20 13:58 - 2014-01-20 13:58 - 00000000 ____D () C:\Windows\SysWOW64\spool 2014-01-20 13:58 - 2014-01-20 13:58 - 00000000 ____D () C:\Program Files\Windows Portable Devices 2014-01-20 13:58 - 2014-01-20 13:58 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices 2014-01-20 13:57 - 2014-01-20 13:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_07_00.Wdf 2014-01-20 13:46 - 2009-10-01 02:02 - 02537472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll 2014-01-20 13:46 - 2009-10-01 02:02 - 00334848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceApi.dll 2014-01-20 13:46 - 2009-10-01 02:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDShServiceObj.dll 2014-01-20 13:46 - 2009-10-01 02:02 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDShextAutoplay.exe 2014-01-20 13:46 - 2009-10-01 02:01 - 00350208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDSp.dll 2014-01-20 13:46 - 2009-10-01 02:01 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceWMDRM.dll 2014-01-20 13:46 - 2009-10-01 02:01 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceTypes.dll 2014-01-20 13:46 - 2009-10-01 02:01 - 00100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceClassExtension.dll 2014-01-20 13:46 - 2009-10-01 02:01 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceConnectApi.dll 2014-01-20 13:46 - 2009-10-01 01:52 - 02727936 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2014-01-20 13:46 - 2009-10-01 01:52 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll 2014-01-20 13:46 - 2009-10-01 01:52 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\WPDShextAutoplay.exe 2014-01-20 13:46 - 2009-10-01 01:51 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll 2014-01-20 13:46 - 2009-10-01 01:51 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\WPDSp.dll 2014-01-20 13:46 - 2009-10-01 01:51 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWMDRM.dll 2014-01-20 13:46 - 2009-10-01 01:51 - 00214528 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceTypes.dll 2014-01-20 13:46 - 2009-10-01 01:51 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceClassExtension.dll 2014-01-20 13:46 - 2009-10-01 01:51 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll 2014-01-20 13:46 - 2009-10-01 01:51 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll 2014-01-20 13:46 - 2009-10-01 01:51 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceConnectApi.dll 2014-01-20 13:46 - 2009-10-01 01:51 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\BthMtpContextHandler.dll 2014-01-20 12:28 - 2012-07-26 04:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll 2014-01-20 12:28 - 2012-07-26 04:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe 2014-01-20 12:28 - 2012-07-26 04:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll 2014-01-20 12:28 - 2012-07-26 04:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll 2014-01-20 12:28 - 2012-07-26 04:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll 2014-01-20 12:28 - 2012-07-26 03:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys 2014-01-20 12:28 - 2012-07-26 03:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys 2014-01-20 12:28 - 2012-06-02 15:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2014-01-20 12:28 - 2009-07-14 13:19 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\winusb.dll 2014-01-20 12:28 - 2009-07-14 13:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winusb.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2014-01-20 12:20 - 2014-01-20 12:20 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-01-20 12:20 - 2014-01-20 12:20 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-01-20 12:20 - 2014-01-20 12:20 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-01-20 12:20 - 2014-01-20 12:20 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\advpack.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-01-20 12:20 - 2014-01-20 12:20 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-01-20 12:20 - 2014-01-20 12:20 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-01-20 12:18 - 2014-01-20 12:18 - 03548672 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 03068416 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 01554432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsservices.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\MFH264Dec.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 01075712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 01032192 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe 2014-01-20 12:18 - 2014-01-20 12:18 - 00979456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFH264Dec.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00847360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00625152 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00586240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00428544 _____ (Microsoft Corporation) C:\Windows\system32\MFHEAACdec.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4src.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv 2014-01-20 12:18 - 2014-01-20 12:18 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFHEAACdec.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00345088 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00302592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4src.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00258048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv 2014-01-20 12:18 - 2014-01-20 12:18 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00135680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelineprxy.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-01-20 12:17 - 2014-01-20 12:17 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00449024 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00369664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\dxdiag.exe 2014-01-20 12:17 - 2014-01-20 12:17 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\dxdiagn.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiag.exe 2014-01-20 12:17 - 2014-01-20 12:17 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiagn.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00189440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll 2014-01-20 12:16 - 2014-01-20 12:21 - 00004287 _____ () C:\Windows\IE9_main.log 2014-01-20 11:44 - 2009-09-10 03:07 - 03815424 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll 2014-01-20 11:44 - 2009-09-10 03:06 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll 2014-01-20 11:44 - 2009-09-10 03:05 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll 2014-01-20 11:44 - 2009-09-10 03:01 - 03023360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbon.dll 2014-01-20 11:44 - 2009-09-10 03:00 - 01164800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll 2014-01-20 11:44 - 2009-09-10 03:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2014-01-20 11:43 - 2012-02-29 16:37 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll 2014-01-20 11:43 - 2012-02-29 16:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll 2014-01-20 11:43 - 2012-02-29 14:52 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys 2014-01-20 11:33 - 2014-02-17 15:58 - 00002088 _____ () C:\Windows\system32\spsys.log 2014-01-20 11:20 - 2013-10-11 05:23 - 00781824 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2014-01-20 11:20 - 2013-10-11 05:23 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2014-01-20 11:20 - 2013-10-11 03:29 - 00217074 _____ () C:\Windows\system32\WFP.TMF 2014-01-20 11:20 - 2013-10-11 03:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2014-01-20 11:20 - 2013-08-02 15:06 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2014-01-20 11:20 - 2013-08-02 05:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2014-01-20 11:20 - 2013-07-09 13:04 - 01585256 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-01-20 11:20 - 2013-07-09 13:04 - 01168088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2014-01-20 11:20 - 2013-07-08 05:51 - 04691904 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-01-20 11:20 - 2013-07-08 05:20 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-01-20 11:20 - 2013-07-08 05:18 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-01-20 11:20 - 2013-07-08 05:15 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-01-20 11:20 - 2013-07-08 05:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-01-20 11:20 - 2013-07-08 02:39 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-01-20 11:20 - 2013-07-08 02:39 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-01-20 11:20 - 2013-07-08 02:39 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-01-20 11:20 - 2013-03-09 05:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2014-01-20 11:20 - 2013-03-09 02:48 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2014-01-20 11:20 - 2013-03-03 20:13 - 01513320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-01-20 11:20 - 2012-09-25 17:31 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll 2014-01-20 11:20 - 2012-09-25 17:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll 2014-01-20 11:20 - 2012-05-01 15:29 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-01-20 11:20 - 2011-12-14 17:38 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll 2014-01-20 11:20 - 2011-12-14 17:17 - 00680448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll 2014-01-20 11:20 - 2011-02-22 15:47 - 00479744 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll 2014-01-20 11:20 - 2011-02-22 15:13 - 00288768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2014-01-20 11:18 - 2013-07-10 10:47 - 00677888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2014-01-20 11:18 - 2013-07-10 10:42 - 01303552 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-01-20 11:18 - 2013-04-24 05:09 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll 2014-01-20 11:18 - 2013-04-24 05:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2014-01-20 11:18 - 2013-04-24 03:10 - 01078272 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe 2014-01-20 11:18 - 2013-04-24 02:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2014-01-20 11:18 - 2011-10-25 17:13 - 00352256 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-01-20 11:18 - 2011-10-25 16:58 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-01-20 11:17 - 2013-10-11 05:27 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2014-01-20 11:17 - 2013-10-11 05:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2014-01-20 11:17 - 2013-10-11 03:19 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2014-01-20 11:17 - 2013-10-11 03:19 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2014-01-20 11:17 - 2013-10-11 03:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2014-01-20 11:17 - 2013-10-11 03:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2014-01-20 11:17 - 2013-10-11 03:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshcon.dll 2014-01-20 11:17 - 2013-10-11 01:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2014-01-20 11:17 - 2013-10-11 01:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2014-01-20 11:17 - 2013-07-08 05:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2014-01-20 11:17 - 2013-07-08 05:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2014-01-20 11:17 - 2013-07-08 05:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2014-01-20 11:17 - 2013-07-08 05:15 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-01-20 11:17 - 2013-07-08 05:12 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-01-20 11:17 - 2013-07-08 05:12 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2014-01-20 11:17 - 2013-04-17 14:04 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll 2014-01-20 11:17 - 2013-04-17 13:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2014-01-20 11:17 - 2013-02-12 03:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys 2014-01-20 11:17 - 2012-11-02 11:47 - 01794560 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-01-20 11:17 - 2012-11-02 11:19 - 01400832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2014-01-20 11:17 - 2012-06-08 18:59 - 12899840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-01-20 11:17 - 2012-06-08 18:47 - 11586048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-01-20 11:17 - 2012-05-11 17:34 - 00788480 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2014-01-20 11:17 - 2012-05-11 16:57 - 00623616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\localspl.dll 2014-01-20 11:17 - 2012-02-01 16:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2014-01-20 11:17 - 2011-08-25 17:20 - 00735744 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll 2014-01-20 11:17 - 2011-08-25 17:19 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-01-20 11:17 - 2011-08-25 17:19 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll 2014-01-20 11:17 - 2011-08-25 17:15 - 00555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll 2014-01-20 11:17 - 2011-08-25 17:14 - 00563712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-01-20 11:17 - 2011-08-25 17:14 - 00238080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll 2014-01-20 11:17 - 2011-08-25 14:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\oleaccrc.dll 2014-01-20 11:17 - 2011-08-25 14:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaccrc.dll 2014-01-20 11:16 - 2013-10-03 16:02 - 01278976 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-01-20 11:16 - 2013-10-03 13:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2014-01-20 11:16 - 2013-07-20 11:45 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2014-01-20 11:16 - 2013-07-20 11:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2014-01-20 11:16 - 2013-07-17 21:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-01-20 11:16 - 2013-07-17 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-01-20 11:16 - 2013-07-16 10:25 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll 2014-01-20 11:16 - 2013-07-16 05:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll 2014-01-20 11:16 - 2013-07-03 03:22 - 00031616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2014-01-20 11:16 - 2013-06-01 05:19 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-01-20 11:16 - 2013-06-01 05:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-01-20 11:16 - 2013-05-02 05:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2014-01-20 11:16 - 2013-05-02 05:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2014-01-20 11:16 - 2013-05-02 05:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printcom.dll 2014-01-20 11:16 - 2013-03-08 05:17 - 02425344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-01-20 11:16 - 2013-03-08 04:52 - 02067968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-01-20 11:16 - 2012-11-22 05:22 - 00456192 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll 2014-01-20 11:16 - 2012-11-22 04:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shlwapi.dll 2014-01-20 11:16 - 2012-09-28 17:34 - 01210368 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-01-20 11:16 - 2012-09-28 17:13 - 00860160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-01-20 11:16 - 2012-06-04 16:29 - 00516480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-01-20 11:16 - 2012-06-02 01:22 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-01-20 11:16 - 2012-06-02 01:05 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-01-20 11:16 - 2012-06-02 01:04 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-01-20 11:16 - 2011-11-16 17:43 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll 2014-01-20 11:16 - 2011-11-16 17:42 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-01-20 11:16 - 2011-11-16 17:41 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-01-20 11:16 - 2011-11-16 17:23 - 00377344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll 2014-01-20 11:16 - 2011-11-16 15:34 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-01-20 11:16 - 2011-07-29 17:08 - 00375808 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll 2014-01-20 11:16 - 2011-07-29 17:08 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax 2014-01-20 11:16 - 2011-07-29 17:06 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\Mpeg2Data.ax 2014-01-20 11:16 - 2011-07-29 17:06 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax 2014-01-20 11:16 - 2011-07-29 17:01 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll 2014-01-20 11:16 - 2011-07-29 17:01 - 00217088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax 2014-01-20 11:16 - 2011-07-29 17:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax 2014-01-20 11:16 - 2011-07-29 17:00 - 00057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax 2014-01-20 11:14 - 2013-08-01 05:10 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-01-20 11:14 - 2013-08-01 04:37 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-01-20 11:13 - 2013-10-30 03:10 - 02776064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-20 11:13 - 2013-09-04 03:31 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-01-20 11:13 - 2013-07-05 05:45 - 01423808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-01-20 11:13 - 2013-07-04 05:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2014-01-20 11:13 - 2013-07-04 05:13 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2014-01-20 11:13 - 2013-06-29 03:25 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-20 11:13 - 2013-06-29 03:25 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-20 11:13 - 2013-06-29 03:25 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-20 11:13 - 2013-06-29 03:25 - 00007552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-20 11:13 - 2013-06-27 00:00 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2014-01-20 11:13 - 2013-06-27 00:00 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys 2014-01-20 11:13 - 2013-06-27 00:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll 2014-01-20 11:13 - 2013-06-15 14:27 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll 2014-01-20 11:13 - 2013-06-15 12:38 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-01-20 11:13 - 2013-06-04 05:16 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2014-01-20 11:13 - 2013-06-04 05:16 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2014-01-20 11:13 - 2013-06-04 03:01 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2014-01-20 11:13 - 2013-06-04 02:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2014-01-20 11:13 - 2011-10-14 18:31 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll 2014-01-20 11:13 - 2011-10-14 18:27 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\mcicda.dll 2014-01-20 11:13 - 2011-10-14 18:27 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\mciwave.dll 2014-01-20 11:13 - 2011-10-14 18:27 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\mciseq.dll 2014-01-20 11:13 - 2011-10-14 17:03 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll 2014-01-20 11:13 - 2011-10-14 17:00 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mciseq.dll 2014-01-20 11:13 - 2011-05-05 15:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-20 11:13 - 2011-05-05 15:17 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-20 11:12 - 2013-10-30 05:34 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll 2014-01-20 11:12 - 2013-10-30 04:55 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2014-01-20 11:12 - 2013-10-30 03:33 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2014-01-20 11:12 - 2013-10-22 10:31 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2014-01-20 11:12 - 2013-10-22 08:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2014-01-20 11:12 - 2013-10-03 16:03 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-01-20 11:12 - 2013-10-03 13:46 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-01-20 11:12 - 2013-07-12 10:19 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys 2014-01-20 11:12 - 2013-03-08 05:18 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2014-01-20 11:12 - 2012-11-20 05:22 - 00204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-01-20 11:12 - 2012-11-20 05:21 - 00253952 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-01-20 11:12 - 2012-11-08 05:26 - 01570816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2014-01-20 11:12 - 2012-11-08 04:48 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2014-01-20 11:12 - 2012-11-02 11:45 - 00477696 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll 2014-01-20 11:12 - 2012-11-02 11:45 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll 2014-01-20 11:12 - 2012-11-02 11:18 - 00376320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll 2014-01-20 11:12 - 2012-11-02 09:59 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe 2014-01-20 11:12 - 2012-11-02 09:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe 2014-01-20 11:12 - 2012-08-21 12:50 - 00267648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys 2014-01-20 11:12 - 2012-06-29 17:20 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll 2014-01-20 11:12 - 2012-06-29 17:01 - 00467968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll 2014-01-20 11:12 - 2012-03-21 00:34 - 00072576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys 2014-01-20 11:12 - 2011-11-18 19:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-01-20 11:12 - 2011-11-18 18:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-01-20 11:12 - 2011-10-14 18:30 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll 2014-01-20 11:12 - 2011-10-14 17:02 - 00429056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll 2014-01-20 11:12 - 2011-06-15 17:16 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll 2014-01-20 11:12 - 2011-06-15 17:12 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll 2014-01-20 11:12 - 2010-05-04 20:40 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msshsq.dll 2014-01-20 11:12 - 2010-05-04 20:13 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshsq.dll 2014-01-20 10:52 - 2012-01-09 17:16 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll 2014-01-20 10:52 - 2012-01-09 16:54 - 00613376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll 2014-01-20 10:25 - 2012-06-02 23:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-01-20 10:25 - 2012-06-02 23:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-01-20 10:25 - 2012-06-02 23:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-01-20 10:25 - 2012-06-02 23:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-01-20 10:24 - 2012-06-02 23:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-01-20 10:24 - 2012-06-02 23:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-01-20 10:24 - 2012-06-02 23:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-01-20 10:24 - 2012-06-02 23:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-01-20 10:24 - 2012-06-02 23:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-01-20 10:24 - 2012-06-02 23:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-01-20 10:23 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-01-20 10:23 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-01-20 10:23 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-01-20 10:23 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe ==================== One Month Modified Files and Folders ======= 2014-02-19 11:30 - 2014-02-17 17:28 - 00000000 ____D () C:\Users\Regina\Desktop\FRST-OlderVersion 2014-02-19 11:30 - 2014-02-12 12:41 - 00006792 _____ () C:\Users\Regina\Desktop\FRST.txt 2014-02-19 11:30 - 2014-02-12 12:41 - 00000000 ____D () C:\FRST 2014-02-19 11:30 - 2014-02-12 12:39 - 02153472 _____ (Farbar) C:\Users\Regina\Desktop\FRST64.exe 2014-02-19 11:29 - 2014-01-24 20:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-19 11:26 - 2014-02-19 11:26 - 00000891 _____ () C:\Users\Regina\Desktop\checkup.txt 2014-02-19 11:21 - 2008-01-21 12:10 - 01565124 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-19 11:21 - 2008-01-21 12:09 - 00673502 _____ () C:\Windows\system32\perfh007.dat 2014-02-19 11:21 - 2008-01-21 12:09 - 00145482 _____ () C:\Windows\system32\perfc007.dat 2014-02-19 11:18 - 2008-01-21 02:53 - 01765292 _____ () C:\Windows\WindowsUpdate.log 2014-02-19 11:17 - 2014-02-19 11:17 - 00000000 ____D () C:\Users\Regina\Desktop\Trojaner_Board Sweet Page Entfernung 2014-02-19 11:15 - 2014-01-26 17:13 - 00000000 ___RD () C:\Users\Regina\Dropbox 2014-02-19 11:15 - 2014-01-26 17:08 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Dropbox 2014-02-19 11:14 - 2006-11-02 16:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-19 11:14 - 2006-11-02 16:22 - 00004576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-19 11:14 - 2006-11-02 16:22 - 00004576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-18 19:50 - 2006-11-02 16:42 - 00021636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-02-18 17:40 - 2014-02-18 17:40 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-02-18 17:34 - 2014-02-18 17:34 - 00987425 _____ () C:\Users\Regina\Desktop\SecurityCheck.exe 2014-02-18 17:33 - 2014-02-18 17:33 - 02347384 _____ (ESET) C:\Users\Regina\Desktop\esetsmartinstaller_enu.exe 2014-02-18 17:15 - 2014-01-17 15:52 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-18 17:14 - 2006-11-02 13:35 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-02-18 17:10 - 2014-01-17 17:43 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-02-17 17:01 - 2014-02-17 17:01 - 00000768 _____ () C:\Users\Regina\Desktop\JRT.txt 2014-02-17 16:50 - 2014-02-17 16:50 - 00000000 ____D () C:\Windows\ERUNT 2014-02-17 16:39 - 2014-02-17 16:27 - 00000000 ____D () C:\AdwCleaner 2014-02-17 16:39 - 2014-01-23 20:16 - 00000791 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-02-17 16:39 - 2014-01-17 11:10 - 00000907 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-02-17 16:39 - 2014-01-17 11:10 - 00000907 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2014-02-17 16:38 - 2014-02-17 16:38 - 00003747 _____ () C:\Users\Regina\Desktop\AdwCleaner[R0].txt 2014-02-17 16:27 - 2014-02-17 14:34 - 01241888 _____ () C:\Users\Regina\Desktop\adwcleaner.exe 2014-02-17 16:21 - 2014-02-17 16:21 - 01037530 _____ (Thisisu) C:\Users\Regina\Desktop\JRT.exe 2014-02-17 15:58 - 2014-01-20 11:33 - 00002088 _____ () C:\Windows\system32\spsys.log 2014-02-17 15:57 - 2008-01-21 04:26 - 00041218 _____ () C:\Windows\PFRO.log 2014-02-17 14:42 - 2014-02-17 14:42 - 00000948 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-17 14:42 - 2014-02-17 14:42 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Malwarebytes 2014-02-17 14:42 - 2014-02-17 14:42 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-17 14:42 - 2014-02-17 14:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-02-17 14:35 - 2014-02-17 14:35 - 01037530 _____ (Thisisu) C:\Users\Regina\Desktop\JRT.exe.part 2014-02-17 14:29 - 2014-02-17 14:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Regina\Desktop\mbam-setup-1.75.0.1300.exe 2014-02-16 18:40 - 2014-02-16 18:33 - 00018432 _____ () C:\Users\Regina\Desktop\Ausgaben Steffi+Regi_2014.xls 2014-02-16 18:34 - 2014-02-16 18:34 - 00031744 _____ () C:\Users\Regina\Desktop\Ausgaben Steffi+Regi_2013.xls 2014-02-16 12:08 - 2014-02-16 12:08 - 00018100 _____ () C:\ComboFix.txt 2014-02-16 12:08 - 2014-02-16 11:48 - 00000000 ____D () C:\Qoobox 2014-02-16 12:06 - 2014-02-16 11:47 - 00000000 ____D () C:\Windows\erdnt 2014-02-16 12:04 - 2006-11-02 13:34 - 00000215 _____ () C:\Windows\system.ini 2014-02-16 11:51 - 2014-02-16 11:47 - 00000000 ____D () C:\32788R22FWJFW 2014-02-16 11:47 - 2014-02-16 11:46 - 05183211 ____R (Swearware) C:\Users\Regina\Desktop\ComboFix.exe 2014-02-16 11:24 - 2014-02-06 14:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-14 11:22 - 2014-02-14 11:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-13 10:10 - 2014-01-20 14:46 - 01541636 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-02-13 10:03 - 2014-02-13 01:08 - 00055767 _____ () C:\Users\Regina\Downloads\7z920.exe 2014-02-13 01:08 - 2014-02-13 01:08 - 00000000 ____D () C:\Program Files (x86)\7-Zip 2014-02-12 14:45 - 2014-02-12 14:44 - 00414571 _____ () C:\Users\Regina\Desktop\gmer.txt.txt 2014-02-12 13:07 - 2014-02-12 13:07 - 00380416 _____ () C:\Users\Regina\Desktop\Gmer-19357.exe 2014-02-12 12:44 - 2014-02-12 12:43 - 00014496 _____ () C:\Users\Regina\Desktop\Addition.txt 2014-02-12 12:38 - 2014-02-12 12:37 - 00000474 _____ () C:\Users\Regina\Desktop\defogger_disable.log 2014-02-12 12:37 - 2014-02-12 12:37 - 00000000 _____ () C:\Users\Regina\defogger_reenable 2014-02-12 12:37 - 2014-01-17 11:09 - 00000000 ____D () C:\Users\Regina 2014-02-11 23:03 - 2014-02-11 23:03 - 00010506 _____ () C:\Users\Regina\Desktop\prefs.js 2014-02-11 15:29 - 2014-02-11 15:28 - 00277280 _____ () C:\Windows\Minidump\Mini021114-02.dmp 2014-02-11 15:28 - 2014-02-11 15:00 - 390989177 _____ () C:\Windows\MEMORY.DMP 2014-02-11 15:28 - 2014-02-11 15:00 - 00000000 ____D () C:\Windows\Minidump 2014-02-11 15:00 - 2014-02-11 15:00 - 00277256 _____ () C:\Windows\Minidump\Mini021114-01.dmp 2014-02-10 17:43 - 2014-02-10 17:43 - 00050477 _____ () C:\Users\Regina\Desktop\Defogger.exe 2014-02-06 14:29 - 2014-01-24 20:26 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-02-06 14:29 - 2014-01-24 20:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-02-06 14:29 - 2014-01-24 20:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-06 14:18 - 2014-02-06 14:18 - 00000000 ____D () C:\ProgramData\Mozilla 2014-02-06 14:18 - 2014-01-23 20:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-02-05 11:19 - 2014-02-13 10:20 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-05 11:02 - 2014-02-13 10:20 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-05 11:00 - 2014-02-13 10:20 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-05 10:54 - 2014-02-13 10:20 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-05 10:54 - 2014-02-13 10:20 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-05 10:52 - 2014-02-13 10:20 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-05 10:52 - 2014-02-13 10:20 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-02-05 10:52 - 2014-02-13 10:20 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-05 10:51 - 2014-02-13 10:20 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-05 10:51 - 2014-02-13 10:20 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-02-05 10:51 - 2014-02-13 10:20 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-05 10:51 - 2014-02-13 10:20 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-05 10:51 - 2014-02-13 10:20 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-05 10:50 - 2014-02-13 10:20 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-05 10:50 - 2014-02-13 10:20 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-05 10:50 - 2014-02-13 10:20 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-02-05 09:58 - 2014-02-13 10:20 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-05 09:56 - 2014-02-13 10:20 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-05 09:53 - 2014-02-13 10:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-05 09:51 - 2014-02-13 10:20 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-05 09:50 - 2014-02-13 10:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-05 09:49 - 2014-02-13 10:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-02-05 09:49 - 2014-02-13 10:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-02-05 09:48 - 2014-02-13 10:20 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-05 09:48 - 2014-02-13 10:20 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-02-05 09:48 - 2014-02-13 10:20 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-02-05 09:48 - 2014-02-13 10:20 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-02-05 09:48 - 2014-02-13 10:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-05 09:47 - 2014-02-13 10:20 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-05 09:47 - 2014-02-13 10:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-05 09:47 - 2014-02-13 10:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-02-05 09:46 - 2014-02-13 10:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-02-04 18:32 - 2014-01-23 20:46 - 00000000 ____D () C:\Users\Regina\AppData\Local\Thunderbird 2014-02-02 19:41 - 2014-01-24 22:01 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\vlc 2014-02-02 19:40 - 2014-02-02 19:40 - 00000000 ____D () C:\Users\Regina\Desktop\Bilder 2014 2014-02-02 19:35 - 2006-11-02 16:27 - 00090574 _____ () C:\Windows\setupact.log 2014-02-02 14:37 - 2014-01-26 17:45 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Skype 2014-01-31 18:15 - 2014-01-28 21:33 - 00000000 ____D () C:\Users\Regina\Desktop\Jobs 2014-01-30 23:35 - 2014-01-24 20:08 - 00000000 ____D () C:\ProgramData\Adobe 2014-01-29 21:59 - 2014-01-28 22:45 - 00000000 ___RD () C:\Users\Regina\Desktop\Projekte 2014-01-29 21:59 - 2014-01-28 21:45 - 00000000 ___RD () C:\Users\Regina\Desktop\Freizeit 2014-01-29 12:25 - 2014-01-29 12:25 - 00000000 ___HD () C:\ProgramData\CanonBJ 2014-01-29 00:17 - 2014-01-28 23:04 - 00000000 ___RD () C:\Users\Regina\Desktop\Fotos_Videos_ReginaBerthold_2005-2014 2014-01-28 22:58 - 2014-01-28 22:57 - 00000000 ____D () C:\Users\Regina\Desktop\Uni BA MA 2014-01-28 22:56 - 2014-01-28 22:56 - 00003584 _____ () C:\Users\Regina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-28 22:56 - 2014-01-28 22:56 - 00000000 ____D () C:\Users\Regina\Desktop\Ungeordnete Dateien Regina 2014-01-28 22:53 - 2014-01-28 22:46 - 00000000 ____D () C:\Users\Regina\Desktop\Musik von Regina 2014-01-28 21:34 - 2014-01-28 21:34 - 00000000 ____D () C:\Users\Regina\Desktop\Bewerbung 2014-01-27 10:57 - 2014-01-17 11:10 - 00000000 ___RD () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-26 17:45 - 2014-01-26 17:45 - 00000000 ____D () C:\Users\Regina\AppData\Local\Skype 2014-01-26 17:44 - 2014-01-26 17:44 - 00001892 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-01-26 17:44 - 2014-01-26 17:44 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-01-26 17:44 - 2014-01-26 17:44 - 00000000 ____D () C:\ProgramData\Skype 2014-01-26 17:43 - 2014-01-26 17:42 - 35671200 _____ (Skype Technologies S.A.) C:\Users\Regina\Downloads\SkypeSetupFull.exe 2014-01-26 17:17 - 2014-01-24 20:10 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Adobe 2014-01-26 17:17 - 2014-01-24 20:00 - 00000000 ____D () C:\Users\Regina\AppData\Local\Adobe 2014-01-26 17:13 - 2014-01-26 17:13 - 00000942 _____ () C:\Users\Regina\Desktop\Dropbox.lnk 2014-01-26 17:13 - 2014-01-26 17:11 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\DropboxMaster 2014-01-26 17:11 - 2014-01-26 17:11 - 00000000 ____D () C:\Program Files (x86)\Dropbox 2014-01-26 17:10 - 2014-01-26 17:10 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-01-26 17:06 - 2014-01-26 17:05 - 37660568 _____ (Dropbox, Inc.) C:\Users\Regina\Downloads\Dropbox 2.6.2.exe 2014-01-26 13:15 - 2014-01-26 13:15 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\0F1F1C2Y1H1P1C0I0T 2014-01-26 13:14 - 2014-01-26 13:13 - 00437118 _____ () C:\Users\Regina\AppData\Local\dd_vcredistMSI4E0F.txt 2014-01-26 13:14 - 2014-01-26 13:13 - 00012072 _____ () C:\Users\Regina\AppData\Local\dd_vcredistUI4E0F.txt 2014-01-26 13:13 - 2006-11-02 14:33 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-01-26 13:11 - 2014-01-26 13:12 - 00608840 _____ () C:\Users\Regina\Downloads\adblock-plus.xpi 2014-01-24 21:49 - 2014-01-24 21:49 - 00000901 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-01-24 21:49 - 2014-01-24 21:49 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2014-01-24 21:39 - 2014-01-24 21:38 - 24097311 _____ () C:\Users\Regina\Downloads\vlc-2.1.2-win32.exe 2014-01-24 20:10 - 2014-01-24 20:10 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Macromedia 2014-01-24 20:10 - 2014-01-24 20:10 - 00000000 ____D () C:\Users\Regina\AppData\Local\Macromedia 2014-01-24 20:09 - 2014-01-24 20:09 - 00001922 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk 2014-01-24 20:09 - 2014-01-24 20:09 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-01-24 20:02 - 2014-01-24 20:02 - 00000000 ____D () C:\Windows\SysWOW64\Macromed 2014-01-24 20:02 - 2014-01-24 20:02 - 00000000 ____D () C:\Windows\system32\Macromed 2014-01-24 01:24 - 2014-01-17 17:43 - 00001829 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-01-24 01:23 - 2014-01-17 17:42 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-01-24 01:23 - 2014-01-17 17:42 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-01-24 01:23 - 2014-01-17 17:42 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-01-24 01:23 - 2014-01-17 17:42 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-01-24 01:23 - 2014-01-17 17:42 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2014-01-24 01:23 - 2014-01-17 17:42 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2014-01-24 01:23 - 2014-01-17 17:42 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-01-23 21:02 - 2014-01-23 21:02 - 00001003 _____ () C:\Users\Regina\Documents\MailShield.der 2014-01-23 20:46 - 2014-01-23 20:46 - 00001844 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk 2014-01-23 20:46 - 2014-01-23 20:46 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Thunderbird 2014-01-23 20:18 - 2014-01-23 20:17 - 21981704 _____ (Mozilla) C:\Users\Regina\Downloads\Thunderbird Setup 24.2.0.exe 2014-01-23 20:16 - 2014-01-23 20:16 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Mozilla 2014-01-23 20:16 - 2014-01-23 20:16 - 00000000 ____D () C:\Users\Regina\AppData\Local\Mozilla 2014-01-20 16:09 - 2014-01-20 16:09 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\LibreOffice 2014-01-20 15:06 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\rescache 2014-01-20 14:04 - 2014-01-20 14:04 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-01-20 14:01 - 2006-11-02 16:21 - 00290832 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-01-20 13:58 - 2014-01-20 13:58 - 00000000 ____D () C:\Windows\SysWOW64\spool 2014-01-20 13:58 - 2014-01-20 13:58 - 00000000 ____D () C:\Program Files\Windows Portable Devices 2014-01-20 13:58 - 2014-01-20 13:58 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices 2014-01-20 13:58 - 2006-11-02 16:07 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer 2014-01-20 13:58 - 2006-11-02 16:07 - 00000000 ____D () C:\Program Files\Windows Journal 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\uk-UA 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\th-TH 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\sr-Latn-CS 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\sl-SI 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\ro-RO 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\lv-LV 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\lt-LT 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\hr-HR 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\he-IL 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\et-EE 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\zh-HK 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\uk-UA 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\tr-TR 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\th-TH 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\sl-SI 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\sk-SK 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\ro-RO 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\lv-LV 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\lt-LT 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\hr-HR 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\he-IL 2014-01-20 13:58 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\et-EE 2014-01-20 13:58 - 2006-11-02 14:33 - 00000000 ___RD () C:\Windows\Offline Web Pages 2014-01-20 13:58 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\system32\bg-BG 2014-01-20 13:58 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\system32\ar-SA 2014-01-20 13:58 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-01-20 13:58 - 2006-11-02 14:33 - 00000000 ____D () C:\Program Files\Common Files\System 2014-01-20 13:57 - 2014-01-20 13:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_07_00.Wdf 2014-01-20 12:21 - 2014-01-20 12:16 - 00004287 _____ () C:\Windows\IE9_main.log 2014-01-20 12:20 - 2014-01-20 12:20 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2014-01-20 12:20 - 2014-01-20 12:20 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-01-20 12:20 - 2014-01-20 12:20 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-01-20 12:20 - 2014-01-20 12:20 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-01-20 12:20 - 2014-01-20 12:20 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\advpack.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-01-20 12:20 - 2014-01-20 12:20 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-01-20 12:20 - 2014-01-20 12:20 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-01-20 12:20 - 2014-01-20 12:20 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-01-20 12:20 - 2014-01-20 12:20 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-01-20 12:20 - 2006-11-02 13:16 - 00008798 _____ () C:\Windows\SysWOW64\icrav03.rat 2014-01-20 12:20 - 2006-11-02 13:16 - 00001988 _____ () C:\Windows\SysWOW64\ticrf.rat 2014-01-20 12:20 - 2006-11-02 07:36 - 00008798 _____ () C:\Windows\system32\icrav03.rat 2014-01-20 12:20 - 2006-11-02 07:36 - 00001988 _____ () C:\Windows\system32\ticrf.rat 2014-01-20 12:18 - 2014-01-20 12:18 - 03548672 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 03068416 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 01554432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsservices.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\MFH264Dec.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 01075712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 01032192 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe 2014-01-20 12:18 - 2014-01-20 12:18 - 00979456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFH264Dec.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00847360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00625152 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00586240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00428544 _____ (Microsoft Corporation) C:\Windows\system32\MFHEAACdec.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4src.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv 2014-01-20 12:18 - 2014-01-20 12:18 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFHEAACdec.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00345088 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00302592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4src.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00258048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv 2014-01-20 12:18 - 2014-01-20 12:18 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00135680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelineprxy.dll 2014-01-20 12:18 - 2014-01-20 12:18 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-01-20 12:17 - 2014-01-20 12:17 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00449024 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00369664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\dxdiag.exe 2014-01-20 12:17 - 2014-01-20 12:17 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\dxdiagn.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiag.exe 2014-01-20 12:17 - 2014-01-20 12:17 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiagn.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00189440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll 2014-01-20 10:15 - 2014-01-17 11:10 - 00062768 _____ () C:\Users\Regina\AppData\Local\GDIPFONTCACHEV1.DAT 2014-01-20 10:14 - 2014-01-17 11:09 - 00000915 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk Some content of TEMP: ==================== C:\Users\Regina\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpy7zz0h.dll C:\Users\Regina\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-19 11:20 ==================== End Of Log ============================ --- --- --- --- --- --- Hallo Schrauber, vielen Dank für deine Hilfe bisher. Die Sweet Page ist nun zum Glück beim Öffnen des Firefox nicht mehr da! Ein Problem ibesteht leider noch: Beim Öffnen eines neuen leeren Tabs steht folgendes in der Adresszeile oben: chrome://lightning/content/newtab.html Da weiß ich absolut nicht was das bedeuten soll. Ich verwende auc gar kein Chrome. Gibt es da noch einen Weg das wegzubekommen? Viele Grüße |
Themen zu Sweet Page nicht entfernbar |
adobe, adresszeile, einstellungen, entfernen, firefox, folge, folgendes, gesucht, laptop, logfiles, neu, neue, neuen, player, problem, programme, seite, system, version, virus, vista, vlc player, windows, windows vista, öffnet |