Malsign.Dailytools.3A7

cosinus · 25.08.2014, 21:39

Kannst du sehen was gefunden worden ist von MBAM? Wenn ja bitte posten

Und ich hab da leider auch eine unschöne nachricht für dich, offensichtlich hab ich übersehen, dass dein System mit einem besonderen Schädling infiziert bist, nennt sich Mediyes, hatte ich leider nicht rechtzeitig aufm Schirm und somit den Dienst dnscache gekillt. Teil mir bitte mit ob du Probleme beim Internetzugang (mailen, surfen etc. pp.) hast.

Gast1234 · 26.08.2014, 13:53

Habe das Ergebnis des MBAM angepinnt, anders ging es nicht.

Und was bedeutet der besondere Schädling für mich?
Ich habe keine neueren Probleme mit dem Internet,
es ist nur schon seit Monaten so, dass sich der Rechner immer beim browsen aufhängt (keine Rückmeldung) und es ewig dauert bis es weiter geht.
Aber jetzt aktuell kamen keine Probelem dazu, kann ganz normal surfen etc.
Soll ich den ESET Scan nun machen oder lieber nicht?

Danke
LG

Gast1234 · 26.08.2014, 13:54

MBAM:

cosinus · 26.08.2014, 21:54

Soll dieses Tycoon-Zeug ein NoCD Crack sein?

Gast1234 · 27.08.2014, 15:39

Hallo,

ja das kann sein, das hat mir vor Jahren mal ein Bekannter drauf gemacht, weil das Netbook kein CD-Laufwerk hat, aber ich habe es nie genutzt.

LG

cosinus · 27.08.2014, 15:51

Runter mit dem Scheiß. Windows rebooten, ESET ausführen.

Gast1234 · 27.08.2014, 17:48

Okay, mach ich. Hier schonmal das erste Ergebnis von ESET

Code:

ATTFilter

C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir	Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
C:\Users\Lara\Downloads\FreeYouTubeToMP3Converter.exe	Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
C:\Users\Lara\Downloads\FreeYouTubeToMP3Converter31013.exe	Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
C:\Users\Lara\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager.exe	Variante von Win32/InstallCore.QH evtl. unerwünschte Anwendung
C:\Users\Lara\Downloads\vlc-1.1.9-win32.exe	Win32/StartPage.OIE Trojaner

cosinus · 28.08.2014, 11:22

Downloadordner mal aufräumen. Und Setups nicht von irgendein shice Seite runterladen, immer vom Hersteller bzw unserer Seite => FilePony.de

TFC - Temp File Cleaner

Lade dir

TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.

Öffne die TFC.exe.
Vista und Win 7 User mit Rechtsklick "als Administrator starten".
Schließe alle anderen Programme.
Drücke auf den Button Start.
Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ist aber nur optional. Um Usertracking zu verhindern kann man gut die Firefox-Erweiterung Ghostery verwenden.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Gast1234 · 28.08.2014, 12:52

Hallo, also beim 2. ESET Scan wurde wohl noch mehr gefunden:

Code:

ATTFilter

C:\$RECYCLE.BIN\S-1-5-21-1908887682-808319941-1047621281-1000\$ROZTM1A.exe	Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1908887682-808319941-1047621281-1000\$RS1ZHDO.exe	Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir	Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
C:\Users\Lara\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120104201714987.rsc	Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung
C:\Users\Lara\Downloads\avira_free_antivirus.exe	Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung
C:\Users\Lara\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager.exe	Variante von Win32/InstallCore.QH evtl. unerwünschte Anwendung
C:\Users\Lara\Downloads\vlc-1.1.9-win32.exe	Win32/StartPage.OIE Trojaner
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YA5ZZ8EN\ApnIC[1].0	Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung

Ich werde dann jetzt den TFC starten.
Was ist nun mit dem Mediyes-Virus? Habe bei ESET ja nur scannen und nicht entfernen lassen.
Beim Surfen hab ich immer den AdblockPlus und Cookie Blocker.
Downloads mach ich wenn dann von chip.de, ist das schlecht?
Nach wie vor ist der Rechner etwas lahm, obwohl die Festplatte nur zu einem Drittel belegt ist und der Arbeitsspeicher auch nicht ausgelastet ist. Meist fällt es beim browsen auf, doch auch wenn ich andere Programme wie Word oder Systemsteuerung öffne, braucht er elendig lange um es zu laden.

Tausend Dank bis hierher.
LG

cosinus · 28.08.2014, 12:58

Und du solltest deinen Downloadordner leeren

Zitat:

Downloads mach ich wenn dann von chip.de, ist das schlecht?

Weil Chip mittlerweile auch Adware bundlet

Gast1234 · 28.08.2014, 13:05

Jap,
Downloadordner ist leer und TFC ausgeführt.
Bin ich nun "clean" ?

LG

cosinus · 28.08.2014, 13:07

Was ist denn noch an Problemen offen?

Für deinen langsamen Rechner => http://www.trojaner-board.de/71631-p...tml#post425616

Gast1234 · 28.08.2014, 13:10

Naja der Mediyes-Virus wurde doch bisher nur erkannt und nicht entfernt oder?

cosinus · 28.08.2014, 14:25

Na, mal sehen was da noch ist, hab nämlich den Eindruck, dass da schon etwas entfernt wurde bevor du dich hier angemeldet hast.

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).

Starte bitte die OTL.exe.
Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
Setze einen Haken bei Scanne alle Benutzer.
Unter Extra Registry, wähle bitte Use SafeList.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers /64
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S /64
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S /64
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost /64
HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com
HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com /64
%SystemRoot%\system32\*.tsp
%SystemRoot%\system32\*.tsp /64
C:\Windows\system32\*.dll /800
C:\Windows\system32\*.dll /800 /64 
CREATERESTOREPOINT

Schließe bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Scan Button.
Am Ende des Suchlaufs werden 2 Logdateien erstellt.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Gast1234 · 29.08.2014, 13:25

Nee, ich hab eigentlich nur das mir AVG anfangs gezeigt hat dann entfernt, aber das kam ja immer wieder. Sonst habe ich nix gemacht. Werde den anderen Scan aber noch machen.
LG

Code:

ATTFilter

OTL logfile created on: 29.08.2014 13:34:59 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lara\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,09 Mb Total Physical Memory | 386,70 Mb Available Physical Memory | 38,17% Memory free
1,99 Gb Paging File | 1,00 Gb Available in Paging File | 50,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 215,79 Gb Total Space | 132,11 Gb Free Space | 61,22% Space Free | Partition Type: NTFS
Drive D: | 4,00 Gb Total Space | 3,94 Gb Free Space | 98,58% Space Free | Partition Type: NTFS
 
Computer Name: LARASACER | User Name: Lara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014.08.28 20:09:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lara\Desktop\OTL.exe
PRC - [2014.08.11 14:51:00 | 003,244,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2014\avgidsagent.exe
PRC - [2014.08.11 14:49:02 | 000,846,864 | ---- | M] (AVG Technologies CZ, s.r.o.) -- c:\Programme\AVG\AVG2014\avgrsx.exe
PRC - [2014.08.11 14:45:50 | 000,643,088 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2014\avgcsrvx.exe
PRC - [2014.08.11 14:42:36 | 000,838,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2014\avgnsx.exe
PRC - [2014.08.11 14:42:34 | 005,187,088 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2014\avgui.exe
PRC - [2014.08.11 14:41:40 | 000,657,936 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2014\avgemcx.exe
PRC - [2014.08.11 14:36:28 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2014\avgwdsvc.exe
PRC - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.06.26 19:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013.06.26 19:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013.04.22 10:02:06 | 000,822,504 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.08.10 11:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\dsiwmis.exe
PRC - [2010.08.10 11:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LMworker.exe
PRC - [2010.06.11 15:28:06 | 000,715,296 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2010.06.11 15:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2010.06.11 15:27:54 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerEvent.exe
PRC - [2010.06.09 19:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010.06.08 19:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Registration\GREGsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.06.09 19:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Programme\Launch Manager\CdDirIo.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014.08.20 14:11:21 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.08.11 14:51:00 | 003,244,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014.08.11 14:36:28 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2014.07.30 14:26:18 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.10.23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.06.26 19:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013.06.26 19:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013.05.27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013.04.22 10:02:06 | 000,822,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Programme\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.06.11 15:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.06.08 19:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Programme\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Registration\GREGsvc.exe -- (GREGService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\L1C62x86.sys -- (L1C)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Lara\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2014.06.30 12:43:12 | 000,121,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2014.06.17 16:22:02 | 000,188,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2014.06.17 16:21:22 | 000,197,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2014.06.17 16:18:00 | 000,241,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2014.06.17 16:17:58 | 000,147,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2014.06.17 16:06:40 | 000,199,960 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2014.06.17 16:06:24 | 000,098,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2014.06.17 16:06:22 | 000,027,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2014.06.17 16:06:20 | 000,021,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2014.01.23 05:20:56 | 000,153,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2014.01.23 05:20:56 | 000,136,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2014.01.23 05:20:56 | 000,130,248 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2014.01.23 05:20:56 | 000,017,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2013.10.02 02:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2013.06.26 19:23:04 | 000,020,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2013.06.26 19:23:00 | 000,197,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2013.06.26 19:23:00 | 000,024,232 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2013.06.26 19:22:58 | 000,583,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.07.15 23:57:36 | 001,906,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010.06.17 08:50:38 | 000,082,768 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.06.03 04:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2009.06.03 04:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009.06.03 04:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;www.joosoft.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8897;https=127.0.0.1:8897
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;www.joosoft.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8897;https=127.0.0.1:8897
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1908887682-808319941-1047621281-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1908887682-808319941-1047621281-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1908887682-808319941-1047621281-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1908887682-808319941-1047621281-1000\..\SearchScopes\{891675E3-89A4-4910-A5B8-2EF8AECF6854}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1908887682-808319941-1047621281-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1908887682-808319941-1047621281-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;www.joosoft.com
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\Lara\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2012.08.02 23:08:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lara\AppData\Roaming\mozilla\Extensions
[2014.07.24 19:48:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lara\AppData\Roaming\mozilla\Firefox\Profiles\pjgxkiv3.default-1384465885983\extensions
[2014.07.24 19:48:27 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\Lara\AppData\Roaming\mozilla\firefox\profiles\pjgxkiv3.default-1384465885983\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014.07.30 14:25:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2014.07.30 14:26:25 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - plugin: Error reading preferences file
CHR - Extension: YouTube = C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1908887682-808319941-1047621281-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1908887682-808319941-1047621281-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lara\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE95E6C1-AB67-4F53-ADCB-E41A5DB92394}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.08.28 20:09:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lara\Desktop\OTL.exe
[2014.08.28 14:49:36 | 002,352,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014.08.25 21:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014.08.25 19:53:03 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014.08.25 19:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
[2014.08.25 19:52:16 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014.08.25 19:52:16 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014.08.25 19:52:16 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014.08.25 19:52:15 | 000,000,000 | ---D | C] -- C:\Program Files\ Malwarebytes Anti-Malware 
[2014.08.25 19:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014.08.25 19:50:24 | 000,000,000 | ---D | C] -- C:\Users\Lara\AppData\Local\Programs
[2014.08.25 13:05:29 | 000,000,000 | ---D | C] -- C:\Users\Lara\AppData\Local\Adobe
[2014.08.22 21:08:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014.08.22 20:43:18 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014.08.22 20:38:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.08.22 14:11:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014.08.22 13:28:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014.08.22 13:28:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014.08.22 13:28:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014.08.22 13:26:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014.08.22 13:25:34 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014.08.21 15:18:20 | 000,000,000 | ---D | C] -- C:\FRST
[2014.08.20 14:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014.08.15 13:00:37 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2014.08.15 13:00:32 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2014.08.15 13:00:18 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2014.08.15 13:00:08 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2014.08.13 14:00:22 | 000,219,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2014.08.13 14:00:22 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2014.08.13 14:00:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014.08.13 13:59:42 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2014.08.13 13:59:42 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2014.08.13 13:59:42 | 000,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2014.08.13 13:59:16 | 001,810,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014.08.13 13:59:16 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014.08.13 13:59:15 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014.08.13 13:59:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014.08.13 13:59:00 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2014.08.13 13:59:00 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2014.08.13 13:58:59 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014.08.13 13:58:57 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014.08.13 13:58:56 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014.08.13 13:58:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014.08.13 13:58:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014.08.13 13:58:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014.08.13 13:58:16 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTAT.DLL
[2014.08.13 13:58:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDRU.DLL
[2014.08.13 13:58:15 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDYAK.DLL
[2014.08.13 13:58:15 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDRU1.DLL
[2014.08.13 13:58:15 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBASH.DLL
[2014.08.01 12:47:14 | 000,045,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2014.08.01 12:47:13 | 002,425,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2014.08.01 12:46:42 | 000,581,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2014.08.01 12:46:42 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2014.08.01 12:46:42 | 000,036,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2014.08.01 12:45:32 | 000,179,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2014.08.01 12:45:32 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2014.07.30 14:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2014.08.29 13:30:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.08.29 13:16:44 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.08.29 03:33:52 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.08.29 03:33:52 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.08.29 03:24:40 | 000,287,224 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014.08.29 03:22:26 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys
[2014.08.28 20:09:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lara\Desktop\OTL.exe
[2014.08.28 14:03:09 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014.08.23 02:42:53 | 002,352,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014.08.20 14:11:21 | 000,699,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014.08.20 14:11:21 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2014.08.22 13:28:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014.08.22 13:28:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014.08.22 13:28:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014.08.22 13:28:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014.08.22 13:28:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.18 19:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.04.18 19:06:46 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013.04.18 19:06:46 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013.04.18 19:06:46 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013.04.18 19:06:46 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.01.11 13:33:20 | 000,006,144 | ---- | C] () -- C:\Users\Lara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.17 09:19:26 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.06.25 03:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
< HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers >
"ProviderID0" = 1
"ProviderID1" = 2
"ProviderID2" = 3
"ProviderID3" = 4
"NextProviderID" = 7
"ProviderFileName0" = unimdm.tsp -- [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation)
"ProviderFileName1" = kmddsp.tsp -- [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation)
"ProviderFileName2" = ndptsp.tsp -- [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation)
"ProviderFileName3" = hidphone.tsp -- [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation)
"NumProviders" = 5
"ProviderID4" = 6
"ProviderFilename4" = incvclor0.tsp
 
< HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers /64 >
"ProviderID0" = 1
"ProviderID1" = 2
"ProviderID2" = 3
"ProviderID3" = 4
"NextProviderID" = 7
"ProviderFileName0" = unimdm.tsp -- [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation)
"ProviderFileName1" = kmddsp.tsp -- [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation)
"ProviderFileName2" = ndptsp.tsp -- [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation)
"ProviderFileName3" = hidphone.tsp -- [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation)
"NumProviders" = 5
"ProviderID4" = 6
"ProviderFilename4" = incvclor0.tsp
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S /64 >
"DisplayName" = @%systemroot%\system32\wkssvc.dll,-100
"Group" = NetworkProvider
"ImagePath" = %SystemRoot%\System32\svchost.exe -k NetworkService -- [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\wkssvc.dll,-101
"ObjectName" = NT AUTHORITY\NetworkService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = BowserMRxSmb10MRxSmb20NSI [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeImperson [Binary data over 200 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00  [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage]
"Bind" = \Device\Smb_Tcpip_{BC61CEF9-6D33-4 [Binary data over 200 bytes]
"Route" = "Smb" "Tcpip" "{BC61CEF9-6D33-4CF9 [Binary data over 200 bytes]
"Export" = \Device\LanmanWorkstation_Smb_Tcpi [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\NetworkProvider]
"DeviceName" = \Device\LanmanRedirector
"Name" = Microsoft Windows Network
"DisplayName" = @%systemroot%\system32\wkssvc.dll,-102
"ProviderPath" = %SystemRoot%\System32\ntlanman.dll -- [2010.11.20 14:20:46 | 000,069,120 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]
"ServiceDll" = %SystemRoot%\System32\wkssvc.dll -- [2010.11.20 14:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"EnablePlainTextPassword" = 0
"EnableSecuritySignature" = 1
"RequireSecuritySignature" = 0
"OtherDomains" =  [binary data]
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S /64 >
 
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost >
"RPCSS" = RpcEptMapperRpcSs [binary data]
"defragsvc" = defragsvc [binary data] -- [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation)
"LocalSystemNetworkRestricted" = UxSmsWdiSystemHostNetmantrkwks [Binary data over 200 bytes]
"LocalService" = nsiWdiServiceHostw32timeEventSy [Binary data over 200 bytes]
"netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes]
"WerSvcGroup" = wersvc [binary data] -- [2009.07.14 03:16:18 | 000,065,024 | ---- | M] (Microsoft Corporation)
"LocalServiceNoNetwork" = DPSPLABFEmpssvcWwanSvc [binary data]
"termsvcs" = TermService [binary data]
"swprv" = swprv [binary data] -- [2009.07.14 03:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation)
"LocalServiceNetworkRestricted" = DHCPeventlogAudioSrvBthHFSrvLm [Binary data over 200 bytes]
"LocalServicePeerNet" = PNRPSvcp2pimsvcp2psvcPnrpAutoReg [binary data]
"NetworkServiceAndNoImpersonation" = KtmRm [binary data]
"regsvc" = RemoteRegistry [binary data]
"LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSfdre [Binary data over 200 bytes]
"DcomLaunch" = PowerPlugPlayDcomLaunch [binary data]
"NetworkServiceNetworkRestricted" = PolicyAgent [binary data]
"NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes]
"sdrsvc" = sdrsvc [binary data] -- [2010.11.20 14:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation)
"WbioSvcGroup" = WbioSrvc [binary data] -- [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation)
"imgsvc" = StiSvc [binary data]
"wcssvc" = WcsPlugInService [binary data] -- [2009.07.14 03:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation)
"AxInstSVGroup" = AxInstSV [binary data] -- [2010.11.20 14:18:06 | 000,088,064 | ---- | M] (Microsoft Corporation)
"secsvcs" = WinDefend [binary data]
"bthsvcs" = bthserv [binary data] -- [2009.07.14 03:15:00 | 000,064,512 | ---- | M] (Microsoft Corporation)
"Update-Service-Installer-Service" = Update-Service-Installer-Service [binary data]
"GPSvcGroup" = GPSvc [binary data] -- [2010.11.20 14:19:09 | 000,593,408 | ---- | M] (Microsoft Corporation)
"DailytoolsInstallerService" = DailytoolsInstallerService [binary data]
"DailytoolsUpdateService" = DailytoolsUpdateService [binary data]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\AxInstSVGroup]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\defragsvc]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\GPSvcGroup]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkService]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\SDRSVC]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\swprv]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wcssvc]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wercplsupport]
 
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost /64 >
"RPCSS" = RpcEptMapperRpcSs [binary data]
"defragsvc" = defragsvc [binary data] -- [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation)
"LocalSystemNetworkRestricted" = UxSmsWdiSystemHostNetmantrkwks [Binary data over 200 bytes]
"LocalService" = nsiWdiServiceHostw32timeEventSy [Binary data over 200 bytes]
"netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes]
"WerSvcGroup" = wersvc [binary data] -- [2009.07.14 03:16:18 | 000,065,024 | ---- | M] (Microsoft Corporation)
"LocalServiceNoNetwork" = DPSPLABFEmpssvcWwanSvc [binary data]
"termsvcs" = TermService [binary data]
"swprv" = swprv [binary data] -- [2009.07.14 03:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation)
"LocalServiceNetworkRestricted" = DHCPeventlogAudioSrvBthHFSrvLm [Binary data over 200 bytes]
"LocalServicePeerNet" = PNRPSvcp2pimsvcp2psvcPnrpAutoReg [binary data]
"NetworkServiceAndNoImpersonation" = KtmRm [binary data]
"regsvc" = RemoteRegistry [binary data]
"LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSfdre [Binary data over 200 bytes]
"DcomLaunch" = PowerPlugPlayDcomLaunch [binary data]
"NetworkServiceNetworkRestricted" = PolicyAgent [binary data]
"NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes]
"sdrsvc" = sdrsvc [binary data] -- [2010.11.20 14:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation)
"WbioSvcGroup" = WbioSrvc [binary data] -- [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation)
"imgsvc" = StiSvc [binary data]
"wcssvc" = WcsPlugInService [binary data] -- [2009.07.14 03:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation)
"AxInstSVGroup" = AxInstSV [binary data] -- [2010.11.20 14:18:06 | 000,088,064 | ---- | M] (Microsoft Corporation)
"secsvcs" = WinDefend [binary data]
"bthsvcs" = bthserv [binary data] -- [2009.07.14 03:15:00 | 000,064,512 | ---- | M] (Microsoft Corporation)
"Update-Service-Installer-Service" = Update-Service-Installer-Service [binary data]
"GPSvcGroup" = GPSvc [binary data] -- [2010.11.20 14:19:09 | 000,593,408 | ---- | M] (Microsoft Corporation)
"DailytoolsInstallerService" = DailytoolsInstallerService [binary data]
"DailytoolsUpdateService" = DailytoolsUpdateService [binary data]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\AxInstSVGroup]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\defragsvc]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\GPSvcGroup]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkService]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\SDRSVC]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\swprv]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wcssvc]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wercplsupport]
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com >
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com\UpdateClient]
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com /64 >
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com\UpdateClient]
 
< %SystemRoot%\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
 
< %SystemRoot%\system32\*.tsp /64 >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
 
< C:\Windows\system32\*.dll /800 >
[2014.03.04 11:17:05 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\adprovider.dll
[2013.08.29 03:48:17 | 000,640,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\advapi32.dll
[2014.05.09 09:04:12 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\aeinv.dll
[2014.05.09 09:06:23 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\aepdu.dll
[2013.08.02 03:48:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
[2013.08.02 03:48:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
[2013.08.02 03:48:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
[2013.08.02 03:48:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
[2013.08.02 03:48:15 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 03:48:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
[2013.08.02 03:48:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
[2013.08.02 03:48:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.08.02 03:48:15 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
[2013.08.02 03:48:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
[2013.08.02 03:48:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.08.02 02:43:05 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
[2013.08.02 02:43:05 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
[2013.08.02 02:43:05 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.13 23:16:42 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.01.13 23:12:46 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.01.13 23:17:02 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.01.13 23:11:08 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.01.13 23:11:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.01.13 23:17:03 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.01.13 23:11:07 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.01.13 23:11:21 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.01.13 23:11:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
[2013.08.02 02:43:05 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
[2013.02.27 06:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\appinfo.dll
[2013.09.11 22:21:54 | 000,028,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\aspnet_counters.dll
[2012.11.06 01:20:50 | 000,168,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\atl110.dll
[2013.06.06 05:01:38 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\atmfd.dll
[2013.06.06 05:01:26 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\system32\atmlib.dll
[2014.06.03 11:29:40 | 001,805,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\authui.dll
[2012.07.04 23:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browcli.dll
[2012.07.04 23:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browser.dll
[2014.03.04 11:17:06 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\capiprovider.dll
[2014.06.16 03:40:20 | 000,107,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cdd.dll
[2013.05.13 05:08:06 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\certenc.dll
[2013.04.18 19:06:46 | 000,974,848 | ---- | M] () -- C:\Windows\system32\cis-2.4.dll
[2014.03.04 11:17:07 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cngprovider.dll
[2013.07.04 13:50:56 | 000,530,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\comctl32.dll
[2014.05.30 09:52:30 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\credssp.dll
[2013.10.04 03:56:25 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\credui.dll
[2013.10.05 21:57:25 | 001,168,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\crypt32.dll
[2013.05.10 05:20:54 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptdlg.dll
[2013.07.09 06:46:31 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptnet.dll
[2013.07.09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptsvc.dll
[2013.03.19 06:48:45 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\csrsrv.dll
[2013.11.26 10:16:50 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d2d1.dll
[2013.01.13 21:46:25 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10.dll
[2013.01.13 22:08:43 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10core.dll
[2013.01.13 21:54:01 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10level9.dll
[2013.12.25 01:09:41 | 001,987,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10warp.dll
[2013.01.13 21:48:47 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1.dll
[2013.01.13 22:09:00 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1core.dll
[2013.04.26 01:30:32 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d11.dll
[2013.07.04 13:51:04 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\davclnt.dll
[2013.06.06 06:50:56 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dciman32.dll
[2013.04.18 19:06:08 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\system32\dgderapi.dll
[2012.10.09 19:40:31 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dhcpcore6.dll
[2012.10.09 19:40:31 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dhcpcsvc6.dll
[2014.03.04 11:17:08 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dimsroam.dll
[2014.03.04 11:17:08 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dpapiprovider.dll
[2012.11.02 07:11:31 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dpnet.dll
[2013.04.10 01:34:01 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DWrite.dll
[2013.01.13 22:20:31 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxgi.dll
[2014.07.24 19:48:57 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtmsft.dll
[2014.07.24 19:48:51 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtrans.dll
[2013.01.13 22:30:34 | 000,906,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\FntCache.dll
[2013.06.06 06:51:29 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\fontsub.dll
[2013.10.12 04:01:25 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\FWPUCLNT.DLL
[2012.12.07 14:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\gameux.dll
[2014.08.23 03:46:55 | 000,305,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\gdi32.dll
[2014.07.01 00:14:53 | 000,008,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\icardres.dll
[2014.07.24 19:57:19 | 009,739,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll
[2014.07.24 19:49:37 | 001,802,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll
[2014.07.24 19:47:53 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieui.dll
[2013.10.12 04:01:41 | 000,679,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\IKEEXT.DLL
[2013.10.19 03:36:59 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imagehlp.dll
[2014.03.09 23:47:43 | 000,099,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\infocardapi.dll
[2014.02.04 04:00:39 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iologmsg.dll
[2012.10.03 18:40:35 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iphlpsvc.dll
[2013.04.18 19:06:46 | 000,081,920 | ---- | M] () -- C:\Windows\system32\issacapi_bs-2.3.dll
[2013.04.18 19:06:46 | 000,065,536 | ---- | M] () -- C:\Windows\system32\issacapi_pe-2.3.dll
[2013.04.18 19:06:46 | 000,057,344 | ---- | M] () -- C:\Windows\system32\issacapi_se-2.3.dll
[2014.07.24 19:49:29 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript.dll
[2014.07.24 19:58:33 | 001,810,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript9.dll
[2014.07.24 19:50:10 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll
[2014.07.09 03:29:31 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KBDBASH.DLL
[2014.07.09 03:29:32 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KBDRU.DLL
[2014.07.09 03:29:32 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KBDRU1.DLL
[2014.07.09 03:29:32 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KBDTAT.DLL
[2014.07.09 03:29:32 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KBDYAK.DLL
[2014.05.30 09:52:36 | 000,550,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kerberos.dll
[2014.03.04 11:17:13 | 000,868,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kernel32.dll
[2014.03.04 11:17:13 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KernelBase.dll
[2013.06.06 06:52:14 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\lpk.dll
[2014.06.05 16:26:50 | 001,059,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\lsasrv.dll
[2013.04.18 19:06:46 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\MACXMLProto.dll
[2013.04.18 19:06:46 | 000,118,784 | ---- | M] ((주)마크애니) -- C:\Windows\system32\MaDRM.dll
[2013.04.18 19:06:46 | 000,049,152 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\MaJGUILib.dll
[2013.04.18 19:06:46 | 000,045,320 | ---- | M] (MARKANY) -- C:\Windows\system32\MAMACExtract.dll
[2013.04.18 19:06:46 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\MaXMLProto.dll
[2012.11.06 01:20:52 | 004,421,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfc110.dll
[2012.11.06 01:20:52 | 004,456,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfc110u.dll
[2012.11.06 01:20:52 | 000,092,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfcm110.dll
[2012.11.06 01:20:52 | 000,092,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfcm110u.dll
[2013.04.18 19:06:46 | 000,057,344 | ---- | M] (Marktek) -- C:\Windows\system32\MK_Lyric.dll
[2013.04.18 19:06:46 | 000,245,760 | ---- | M] (Teruten Inc.) -- C:\Windows\system32\MSCLib.dll
[2013.12.04 04:02:06 | 000,390,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msdrm.dll
[2014.07.24 19:49:18 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll
[2014.07.24 19:48:53 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeedsbs.dll
[2013.04.18 19:06:46 | 000,155,648 | ---- | M] (Teruten Inc.) -- C:\Windows\system32\MSFLib.dll
[2014.07.24 20:07:38 | 012,356,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll
[2014.07.24 19:48:36 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmled.dll
[2014.06.03 11:29:50 | 002,363,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msi.dll
[2013.10.30 04:19:52 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msieftp.dll
[2014.06.03 11:29:50 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msihnd.dll
[2013.04.18 19:06:46 | 000,352,256 | ---- | M] (Sample Corporation) -- C:\Windows\system32\MSLUR71.dll
[2013.01.04 08:11:21 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msmpeg2vdec.dll
[2013.10.02 02:14:58 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\MsRdpWebAccess.dll
[2014.01.09 04:22:42 | 005,694,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mstscax.dll
[2014.05.30 09:52:40 | 000,259,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msv1_0.dll
[2012.11.06 01:20:52 | 000,535,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcp110.dll
[2013.09.11 22:21:54 | 000,501,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcp110_clr0400.dll
[2013.09.11 22:21:54 | 000,018,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcr100_clr0400.dll
[2012.11.06 01:20:52 | 000,875,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcr110.dll
[2013.09.11 22:21:54 | 000,863,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcr110_clr0400.dll
[2013.09.08 04:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mswsock.dll
[2014.03.26 16:27:50 | 001,237,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3.dll
[2014.03.26 16:25:14 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3r.dll
[2014.03.26 16:27:50 | 001,389,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6.dll
[2014.03.26 16:25:14 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6r.dll
[2013.04.18 19:06:46 | 000,040,960 | ---- | M] (Telechips Inc.,) -- C:\Windows\system32\MTTELECHIP.dll
[2013.04.18 19:06:46 | 000,057,344 | ---- | M] (Marktek Inc.) -- C:\Windows\system32\MTXSYNCICON.dll
[2013.04.18 19:06:46 | 000,135,168 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\system32\muzaf1.dll
[2013.04.18 19:06:46 | 000,491,520 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\system32\muzapp.dll
[2013.04.18 19:06:46 | 000,200,704 | ---- | M] ( (c) MusicCity) -- C:\Windows\system32\muzwmts.dll
[2014.05.30 09:52:41 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncrypt.dll
[2012.10.03 18:42:23 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncsi.dll
[2012.07.04 23:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netapi32.dll
[2012.10.03 18:42:24 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netcorehc.dll
[2012.10.03 18:42:24 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netevent.dll
[2012.10.03 18:42:26 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\nlaapi.dll
[2012.10.03 18:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\nlasvc.dll
[2013.10.12 04:03:08 | 000,656,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\nshwfp.dll
[2013.08.29 03:50:30 | 001,289,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntdll.dll
[2014.03.04 11:17:19 | 000,538,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\objsel.dll
[2013.07.20 12:33:12 | 000,102,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
[2014.06.06 11:44:17 | 000,509,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\qedit.dll
[2014.05.08 11:06:54 | 002,742,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpcorets.dll
[2012.08.23 13:12:17 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpendp_winip.dll
[2014.05.08 11:06:54 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\RdpGroupPolicyExtension.dll
[2012.08.23 16:48:14 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpudd.dll
[2013.10.02 01:08:10 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdvidcrl.dll
[2013.04.18 19:08:14 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\system32\Redemption.dll
[2014.07.14 03:42:02 | 000,654,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rpcrt4.dll
[2013.08.28 02:57:20 | 000,434,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\scavengeui.dll
[2014.05.30 09:52:45 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\schannel.dll
[2013.10.12 04:03:31 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\scrrun.dll
[2013.12.04 04:03:08 | 000,428,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secproc.dll
[2013.12.04 04:03:20 | 000,423,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secproc_isv.dll
[2013.12.04 04:03:20 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secproc_ssp.dll
[2013.12.04 04:03:20 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secproc_ssp_isv.dll
[2014.04.12 04:12:06 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secur32.dll
[2013.06.26 19:23:00 | 001,084,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sftldr.dll
[2013.07.26 03:55:59 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shdocvw.dll
[2014.06.25 03:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shell32.dll
[2013.10.04 03:58:50 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\SmartcardCredentialProvider.dll
[2014.04.12 04:12:09 | 000,100,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sspicli.dll
[2014.04.12 04:12:09 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sspisrv.dll
[2012.09.26 00:47:43 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\synceng.dll
[2013.08.29 03:50:16 | 000,619,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tdh.dll
[2013.10.02 01:58:48 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tsgqec.dll
[2014.05.30 09:52:49 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\TSpkg.dll
[2013.10.02 01:45:04 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\TsUsbGDCoInstaller.dll
[2013.10.02 02:30:38 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
[2013.09.25 03:57:53 | 000,792,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\TSWorkspace.dll
[2014.07.16 04:46:02 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tzres.dll
[2013.01.13 21:53:14 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\UIAnimation.dll
[2014.07.24 19:50:29 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\url.dll
[2014.07.24 19:52:27 | 001,137,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll
[2014.04.25 04:06:17 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\usp10.dll
[2014.07.24 19:49:38 | 000,421,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vbscript.dll
[2012.11.06 01:20:52 | 000,252,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vccorlib110.dll
[2012.11.06 01:20:52 | 000,125,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vcomp110.dll
[2012.07.26 04:46:47 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wdfres.dll
[2014.05.30 09:52:51 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wdigest.dll
[2013.07.04 13:57:28 | 000,205,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WebClnt.dll
[2014.01.29 04:06:47 | 000,381,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wer.dll
[2013.04.26 06:55:21 | 000,492,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32spl.dll
[2014.03.04 11:17:38 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wincredprovider.dll
[2014.07.11 03:02:10 | 000,096,680 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\WindowsAccessBridge.dll
[2014.02.04 04:04:22 | 001,230,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WindowsCodecs.dll
[2013.01.13 21:53:58 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WindowsCodecsExt.dll
[2014.07.24 19:51:52 | 001,129,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll
[2013.08.02 03:50:36 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\winsrv.dll
[2013.07.09 06:52:10 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wintrust.dll
[2013.10.02 02:14:20 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wksprtPS.dll
[2013.05.10 06:56:08 | 011,410,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wmp.dll
[2013.11.23 20:26:20 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMPhoto.dll
[2013.05.10 06:56:15 | 012,625,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wmploc.DLL
[2013.07.25 10:57:27 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMVDECOD.DLL
[2012.12.07 14:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wpc.dll
[2014.05.14 18:23:38 | 000,581,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuapi.dll
[2014.05.14 18:23:32 | 001,973,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuaueng.dll
[2014.05.14 18:17:15 | 002,425,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wucltux.dll
[2012.07.26 05:20:40 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFCoinstaller.dll
[2012.07.26 05:20:40 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFPlatform.dll
[2012.07.26 05:20:40 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFSvc.dll
[2012.07.26 05:20:40 | 000,613,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFx.dll
[2014.05.14 18:17:10 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wudriver.dll
[2014.05.14 18:23:42 | 000,036,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wups.dll
[2014.05.14 18:23:42 | 000,045,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wups2.dll
[2014.05.14 09:23:04 | 000,179,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuwebv.dll
[2013.03.19 05:33:33 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wwanprotdim.dll
[2014.01.28 04:07:07 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wwansvc.dll
[2013.01.13 20:34:58 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsGdiConverter.dll
[2013.01.13 19:26:42 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsPrint.dll
 
< C:\Windows\system32\*.dll /800 /64  >
[2014.03.04 11:17:05 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\adprovider.dll
[2013.08.29 03:48:17 | 000,640,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\advapi32.dll
[2014.05.09 09:04:12 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\aeinv.dll
[2014.05.09 09:06:23 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\aepdu.dll
[2013.08.02 03:48:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
[2013.08.02 03:48:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
[2013.08.02 03:48:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
[2013.08.02 03:48:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
[2013.08.02 03:48:15 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 03:48:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
[2013.08.02 03:48:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
[2013.08.02 03:48:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.08.02 03:48:15 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
[2013.08.02 03:48:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
[2013.08.02 03:48:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.08.02 02:43:05 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
[2013.08.02 02:43:05 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
[2013.08.02 02:43:05 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.13 23:16:42 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.01.13 23:12:46 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.01.13 23:17:02 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.01.13 23:11:08 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.01.13 23:11:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.01.13 23:17:03 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.01.13 23:11:07 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.01.13 23:11:21 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.01.13 23:11:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
[2013.08.02 02:43:05 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
[2013.02.27 06:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\appinfo.dll
[2013.09.11 22:21:54 | 000,028,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\aspnet_counters.dll
[2012.11.06 01:20:50 | 000,168,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\atl110.dll
[2013.06.06 05:01:38 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\atmfd.dll
[2013.06.06 05:01:26 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\system32\atmlib.dll
[2014.06.03 11:29:40 | 001,805,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\authui.dll
[2012.07.04 23:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browcli.dll
[2012.07.04 23:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browser.dll
[2014.03.04 11:17:06 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\capiprovider.dll
[2014.06.16 03:40:20 | 000,107,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cdd.dll
[2013.05.13 05:08:06 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\certenc.dll
[2013.04.18 19:06:46 | 000,974,848 | ---- | M] () -- C:\Windows\system32\cis-2.4.dll
[2014.03.04 11:17:07 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cngprovider.dll
[2013.07.04 13:50:56 | 000,530,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\comctl32.dll
[2014.05.30 09:52:30 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\credssp.dll
[2013.10.04 03:56:25 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\credui.dll
[2013.10.05 21:57:25 | 001,168,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\crypt32.dll
[2013.05.10 05:20:54 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptdlg.dll
[2013.07.09 06:46:31 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptnet.dll
[2013.07.09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptsvc.dll
[2013.03.19 06:48:45 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\csrsrv.dll
[2013.11.26 10:16:50 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d2d1.dll
[2013.01.13 21:46:25 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10.dll
[2013.01.13 22:08:43 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10core.dll
[2013.01.13 21:54:01 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10level9.dll
[2013.12.25 01:09:41 | 001,987,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10warp.dll
[2013.01.13 21:48:47 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1.dll
[2013.01.13 22:09:00 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1core.dll
[2013.04.26 01:30:32 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d11.dll
[2013.07.04 13:51:04 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\davclnt.dll
[2013.06.06 06:50:56 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dciman32.dll
[2013.04.18 19:06:08 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\system32\dgderapi.dll
[2012.10.09 19:40:31 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dhcpcore6.dll
[2012.10.09 19:40:31 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dhcpcsvc6.dll
[2014.03.04 11:17:08 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dimsroam.dll
[2014.03.04 11:17:08 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dpapiprovider.dll
[2012.11.02 07:11:31 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dpnet.dll
[2013.04.10 01:34:01 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DWrite.dll
[2013.01.13 22:20:31 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxgi.dll
[2014.07.24 19:48:57 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtmsft.dll
[2014.07.24 19:48:51 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtrans.dll
[2013.01.13 22:30:34 | 000,906,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\FntCache.dll
[2013.06.06 06:51:29 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\fontsub.dll
[2013.10.12 04:01:25 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\FWPUCLNT.DLL
[2012.12.07 14:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\gameux.dll
[2014.08.23 03:46:55 | 000,305,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\gdi32.dll
[2014.07.01 00:14:53 | 000,008,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\icardres.dll
[2014.07.24 19:57:19 | 009,739,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll
[2014.07.24 19:49:37 | 001,802,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll
[2014.07.24 19:47:53 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieui.dll
[2013.10.12 04:01:41 | 000,679,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\IKEEXT.DLL
[2013.10.19 03:36:59 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imagehlp.dll
[2014.03.09 23:47:43 | 000,099,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\infocardapi.dll
[2014.02.04 04:00:39 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iologmsg.dll
[2012.10.03 18:40:35 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iphlpsvc.dll
[2013.04.18 19:06:46 | 000,081,920 | ---- | M] () -- C:\Windows\system32\issacapi_bs-2.3.dll
[2013.04.18 19:06:46 | 000,065,536 | ---- | M] () -- C:\Windows\system32\issacapi_pe-2.3.dll
[2013.04.18 19:06:46 | 000,057,344 | ---- | M] () -- C:\Windows\system32\issacapi_se-2.3.dll
[2014.07.24 19:49:29 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript.dll
[2014.07.24 19:58:33 | 001,810,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript9.dll
[2014.07.24 19:50:10 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll
[2014.07.09 03:29:31 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KBDBASH.DLL
[2014.07.09 03:29:32 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KBDRU.DLL
[2014.07.09 03:29:32 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KBDRU1.DLL
[2014.07.09 03:29:32 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KBDTAT.DLL
[2014.07.09 03:29:32 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KBDYAK.DLL
[2014.05.30 09:52:36 | 000,550,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kerberos.dll
[2014.03.04 11:17:13 | 000,868,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kernel32.dll
[2014.03.04 11:17:13 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KernelBase.dll
[2013.06.06 06:52:14 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\lpk.dll
[2014.06.05 16:26:50 | 001,059,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\lsasrv.dll
[2013.04.18 19:06:46 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\MACXMLProto.dll
[2013.04.18 19:06:46 | 000,118,784 | ---- | M] ((주)마크애니) -- C:\Windows\system32\MaDRM.dll
[2013.04.18 19:06:46 | 000,049,152 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\MaJGUILib.dll
[2013.04.18 19:06:46 | 000,045,320 | ---- | M] (MARKANY) -- C:\Windows\system32\MAMACExtract.dll
[2013.04.18 19:06:46 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\MaXMLProto.dll
[2012.11.06 01:20:52 | 004,421,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfc110.dll
[2012.11.06 01:20:52 | 004,456,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfc110u.dll
[2012.11.06 01:20:52 | 000,092,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfcm110.dll
[2012.11.06 01:20:52 | 000,092,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfcm110u.dll
[2013.04.18 19:06:46 | 000,057,344 | ---- | M] (Marktek) -- C:\Windows\system32\MK_Lyric.dll
[2013.04.18 19:06:46 | 000,245,760 | ---- | M] (Teruten Inc.) -- C:\Windows\system32\MSCLib.dll
[2013.12.04 04:02:06 | 000,390,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msdrm.dll
[2014.07.24 19:49:18 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll
[2014.07.24 19:48:53 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeedsbs.dll
[2013.04.18 19:06:46 | 000,155,648 | ---- | M] (Teruten Inc.) -- C:\Windows\system32\MSFLib.dll
[2014.07.24 20:07:38 | 012,356,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll
[2014.07.24 19:48:36 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmled.dll
[2014.06.03 11:29:50 | 002,363,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msi.dll
[2013.10.30 04:19:52 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msieftp.dll
[2014.06.03 11:29:50 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msihnd.dll
[2013.04.18 19:06:46 | 000,352,256 | ---- | M] (Sample Corporation) -- C:\Windows\system32\MSLUR71.dll
[2013.01.04 08:11:21 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msmpeg2vdec.dll
[2013.10.02 02:14:58 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\MsRdpWebAccess.dll
[2014.01.09 04:22:42 | 005,694,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mstscax.dll
[2014.05.30 09:52:40 | 000,259,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msv1_0.dll
[2012.11.06 01:20:52 | 000,535,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcp110.dll
[2013.09.11 22:21:54 | 000,501,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcp110_clr0400.dll
[2013.09.11 22:21:54 | 000,018,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcr100_clr0400.dll
[2012.11.06 01:20:52 | 000,875,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcr110.dll
[2013.09.11 22:21:54 | 000,863,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcr110_clr0400.dll
[2013.09.08 04:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mswsock.dll
[2014.03.26 16:27:50 | 001,237,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3.dll
[2014.03.26 16:25:14 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3r.dll
[2014.03.26 16:27:50 | 001,389,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6.dll
[2014.03.26 16:25:14 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6r.dll
[2013.04.18 19:06:46 | 000,040,960 | ---- | M] (Telechips Inc.,) -- C:\Windows\system32\MTTELECHIP.dll
[2013.04.18 19:06:46 | 000,057,344 | ---- | M] (Marktek Inc.) -- C:\Windows\system32\MTXSYNCICON.dll
[2013.04.18 19:06:46 | 000,135,168 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\system32\muzaf1.dll
[2013.04.18 19:06:46 | 000,491,520 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\system32\muzapp.dll
[2013.04.18 19:06:46 | 000,200,704 | ---- | M] ( (c) MusicCity) -- C:\Windows\system32\muzwmts.dll
[2014.05.30 09:52:41 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncrypt.dll
[2012.10.03 18:42:23 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncsi.dll
[2012.07.04 23:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netapi32.dll
[2012.10.03 18:42:24 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netcorehc.dll
[2012.10.03 18:42:24 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netevent.dll
[2012.10.03 18:42:26 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\nlaapi.dll
[2012.10.03 18:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\nlasvc.dll
[2013.10.12 04:03:08 | 000,656,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\nshwfp.dll
[2013.08.29 03:50:30 | 001,289,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntdll.dll
[2014.03.04 11:17:19 | 000,538,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\objsel.dll
[2013.07.20 12:33:12 | 000,102,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
[2014.06.06 11:44:17 | 000,509,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\qedit.dll
[2014.05.08 11:06:54 | 002,742,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpcorets.dll
[2012.08.23 13:12:17 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpendp_winip.dll
[2014.05.08 11:06:54 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\RdpGroupPolicyExtension.dll
[2012.08.23 16:48:14 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpudd.dll
[2013.10.02 01:08:10 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdvidcrl.dll
[2013.04.18 19:08:14 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\system32\Redemption.dll
[2014.07.14 03:42:02 | 000,654,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rpcrt4.dll
[2013.08.28 02:57:20 | 000,434,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\scavengeui.dll
[2014.05.30 09:52:45 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\schannel.dll
[2013.10.12 04:03:31 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\scrrun.dll
[2013.12.04 04:03:08 | 000,428,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secproc.dll
[2013.12.04 04:03:20 | 000,423,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secproc_isv.dll
[2013.12.04 04:03:20 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secproc_ssp.dll
[2013.12.04 04:03:20 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secproc_ssp_isv.dll
[2014.04.12 04:12:06 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secur32.dll
[2013.06.26 19:23:00 | 001,084,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sftldr.dll
[2013.07.26 03:55:59 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shdocvw.dll
[2014.06.25 03:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shell32.dll
[2013.10.04 03:58:50 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\SmartcardCredentialProvider.dll
[2014.04.12 04:12:09 | 000,100,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sspicli.dll
[2014.04.12 04:12:09 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sspisrv.dll
[2012.09.26 00:47:43 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\synceng.dll
[2013.08.29 03:50:16 | 000,619,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tdh.dll
[2013.10.02 01:58:48 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tsgqec.dll
[2014.05.30 09:52:49 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\TSpkg.dll
[2013.10.02 01:45:04 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\TsUsbGDCoInstaller.dll
[2013.10.02 02:30:38 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
[2013.09.25 03:57:53 | 000,792,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\TSWorkspace.dll
[2014.07.16 04:46:02 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tzres.dll
[2013.01.13 21:53:14 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\UIAnimation.dll
[2014.07.24 19:50:29 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\url.dll
[2014.07.24 19:52:27 | 001,137,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll
[2014.04.25 04:06:17 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\usp10.dll
[2014.07.24 19:49:38 | 000,421,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vbscript.dll
[2012.11.06 01:20:52 | 000,252,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vccorlib110.dll
[2012.11.06 01:20:52 | 000,125,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vcomp110.dll
[2012.07.26 04:46:47 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wdfres.dll
[2014.05.30 09:52:51 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wdigest.dll
[2013.07.04 13:57:28 | 000,205,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WebClnt.dll
[2014.01.29 04:06:47 | 000,381,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wer.dll
[2013.04.26 06:55:21 | 000,492,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32spl.dll
[2014.03.04 11:17:38 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wincredprovider.dll
[2014.07.11 03:02:10 | 000,096,680 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\WindowsAccessBridge.dll
[2014.02.04 04:04:22 | 001,230,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WindowsCodecs.dll
[2013.01.13 21:53:58 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WindowsCodecsExt.dll
[2014.07.24 19:51:52 | 001,129,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll
[2013.08.02 03:50:36 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\winsrv.dll
[2013.07.09 06:52:10 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wintrust.dll
[2013.10.02 02:14:20 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wksprtPS.dll
[2013.05.10 06:56:08 | 011,410,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wmp.dll
[2013.11.23 20:26:20 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMPhoto.dll
[2013.05.10 06:56:15 | 012,625,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wmploc.DLL
[2013.07.25 10:57:27 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMVDECOD.DLL
[2012.12.07 14:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wpc.dll
[2014.05.14 18:23:38 | 000,581,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuapi.dll
[2014.05.14 18:23:32 | 001,973,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuaueng.dll
[2014.05.14 18:17:15 | 002,425,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wucltux.dll
[2012.07.26 05:20:40 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFCoinstaller.dll
[2012.07.26 05:20:40 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFPlatform.dll
[2012.07.26 05:20:40 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFSvc.dll
[2012.07.26 05:20:40 | 000,613,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFx.dll
[2014.05.14 18:17:10 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wudriver.dll
[2014.05.14 18:23:42 | 000,036,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wups.dll
[2014.05.14 18:23:42 | 000,045,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wups2.dll
[2014.05.14 09:23:04 | 000,179,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuwebv.dll
[2013.03.19 05:33:33 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wwanprotdim.dll
[2014.01.28 04:07:07 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wwansvc.dll
[2013.01.13 20:34:58 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsGdiConverter.dll
[2013.01.13 19:26:42 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsPrint.dll

< End of report >

26.08.2014, 21:54	#19
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Malsign.Dailytools.3A7 Soll dieses Tycoon-Zeug ein NoCD Crack sein? __________________ Logfiles bitte immer in CODE-Tags posten

27.08.2014, 15:51	#21
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Malsign.Dailytools.3A7 Runter mit dem Scheiß. Windows rebooten, ESET ausführen. __________________ --> Malsign.Dailytools.3A7

28.08.2014, 13:07	#27
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Malsign.Dailytools.3A7 Was ist denn noch an Problemen offen? Für deinen langsamen Rechner => http://www.trojaner-board.de/71631-p...tml#post425616 __________________ Logfiles bitte immer in CODE-Tags posten

Malsign.Dailytools.3A7

Log-Analyse und Auswertung: Malsign.Dailytools.3A7