|
Log-Analyse und Auswertung: Windows: PC von Behörden beschlagnahmtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
23.08.2014, 13:47 | #1 |
| Windows: PC von Behörden beschlagnahmt Hallo, Der PC wurde vor drei Jahren in Kleinfirma (3 Leute) gewerblich genutzt. Bis vor zwei Jahren arbeitete ich auch dort. Aufgrund eins Projektes in Süditalien war die Firma von einer Anti-Mafia-Untersuchung betroffen. Der PC wurde von den Behörden für einige Tage beschlagnahmt. Ich habe den PC dem Firmen-Inhaber abgekauft und nutze ihn nun privat. Symptome hat nicht der PC, sondern ich: ein etwas ungutes Gefühl wegen möglicher "Staatstrojaner". Der PC war 2 Jahre ungenutzt. Es sind 32-bit und 64-bit Versionen von Windows 7 installiert. (Bei beiden war zunächst wegen veralteter wuaueng.dll kein Windows-Update möglich. Jetzt sind bei beiden alle wichtigen Updates installiert.) Avira Free Antivirus: Keine Funde bei 32-bit + 64-bit. Ich arbeite mit der 64-bit Version. Für den Fall dass sie gebraucht werden habe ich aber auch die 32-bit-Logfiles beigelegt (32bit im Anhang, da zu gross). Besten Dank für jede Hilfe! defogger_disable [64bit] Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 20:07 on 03/08/2014 (Administrator) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014 Ran by Administrator (administrator) on USER-PC on 03-08-2014 20:12:06 Running from C:\Users\Administrator\Desktop Platform: Windows 7 Professional (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-24] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-07-23] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/?gws_rd=ssl HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8B2FD20D41AECF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - DefaultScope {85BC7E91-014B-4AFC-A6C9-4C5420D8C79E} URL = hxxp://www.google.ch/search?q={searchTerms} SearchScopes: HKCU - {85BC7E91-014B-4AFC-A6C9-4C5420D8C79E} URL = hxxp://www.google.ch/search?q={searchTerms} BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation) Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.192.1 FireFox: ======== FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\occn3m87.default FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-23] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-23] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-23] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-07-23] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-23] (Avira Operations GmbH & Co. KG) R3 e1qexpress; C:\Windows\System32\DRIVERS\e1q60x64.sys [244736 2009-06-10] (Intel Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-03 20:12 - 2014-08-03 20:12 - 00006553 _____ () C:\Users\Administrator\Desktop\FRST.txt 2014-08-03 20:11 - 2014-08-03 20:12 - 00000000 ____D () C:\FRST 2014-08-03 20:07 - 2014-08-03 20:08 - 02094080 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe 2014-08-03 20:07 - 2014-08-03 20:07 - 00000488 _____ () C:\Users\Administrator\Desktop\defogger_disable.log 2014-08-03 20:07 - 2014-08-03 20:07 - 00000000 _____ () C:\Users\Administrator\defogger_reenable 2014-08-03 20:05 - 2014-08-03 20:05 - 00050477 _____ () C:\Users\Administrator\Desktop\Defogger.exe 2014-08-03 20:03 - 2014-08-03 20:03 - 00000000 _____ () C:\C64.txt 2014-08-03 16:44 - 2014-08-03 16:44 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe 2014-08-03 16:40 - 2014-08-03 16:40 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-08-03 16:40 - 2014-08-03 16:40 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-08-03 16:39 - 2014-08-03 16:39 - 00000000 ____D () C:\ProgramData\Adobe 2014-08-03 16:39 - 2014-08-03 16:39 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-08-03 16:29 - 2014-08-03 16:29 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Avira 2014-08-03 16:26 - 2014-08-03 16:29 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-08-03 16:26 - 2014-08-03 16:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-08-03 16:26 - 2014-08-03 16:26 - 00000000 ____D () C:\ProgramData\Mozilla 2014-08-03 16:25 - 2014-08-03 16:25 - 00244408 _____ () C:\Users\Administrator\Downloads\Firefox Setup Stub 31.0.exe 2014-08-03 16:23 - 2014-07-23 13:29 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-08-03 16:23 - 2014-07-23 13:29 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-08-03 16:23 - 2014-07-23 13:29 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-08-03 16:22 - 2014-08-03 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-03 16:22 - 2014-08-03 16:23 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-08-03 16:22 - 2014-08-03 16:22 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-08-03 16:22 - 2014-08-03 16:22 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-03 16:07 - 2014-08-03 16:08 - 04431200 _____ (Avira Operations GmbH & Co. KG) C:\Users\Administrator\Downloads\avira_de_av_4214566093__ws.exe 2014-08-03 16:01 - 2009-10-10 05:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys 2014-08-03 15:45 - 2014-08-03 15:45 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-08-03 15:12 - 2014-08-03 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in 2014-08-03 15:09 - 2010-09-14 08:45 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll 2014-08-03 15:09 - 2010-09-14 08:07 - 00276992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll 2014-08-03 14:48 - 2012-07-26 06:55 - 00785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2014-08-03 14:48 - 2012-07-26 06:55 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys 2014-08-03 14:48 - 2012-07-26 04:36 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll 2014-08-03 14:48 - 2012-06-02 16:35 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf 2014-08-03 14:45 - 2014-08-03 14:46 - 00000000 ____D () C:\Windows\system32\MRT 2014-08-03 14:41 - 2009-11-25 12:47 - 01942856 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-08-03 14:41 - 2009-11-25 12:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-08-03 14:41 - 2009-11-25 12:47 - 00444752 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll 2014-08-03 14:41 - 2009-11-25 12:47 - 00320352 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe 2014-08-03 14:41 - 2009-11-25 12:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll 2014-08-03 14:41 - 2009-11-25 12:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe 2014-08-03 14:41 - 2009-11-25 12:47 - 00109912 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll 2014-08-03 14:41 - 2009-11-25 12:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll 2014-08-03 14:41 - 2009-11-25 12:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll 2014-08-03 14:41 - 2009-11-25 12:47 - 00048960 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 17854464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 12353024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 10890752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 09711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2014-08-03 14:39 - 2014-08-03 14:39 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-08-03 14:39 - 2014-08-03 14:39 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-08-03 14:39 - 2014-08-03 14:39 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-03 14:39 - 2014-08-03 14:39 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-03 14:39 - 2014-08-03 14:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-08-03 14:39 - 2014-08-03 14:39 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-08-03 14:39 - 2014-08-03 14:39 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-08-03 14:39 - 2014-08-03 14:39 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-03 14:39 - 2014-08-03 14:39 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-08-03 14:39 - 2014-08-03 14:39 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-08-03 14:39 - 2014-08-03 14:39 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-08-03 14:39 - 2014-08-03 14:39 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-08-03 14:39 - 2014-08-03 14:39 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-08-03 14:39 - 2014-08-03 14:39 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-08-03 14:39 - 2014-08-03 14:39 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-08-03 14:39 - 2014-08-03 14:39 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-03 14:39 - 2014-08-03 14:39 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2014-08-03 14:39 - 2014-08-03 14:39 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-08-03 14:39 - 2014-08-03 14:39 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2014-08-03 14:39 - 2014-08-03 14:39 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe 2014-08-03 14:39 - 2014-08-03 14:39 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-08-03 14:39 - 2014-08-03 14:39 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-08-03 14:39 - 2014-08-03 14:39 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-08-03 14:39 - 2014-08-03 14:39 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-08-03 14:39 - 2014-08-03 14:39 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-08-03 14:38 - 2014-08-03 14:40 - 00004747 _____ () C:\Windows\IE9_main.log 2014-08-03 14:34 - 2012-12-16 18:52 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2014-08-03 14:34 - 2012-12-16 16:40 - 00367616 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2014-08-03 14:34 - 2012-12-16 16:25 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2014-08-03 14:34 - 2012-12-16 16:25 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2014-08-03 14:33 - 2012-07-26 05:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll 2014-08-03 14:33 - 2012-07-26 05:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe 2014-08-03 14:33 - 2012-07-26 05:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll 2014-08-03 14:33 - 2012-07-26 05:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll 2014-08-03 14:33 - 2012-07-26 05:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll 2014-08-03 14:33 - 2012-07-26 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys 2014-08-03 14:33 - 2012-07-26 04:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys 2014-08-03 14:33 - 2012-06-02 16:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2014-08-03 14:29 - 2014-08-03 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-08-03 14:29 - 2014-08-03 14:29 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-08-03 14:29 - 2014-08-03 14:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-08-03 14:28 - 2012-03-01 08:54 - 00022896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys 2014-08-03 14:28 - 2012-03-01 08:40 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2014-08-03 14:28 - 2012-03-01 08:35 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll 2014-08-03 14:28 - 2012-03-01 07:45 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2014-08-03 14:28 - 2012-03-01 07:40 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll 2014-08-03 14:24 - 2014-07-01 03:56 - 00516096 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-08-03 14:24 - 2014-07-01 03:50 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-08-03 14:24 - 2013-02-12 17:42 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-08-03 14:24 - 2013-02-12 17:37 - 03138048 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-08-03 14:24 - 2013-02-12 17:31 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2014-08-03 14:24 - 2013-02-12 17:13 - 02691072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-08-03 14:24 - 2013-02-12 17:07 - 00131072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2014-08-03 14:24 - 2013-02-12 15:59 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2014-08-03 14:24 - 2013-01-04 07:41 - 01893224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-08-03 14:24 - 2013-01-04 07:40 - 00287576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-08-03 14:24 - 2012-12-07 07:41 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll 2014-08-03 14:24 - 2012-12-07 07:35 - 02745856 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll 2014-08-03 14:24 - 2012-12-07 07:04 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll 2014-08-03 14:24 - 2012-12-07 06:57 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll 2014-08-03 14:24 - 2012-12-07 05:45 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs 2014-08-03 14:24 - 2012-12-07 05:45 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs 2014-08-03 14:24 - 2012-12-07 05:45 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs 2014-08-03 14:24 - 2012-12-07 05:45 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs 2014-08-03 14:24 - 2012-12-07 05:45 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs 2014-08-03 14:24 - 2012-12-07 05:45 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs 2014-08-03 14:24 - 2012-12-07 05:45 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs 2014-08-03 14:24 - 2012-12-07 05:45 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs 2014-08-03 14:24 - 2012-12-07 05:45 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs 2014-08-03 14:24 - 2012-12-07 05:45 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs 2014-08-03 14:24 - 2012-12-07 05:45 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs 2014-08-03 14:24 - 2012-12-07 05:45 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs 2014-08-03 14:24 - 2012-12-07 05:45 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs 2014-08-03 14:24 - 2012-12-07 05:45 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs 2014-08-03 14:24 - 2012-12-07 05:21 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs 2014-08-03 14:24 - 2012-12-07 05:21 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs 2014-08-03 14:24 - 2012-12-07 05:21 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs 2014-08-03 14:24 - 2012-12-07 05:21 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs 2014-08-03 14:24 - 2012-12-07 05:21 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs 2014-08-03 14:24 - 2012-12-07 05:21 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs 2014-08-03 14:24 - 2012-12-07 05:21 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs 2014-08-03 14:24 - 2012-12-07 05:21 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs 2014-08-03 14:24 - 2012-12-07 05:21 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs 2014-08-03 14:24 - 2012-12-07 05:21 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs 2014-08-03 14:24 - 2012-12-07 05:21 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs 2014-08-03 14:24 - 2012-12-07 05:21 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs 2014-08-03 14:24 - 2012-12-07 05:21 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs 2014-08-03 14:24 - 2012-12-07 05:21 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs 2014-08-03 14:24 - 2012-11-22 12:32 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-08-03 14:24 - 2012-11-22 11:33 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2014-08-03 14:24 - 2012-11-09 07:34 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2014-08-03 14:24 - 2012-11-09 07:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-03 14:24 - 2012-11-09 06:49 - 00492032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2014-08-03 14:24 - 2012-11-09 06:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-08-03 14:24 - 2012-09-26 00:39 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll 2014-08-03 14:24 - 2012-09-25 23:55 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll 2014-08-03 14:24 - 2012-08-02 19:55 - 00574464 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2014-08-03 14:24 - 2012-08-02 19:05 - 00490496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2014-08-03 14:24 - 2012-06-09 07:30 - 14165504 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-08-03 14:24 - 2012-06-09 06:46 - 12868608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-08-03 14:24 - 2012-05-02 07:32 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2014-08-03 14:24 - 2012-03-03 08:29 - 01837568 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-08-03 14:24 - 2012-03-03 08:29 - 01541120 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2014-08-03 14:24 - 2012-03-03 08:29 - 00902656 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-08-03 14:24 - 2012-03-03 08:29 - 00320512 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2014-08-03 14:24 - 2012-03-03 08:29 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2014-08-03 14:24 - 2012-03-03 07:40 - 01170944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-08-03 14:24 - 2012-03-03 07:40 - 01074176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2014-08-03 14:24 - 2012-03-03 07:40 - 00739840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2014-08-03 14:24 - 2012-03-03 07:40 - 00218624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll 2014-08-03 14:24 - 2012-03-03 07:40 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll 2014-08-03 14:24 - 2011-12-28 05:59 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-08-03 14:24 - 2011-10-26 07:22 - 01572864 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2014-08-03 14:24 - 2011-10-26 07:22 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-08-03 14:24 - 2011-10-26 06:28 - 01328640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2014-08-03 14:24 - 2011-10-26 06:28 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-08-03 14:24 - 2011-08-17 07:32 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll 2014-08-03 14:24 - 2011-08-17 07:27 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax 2014-08-03 14:24 - 2011-08-17 07:27 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax 2014-08-03 14:24 - 2011-08-17 07:27 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\Mpeg2Data.ax 2014-08-03 14:24 - 2011-08-17 07:27 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax 2014-08-03 14:24 - 2011-08-17 06:26 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll 2014-08-03 14:24 - 2011-08-17 06:22 - 00204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSNP.ax 2014-08-03 14:24 - 2011-08-17 06:22 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax 2014-08-03 14:24 - 2011-08-17 06:22 - 00072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax 2014-08-03 14:24 - 2011-08-17 06:22 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax 2014-08-03 14:24 - 2011-05-04 07:30 - 02326016 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll 2014-08-03 14:24 - 2011-05-04 07:28 - 02228224 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll 2014-08-03 14:24 - 2011-05-04 07:28 - 00779264 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll 2014-08-03 14:24 - 2011-05-04 07:28 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll 2014-08-03 14:24 - 2011-05-04 07:28 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll 2014-08-03 14:24 - 2011-05-04 07:28 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll 2014-08-03 14:24 - 2011-05-04 07:24 - 00593408 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe 2014-08-03 14:24 - 2011-05-04 07:24 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe 2014-08-03 14:24 - 2011-05-04 07:24 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe 2014-08-03 14:24 - 2011-05-04 06:53 - 01553920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll 2014-08-03 14:24 - 2011-05-04 06:52 - 01401856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll 2014-08-03 14:24 - 2011-05-04 06:52 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll 2014-08-03 14:24 - 2011-05-04 06:52 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe 2014-08-03 14:24 - 2011-05-04 06:52 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll 2014-08-03 14:24 - 2011-05-04 06:52 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll 2014-08-03 14:24 - 2011-05-04 06:52 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe 2014-08-03 14:24 - 2011-05-04 06:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe 2014-08-03 14:24 - 2011-05-04 06:52 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll 2014-08-03 14:24 - 2011-04-27 04:57 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys 2014-08-03 14:24 - 2010-12-23 08:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll 2014-08-03 14:24 - 2010-12-23 08:07 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll 2014-08-03 14:24 - 2010-12-23 08:02 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax 2014-08-03 14:24 - 2010-12-23 07:28 - 00850432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll 2014-08-03 14:24 - 2010-12-23 07:28 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll 2014-08-03 14:24 - 2010-12-23 07:24 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax 2014-08-03 14:24 - 2010-11-02 07:18 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\wmicmiplugin.dll 2014-08-03 14:24 - 2010-11-02 07:17 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll 2014-08-03 14:24 - 2010-11-02 07:17 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll 2014-08-03 14:24 - 2010-11-02 07:16 - 01114624 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2014-08-03 14:24 - 2010-11-02 07:10 - 00464384 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe 2014-08-03 14:24 - 2010-11-02 07:10 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe 2014-08-03 14:24 - 2010-11-02 06:40 - 00496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll 2014-08-03 14:24 - 2010-11-02 06:40 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll 2014-08-03 14:24 - 2010-11-02 06:34 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe 2014-08-03 14:24 - 2010-11-02 06:34 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe 2014-08-03 14:24 - 2010-08-26 07:27 - 00148992 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll 2014-08-03 14:24 - 2010-08-26 06:39 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll 2014-08-03 14:24 - 2010-06-29 07:39 - 02085376 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2014-08-03 14:24 - 2010-06-29 07:02 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2014-08-03 14:23 - 2013-03-01 05:32 - 03150848 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-03 14:23 - 2013-01-24 07:41 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys 2014-08-03 14:23 - 2013-01-04 07:37 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-08-03 14:23 - 2013-01-04 07:37 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-08-03 14:23 - 2013-01-04 07:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-08-03 14:23 - 2013-01-04 07:36 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2014-08-03 14:23 - 2013-01-04 07:33 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-08-03 14:23 - 2013-01-04 07:30 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-08-03 14:23 - 2013-01-04 07:30 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-08-03 14:23 - 2013-01-04 07:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 07:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 07:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 07:27 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 07:27 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 07:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 07:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 07:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 07:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 07:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 07:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 07:26 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 07:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 07:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 07:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 07:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 07:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 07:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 07:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 07:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 07:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 07:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 07:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 07:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 07:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 07:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 07:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 07:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 06:51 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-08-03 14:23 - 2013-01-04 06:51 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-08-03 14:23 - 2013-01-04 06:51 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-08-03 14:23 - 2013-01-04 06:43 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 06:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 06:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 06:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 06:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 06:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 06:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 06:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 06:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 06:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 06:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 06:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 06:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 06:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 06:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 06:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 06:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 06:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 06:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 06:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 06:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 06:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 06:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 06:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 05:19 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2014-08-03 14:23 - 2013-01-04 04:48 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-08-03 14:23 - 2013-01-04 04:48 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-08-03 14:23 - 2013-01-04 04:48 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-08-03 14:23 - 2013-01-04 04:48 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-08-03 14:23 - 2013-01-04 04:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 04:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 04:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2014-08-03 14:23 - 2013-01-04 04:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2014-08-03 14:23 - 2012-11-30 01:21 - 00420032 _____ () C:\Windows\SysWOW64\locale.nls 2014-08-03 14:23 - 2012-11-30 01:19 - 00420032 _____ () C:\Windows\system32\locale.nls 2014-08-03 14:23 - 2012-11-02 07:30 - 02001408 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-08-03 14:23 - 2012-11-02 07:30 - 01880064 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-08-03 14:23 - 2012-11-02 07:27 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll 2014-08-03 14:23 - 2012-11-02 06:50 - 01388544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2014-08-03 14:23 - 2012-11-02 06:50 - 01236992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-08-03 14:23 - 2012-11-02 06:48 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll 2014-08-03 14:23 - 2012-09-06 19:38 - 00295792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys 2014-08-03 14:23 - 2012-08-24 20:05 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-08-03 14:23 - 2012-08-24 19:10 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2014-08-03 14:23 - 2012-06-02 07:38 - 00152432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-08-03 14:23 - 2012-06-02 07:38 - 00095088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-08-03 14:23 - 2012-06-02 07:37 - 00459216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2014-08-03 14:23 - 2012-06-02 07:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-08-03 14:23 - 2012-06-02 06:48 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-08-03 14:23 - 2012-06-02 06:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-08-03 14:23 - 2012-06-02 06:42 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-08-03 14:23 - 2012-05-05 10:30 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2014-08-03 14:23 - 2012-05-05 09:44 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2014-08-03 14:23 - 2012-04-28 05:50 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-08-03 14:23 - 2012-04-26 07:34 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-08-03 14:23 - 2012-04-26 07:34 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll 2014-08-03 14:23 - 2012-04-26 07:28 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe 2014-08-03 14:23 - 2012-04-07 14:18 - 03213824 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-03 14:23 - 2012-04-07 13:34 - 02342400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-08-03 14:23 - 2012-03-17 09:55 - 00075632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys 2014-08-03 14:23 - 2012-02-15 08:27 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll 2014-08-03 14:23 - 2012-02-15 07:44 - 00826368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll 2014-08-03 14:23 - 2012-02-15 06:46 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys 2014-08-03 14:23 - 2011-11-17 09:12 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll 2014-08-03 14:23 - 2011-11-17 09:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-08-03 14:23 - 2011-11-17 09:11 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-08-03 14:23 - 2011-11-17 09:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-08-03 14:23 - 2011-11-17 09:08 - 01446912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-08-03 14:23 - 2011-11-17 09:05 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-08-03 14:23 - 2011-11-17 07:39 - 00314368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll 2014-08-03 14:23 - 2011-07-09 04:44 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2014-08-03 14:23 - 2011-06-16 07:31 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll 2014-08-03 14:23 - 2011-06-16 06:35 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll 2014-08-03 14:23 - 2011-06-15 11:58 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll 2014-08-03 14:23 - 2011-06-15 11:58 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll 2014-08-03 14:23 - 2011-06-15 11:58 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll 2014-08-03 14:23 - 2011-06-15 11:58 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll 2014-08-03 14:23 - 2011-06-15 11:04 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll 2014-08-03 14:23 - 2011-06-15 11:04 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll 2014-08-03 14:23 - 2011-06-15 11:04 - 00122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll 2014-08-03 14:23 - 2011-06-15 11:04 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll 2014-08-03 14:23 - 2011-06-15 11:04 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll 2014-08-03 14:23 - 2011-05-04 04:51 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2014-08-03 14:23 - 2011-05-04 04:51 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2014-08-03 14:23 - 2010-05-05 09:37 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll 2014-08-03 14:23 - 2010-05-05 08:46 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll 2014-08-03 14:21 - 2013-04-12 16:36 - 01653096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-08-03 14:21 - 2013-02-12 16:02 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys 2014-08-03 14:21 - 2012-08-11 02:53 - 00714752 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-08-03 14:21 - 2012-08-11 01:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-08-03 14:21 - 2012-07-05 00:04 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll 2014-08-03 14:21 - 2012-07-05 00:01 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll 2014-08-03 14:21 - 2012-07-05 00:01 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll 2014-08-03 14:21 - 2012-07-04 23:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll 2014-08-03 14:21 - 2012-07-04 23:23 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll 2014-08-03 14:19 - 2012-01-04 11:58 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll 2014-08-03 14:19 - 2012-01-04 11:03 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll 2014-08-03 14:19 - 2011-04-29 05:13 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2014-08-03 14:19 - 2011-04-29 05:12 - 00399872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2014-08-03 14:19 - 2011-04-29 05:12 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2014-08-03 14:19 - 2011-04-09 08:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2014-08-03 14:19 - 2011-04-09 07:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2014-08-03 14:19 - 2011-03-12 14:03 - 00662528 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll 2014-08-03 14:19 - 2011-03-12 13:31 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll 2014-08-03 14:19 - 2011-03-11 08:19 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll 2014-08-03 14:19 - 2011-03-11 08:19 - 01359872 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll 2014-08-03 14:19 - 2011-03-11 07:40 - 01164288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll 2014-08-03 14:19 - 2011-03-11 07:40 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll 2014-08-03 14:19 - 2011-03-03 08:17 - 00356352 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll 2014-08-03 14:19 - 2011-03-03 08:17 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll 2014-08-03 14:19 - 2011-03-03 08:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe 2014-08-03 14:19 - 2011-03-03 07:29 - 00269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll 2014-08-03 14:19 - 2011-03-03 07:27 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe 2014-08-03 14:19 - 2010-07-29 08:30 - 00082944 _____ (Radius Inc.) C:\Windows\SysWOW64\iccvid.dll 2014-08-03 14:17 - 2011-02-05 14:41 - 00640896 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2014-08-03 14:17 - 2011-02-05 14:41 - 00556928 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2014-08-03 14:17 - 2011-02-05 14:41 - 00020352 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll 2014-08-03 14:17 - 2011-02-05 14:41 - 00019328 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll 2014-08-03 14:17 - 2011-02-05 14:41 - 00017792 _____ (Microsoft Corporation) C:\Windows\system32\kdcom.dll 2014-08-03 14:17 - 2011-02-05 14:39 - 00603976 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2014-08-03 14:17 - 2011-02-05 14:39 - 00518160 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2014-08-03 14:17 - 2010-12-21 08:16 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll 2014-08-03 14:17 - 2010-12-21 08:16 - 00258048 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2014-08-03 14:17 - 2010-12-21 08:16 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll 2014-08-03 14:17 - 2010-12-21 08:16 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll 2014-08-03 14:17 - 2010-12-21 08:15 - 00264192 _____ (Microsoft Corporation) C:\Windows\system32\upnp.dll 2014-08-03 14:17 - 2010-12-21 08:15 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll 2014-08-03 14:17 - 2010-12-21 08:10 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2014-08-03 14:17 - 2010-12-21 07:38 - 00350720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll 2014-08-03 14:17 - 2010-12-21 07:38 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2014-08-03 14:17 - 2010-12-21 07:38 - 00204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnp.dll 2014-08-03 14:17 - 2010-12-21 07:38 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll 2014-08-03 14:17 - 2010-12-21 07:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll 2014-08-03 14:17 - 2010-12-21 07:34 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2014-08-03 14:17 - 2010-08-04 09:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\msdri.dll 2014-08-03 14:17 - 2010-06-19 08:53 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\rtutils.dll 2014-08-03 14:17 - 2010-06-19 08:23 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtutils.dll 2014-08-03 14:16 - 2012-05-14 07:20 - 00956416 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2014-08-03 14:16 - 2012-01-03 08:24 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl 2014-08-03 14:16 - 2012-01-03 07:44 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl 2014-08-03 14:16 - 2011-12-16 10:42 - 00634368 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll 2014-08-03 14:16 - 2011-12-16 09:59 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll 2014-08-03 14:16 - 2011-11-17 09:14 - 01739160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-08-03 14:16 - 2011-11-17 07:41 - 01292592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2014-08-03 14:16 - 2011-10-15 08:25 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll 2014-08-03 14:16 - 2011-10-15 07:48 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll 2014-08-03 14:16 - 2011-08-27 07:40 - 00861184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-08-03 14:16 - 2011-08-27 07:40 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll 2014-08-03 14:16 - 2011-08-27 06:43 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-08-03 14:16 - 2011-08-27 06:43 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll 2014-08-03 14:16 - 2011-02-24 08:30 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll 2014-08-03 14:16 - 2011-02-24 07:32 - 00288256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2014-08-03 14:16 - 2011-02-18 08:33 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe 2014-08-03 14:16 - 2011-02-18 07:33 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe 2014-08-03 14:16 - 2011-02-12 08:14 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe 2014-08-03 14:16 - 2010-12-18 08:08 - 01097216 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-08-03 14:16 - 2010-12-18 07:26 - 01034240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-08-03 14:16 - 2010-09-01 07:21 - 14627840 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-08-03 14:16 - 2010-09-01 07:12 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-08-03 14:16 - 2010-09-01 06:29 - 11406848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2014-08-03 14:16 - 2010-09-01 06:23 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2014-08-03 14:16 - 2010-08-21 08:38 - 01024512 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll 2014-08-03 14:16 - 2010-08-21 08:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2014-08-03 14:16 - 2010-08-21 07:36 - 00738816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll 2014-08-03 14:16 - 2010-08-21 07:33 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2014-08-03 14:13 - 2012-11-20 07:55 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-08-03 14:13 - 2012-11-20 07:10 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-08-03 14:11 - 2013-03-19 08:19 - 05497688 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-08-03 14:11 - 2013-03-19 07:54 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2014-08-03 14:11 - 2013-03-19 07:06 - 03958120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-08-03 14:11 - 2013-03-19 07:06 - 03902312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-08-03 14:11 - 2013-03-19 06:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2014-08-03 14:11 - 2013-03-19 05:19 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2014-08-03 14:11 - 2012-06-03 00:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-03 14:11 - 2012-06-03 00:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-03 14:11 - 2012-06-03 00:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-03 14:11 - 2012-06-03 00:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-08-03 14:11 - 2012-06-03 00:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-08-03 14:11 - 2012-06-03 00:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-03 14:11 - 2012-06-03 00:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-03 14:11 - 2011-05-24 13:21 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll 2014-08-03 14:11 - 2011-05-24 12:34 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll 2014-08-03 14:11 - 2011-05-24 12:34 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll 2014-08-03 14:11 - 2011-05-24 12:34 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll 2014-08-03 14:11 - 2011-05-24 12:32 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe 2014-08-03 14:11 - 2011-01-26 08:53 - 00982912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-03 14:11 - 2011-01-26 08:53 - 00265088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2014-08-03 14:11 - 2011-01-26 08:31 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-08-03 14:11 - 2010-11-02 07:18 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll 2014-08-03 14:11 - 2010-11-02 06:41 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll 2014-08-03 14:11 - 2010-10-16 07:23 - 00112000 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-03 14:11 - 2010-08-31 06:32 - 00954752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc40.dll 2014-08-03 14:11 - 2010-08-31 06:32 - 00954288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc40u.dll 2014-08-03 14:11 - 2010-08-21 08:29 - 00558592 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe 2014-08-03 14:11 - 2010-06-26 07:31 - 01863680 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2014-08-03 14:11 - 2010-06-26 07:14 - 01495040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll 2014-08-03 14:11 - 2010-05-23 12:15 - 01619456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2014-08-03 14:11 - 2010-05-23 12:11 - 03181568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-08-03 14:11 - 2010-05-23 12:11 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll 2014-08-03 14:11 - 2010-05-23 10:37 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2014-08-03 14:11 - 2010-05-23 10:35 - 04068864 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-08-03 14:11 - 2010-05-23 10:35 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll 2014-08-03 14:11 - 2010-05-23 10:35 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-08-03 14:09 - 2012-06-02 07:25 - 01462784 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-08-03 14:09 - 2012-06-02 07:25 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-08-03 14:09 - 2012-06-02 07:25 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2014-08-03 14:09 - 2012-06-02 06:45 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2014-08-03 14:09 - 2012-06-02 06:45 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2014-08-03 14:09 - 2012-06-02 06:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2014-08-03 14:09 - 2011-05-03 07:21 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2014-08-03 14:09 - 2011-05-03 06:50 - 00740864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2014-08-03 14:09 - 2011-04-22 22:18 - 00027008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-08-03 14:08 - 2011-02-23 07:15 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys 2014-08-03 14:06 - 2011-11-19 17:07 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-08-03 14:06 - 2011-11-19 16:06 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-08-03 14:02 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-03 14:02 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-03 12:40 - 2014-08-03 20:10 - 00000000 ____D () C:\Trojaner-Board 2014-08-02 12:58 - 2011-02-19 08:37 - 01135104 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-03 20:12 - 2014-08-03 20:12 - 00006553 _____ () C:\Users\Administrator\Desktop\FRST.txt 2014-08-03 20:12 - 2014-08-03 20:11 - 00000000 ____D () C:\FRST 2014-08-03 20:10 - 2014-08-03 12:40 - 00000000 ____D () C:\Trojaner-Board 2014-08-03 20:08 - 2014-08-03 20:07 - 02094080 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe 2014-08-03 20:07 - 2014-08-03 20:07 - 00000488 _____ () C:\Users\Administrator\Desktop\defogger_disable.log 2014-08-03 20:07 - 2014-08-03 20:07 - 00000000 _____ () C:\Users\Administrator\defogger_reenable 2014-08-03 20:07 - 2010-01-25 15:23 - 00000000 ____D () C:\Users\Administrator 2014-08-03 20:05 - 2014-08-03 20:05 - 00050477 _____ () C:\Users\Administrator\Desktop\Defogger.exe 2014-08-03 20:03 - 2014-08-03 20:03 - 00000000 _____ () C:\C64.txt 2014-08-03 20:01 - 2009-10-30 17:14 - 01351521 _____ () C:\Windows\WindowsUpdate.log 2014-08-03 16:44 - 2014-08-03 16:44 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe 2014-08-03 16:44 - 2010-01-25 15:30 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe 2014-08-03 16:40 - 2014-08-03 16:40 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-08-03 16:40 - 2014-08-03 16:40 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-08-03 16:39 - 2014-08-03 16:39 - 00000000 ____D () C:\ProgramData\Adobe 2014-08-03 16:39 - 2014-08-03 16:39 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-08-03 16:29 - 2014-08-03 16:29 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Avira 2014-08-03 16:29 - 2014-08-03 16:26 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-08-03 16:29 - 2014-08-03 16:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-08-03 16:29 - 2010-01-25 16:01 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-08-03 16:29 - 2010-01-25 16:01 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Mozilla 2014-08-03 16:29 - 2010-01-25 16:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-08-03 16:26 - 2014-08-03 16:26 - 00000000 ____D () C:\ProgramData\Mozilla 2014-08-03 16:25 - 2014-08-03 16:25 - 00244408 _____ () C:\Users\Administrator\Downloads\Firefox Setup Stub 31.0.exe 2014-08-03 16:24 - 2009-07-14 06:45 - 00014848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-03 16:24 - 2009-07-14 06:45 - 00014848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-03 16:23 - 2014-08-03 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-03 16:23 - 2014-08-03 16:22 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-08-03 16:23 - 2010-01-25 15:54 - 00000000 ____D () C:\ProgramData\Avira 2014-08-03 16:22 - 2014-08-03 16:22 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-08-03 16:22 - 2014-08-03 16:22 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-03 16:22 - 2009-07-14 19:58 - 00653928 _____ () C:\Windows\system32\perfh007.dat 2014-08-03 16:22 - 2009-07-14 19:58 - 00129800 _____ () C:\Windows\system32\perfc007.dat 2014-08-03 16:22 - 2009-07-14 07:13 - 01498506 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-03 16:17 - 2010-01-26 10:30 - 00198026 _____ () C:\Windows\PFRO.log 2014-08-03 16:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-03 16:17 - 2009-07-14 06:51 - 00025686 _____ () C:\Windows\setupact.log 2014-08-03 16:09 - 2010-01-25 16:04 - 00109296 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-03 16:08 - 2014-08-03 16:07 - 04431200 _____ (Avira Operations GmbH & Co. KG) C:\Users\Administrator\Downloads\avira_de_av_4214566093__ws.exe 2014-08-03 15:53 - 2009-10-30 17:23 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-08-03 15:53 - 2009-07-14 04:34 - 00000478 _____ () C:\Windows\win.ini 2014-08-03 15:50 - 2010-01-25 15:23 - 00001439 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-08-03 15:50 - 2010-01-25 15:23 - 00001405 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2014-08-03 15:50 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-08-03 15:47 - 2009-07-14 06:45 - 00413624 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-03 15:45 - 2014-08-03 15:45 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-08-03 15:45 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal 2014-08-03 15:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-08-03 15:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System 2014-08-03 15:12 - 2014-08-03 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in 2014-08-03 14:46 - 2014-08-03 14:45 - 00000000 ____D () C:\Windows\system32\MRT 2014-08-03 14:41 - 2009-10-30 17:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2014-08-03 14:40 - 2014-08-03 14:38 - 00004747 _____ () C:\Windows\IE9_main.log 2014-08-03 14:39 - 2014-08-03 14:39 - 17854464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 12353024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 10890752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 09711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2014-08-03 14:39 - 2014-08-03 14:39 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-08-03 14:39 - 2014-08-03 14:39 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-08-03 14:39 - 2014-08-03 14:39 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-03 14:39 - 2014-08-03 14:39 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-03 14:39 - 2014-08-03 14:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-08-03 14:39 - 2014-08-03 14:39 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-08-03 14:39 - 2014-08-03 14:39 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-08-03 14:39 - 2014-08-03 14:39 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-03 14:39 - 2014-08-03 14:39 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-08-03 14:39 - 2014-08-03 14:39 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-08-03 14:39 - 2014-08-03 14:39 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-08-03 14:39 - 2014-08-03 14:39 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-08-03 14:39 - 2014-08-03 14:39 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-08-03 14:39 - 2014-08-03 14:39 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-08-03 14:39 - 2014-08-03 14:39 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-08-03 14:39 - 2014-08-03 14:39 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-03 14:39 - 2014-08-03 14:39 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2014-08-03 14:39 - 2014-08-03 14:39 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-08-03 14:39 - 2014-08-03 14:39 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2014-08-03 14:39 - 2014-08-03 14:39 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe 2014-08-03 14:39 - 2014-08-03 14:39 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-08-03 14:39 - 2014-08-03 14:39 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-08-03 14:39 - 2014-08-03 14:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-08-03 14:39 - 2014-08-03 14:39 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-08-03 14:39 - 2014-08-03 14:39 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-08-03 14:39 - 2014-08-03 14:39 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-08-03 14:29 - 2014-08-03 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-08-03 14:29 - 2014-08-03 14:29 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-08-03 14:29 - 2014-08-03 14:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-08-02 12:58 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries 2014-07-23 13:29 - 2014-08-03 16:23 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-07-23 13:29 - 2014-08-03 16:23 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-07-23 13:29 - 2014-08-03 16:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-07-23 10:52 - 2010-01-22 12:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe Some content of TEMP: ==================== C:\Users\Administrator\AppData\Local\Temp\avgnt.exe C:\Users\user\AppData\Local\Temp\FlashPlayerUpdate.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-05-25 09:30 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014 Ran by Administrator at 2014-08-03 20:12:56 Running from C:\Users\Administrator\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Avira (HKLM-x32\...\{9590977b-7b6f-467e-a11a-efa1fae804da}) (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{5DB2894C-2DA4-4DEF-A051-795AE799964A}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 10-09-2012 16:44:51 Geplanter Prüfpunkt 25-05-2014 07:38:03 Geplanter Prüfpunkt 03-08-2014 10:47:57 Installed Microsoft Fix it 50362 03-08-2014 11:00:12 Installed Microsoft Fix it 50362 03-08-2014 12:00:24 Windows Update 03-08-2014 12:02:07 Windows Update 03-08-2014 12:11:03 Windows Update 03-08-2014 12:25:21 Windows Update 03-08-2014 13:52:14 Windows Update 03-08-2014 13:55:31 Windows Update 03-08-2014 14:00:51 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) ==================== Loaded Modules (whitelisted) ============= 2014-07-24 11:50 - 2014-07-24 11:50 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll 2014-07-24 11:49 - 2014-07-24 11:49 - 00065104 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll 2014-08-03 16:24 - 2014-07-24 11:50 - 00049744 _____ () C:\Users\Administrator\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll 2014-08-03 16:26 - 2014-07-17 07:42 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: Standard-VGA-Grafikkarte Description: Standard-VGA-Grafikkarte Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardgrafikkartentypen) Service: vga Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (08/03/2014 03:58:58 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.IdentityModel.Selectors, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070005 Error: (08/03/2014 03:49:54 PM) (Source: Avira AntiVir) (EventID: 4129) (User: NT-AUTORITÄT) Description: USER-PC (192.168.192.58)Keine gültige Lizenz Error: (08/03/2014 02:53:20 PM) (Source: MsiInstaller) (EventID: 11935) (User: user-PC) Description: Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, component: {03329364-ED3E-3EF1-ACB0-C1E9F5282929} Error: (08/03/2014 02:44:35 PM) (Source: Avira AntiVir) (EventID: 4129) (User: NT-AUTORITÄT) Description: USER-PC (192.168.192.58)Keine gültige Lizenz Error: (08/03/2014 02:10:58 PM) (Source: VSS) (EventID: 12310) (User: ) Description: Volumeschattenkopie-Dienstfehler: Die Schattenkopie kann nicht zugesichert werden - Vorgang hat das Zeitlimit überschritten. Fehlerkontext: DeviceIoControl(\\?\Volume{7ef4c4ca-c566-11de-a0d9-806e6f6e6963} - 0000000000000138,0x0053c010,00000000001AEBB0,0,00000000002F7FB0,4096,[0]). Vorgang: Schattenkopien werden übertragen Kontext: Ausführungskontext: System Provider Error: (08/03/2014 01:44:31 PM) (Source: Avira AntiVir) (EventID: 4129) (User: NT-AUTORITÄT) Description: USER-PC (192.168.192.58)Keine gültige Lizenz Error: (08/03/2014 00:44:33 PM) (Source: Avira AntiVir) (EventID: 4129) (User: NT-AUTORITÄT) Description: USER-PC (192.168.192.58)Keine gültige Lizenz Error: (08/03/2014 10:02:11 AM) (Source: Avira AntiVir) (EventID: 4129) (User: NT-AUTORITÄT) Description: USER-PC (192.168.192.58)Keine gültige Lizenz Error: (08/02/2014 02:17:40 PM) (Source: Avira AntiVir) (EventID: 4129) (User: NT-AUTORITÄT) Description: USER-PC (192.168.192.58)Keine gültige Lizenz Error: (08/02/2014 01:01:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . System errors: ============= Error: (08/03/2014 08:12:58 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy4" den Befehl "chkdsk" aus. Error: (08/03/2014 08:12:58 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy3" den Befehl "chkdsk" aus. Error: (08/03/2014 08:12:57 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy2" den Befehl "chkdsk" aus. Error: (08/03/2014 08:12:57 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy1" den Befehl "chkdsk" aus. Error: (08/03/2014 08:00:45 PM) (Source: atikmdag) (EventID: 10261) (User: ) Description: Display is not active Error: (08/03/2014 04:17:38 PM) (Source: atikmdag) (EventID: 10261) (User: ) Description: Display is not active Error: (08/03/2014 04:17:38 PM) (Source: atikmdag) (EventID: 19468) (User: ) Description: CPLIB :: General - Invalid Parameter Error: (08/03/2014 04:03:57 PM) (Source: atikmdag) (EventID: 10261) (User: ) Description: Display is not active Error: (08/03/2014 04:03:57 PM) (Source: atikmdag) (EventID: 19468) (User: ) Description: CPLIB :: General - Invalid Parameter Error: (08/03/2014 03:51:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80242016 fehlgeschlagen: Update für die Kompatibilitätsansichtsliste für Internet Explorer*8 für Windows 7 für x64-basierte Systeme (KB2598845) Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 30% Total physical RAM: 6135.12 MB Available physical RAM: 4278.38 MB Total Pagefile: 12268.38 MB Available Pagefile: 10389.84 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:146.48 GB) (Free:109.02 GB) NTFS Drive d: (Volume) (Fixed) (Total:638.54 GB) (Free:622.35 GB) NTFS Drive e: () (Fixed) (Total:146.39 GB) (Free:116.45 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 6918C67A) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=146 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=146 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=639 GB) - (Type=OF Extended) ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-08-03 20:59:27 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 SAMSUNG_HD103SJ rev.1AJ100E4 931.51GB Running: 15w93fcg.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\kxldapob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075391465 2 bytes [39, 75] .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753914bb 2 bytes [39, 75] .text ... * 2 .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075391465 2 bytes [39, 75] .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753914bb 2 bytes [39, 75] .text ... * 2 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???l?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????E???????G???????H???????J????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ---- EOF - GMER 2.1 ---- |
23.08.2014, 15:19 | #2 |
/// the machine /// TB-Ausbilder | Windows: PC von Behörden beschlagnahmt HI,
__________________was genau ist das Problem mit dem Rechner?
__________________ |
23.08.2014, 17:37 | #3 |
| Windows: PC von Behörden beschlagnahmt Hallo,
__________________Am Rechner sind soweit keine Probleme aufgetaucht. Trotzdem befürchte ich, dass er eventuell nicht sauber ist – eben weil er beschlagnahmt wurde und sich physisch in den Händen der Behörden befand. Ich habe zwar nichts zu verstecken, möchte aber trotzdem nicht, dass jemand dauernd über meine Schultern schaut. |
24.08.2014, 06:47 | #4 |
/// the machine /// TB-Ausbilder | Windows: PC von Behörden beschlagnahmt dann würde ich das ding formatieren und sauber neuaufsetzen. In den Logs ist nix zu sehen. Behörden haben aber auch die Möglichkeit sowas gut zu verstecken, wenn denn in der Theorie was dran gemacht wurde.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
24.08.2014, 12:37 | #5 |
| Windows: PC von Behörden beschlagnahmt Ok, danke!! Und was mache ich mit dem Bios? Kann ich das auch irgendwie prüfen? Gruss Merida |
24.08.2014, 12:43 | #6 |
/// the machine /// TB-Ausbilder | Windows: PC von Behörden beschlagnahmt Es gibt nur eine einzige Malware die da was fuschen kann. Aber da das ja ein richtiger PC ist, kein Laptop, einfach kurz Deckel ab, Strom aus, Batterie für 5 min raus
__________________ --> Windows: PC von Behörden beschlagnahmt |
Themen zu Windows: PC von Behörden beschlagnahmt |
adware, antivirus, avg, browser, defender, email, excel, failed, fehler, firefox, flash player, gebraucht, helper, iexplore.exe, installation, microsoft fix it, mozilla, registry, scan, services.exe, software, staatstrojaner, svchost.exe, system, updates, usb, windows |