| |
| |||||||
Log-Analyse und Auswertung: Windows 7: ADWARE/CrossRider.Gen4, ADWARE/EoRezo.Gen4 und ADWARE/MPlug 6.14 durch AntiVir gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.10.2014, 12:57
| #1 |
| |  Windows 7: ADWARE/CrossRider.Gen4, ADWARE/EoRezo.Gen4 und ADWARE/MPlug 6.14 durch AntiVir gefunden Hallo zusammen, ich helfe meinem Onkel, dessen PC bei Arbeit durch o.g Viren befallen wurde. Die Firma, in der er arbeitet, hat an dem Standort nur 3 Angestellten und keine eigene IT, daher hat er mich angerufen und gefragt, ob ich helfen kann. Zur Info: Ich arbeite über TeamViewer, da ich gute 350km von besagtem PC entfernt wohne. Also mal eben hinfahren und anschauen geht leider nicht. AntiVir-Log: Code:
ATTFilter Exportierte Ereignisse:
20.10.2014 12:02 [System-Scanner] Malware gefunden
Die Datei 'C:\RECYCLER\S-1-5-21-796845957-790525478-682003330-1011\Dc6.exe'
enthielt einen Virus oder unerwünschtes Programm 'Adware/MPlug.6.14' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ignoriert.
20.10.2014 12:02 [System-Scanner] Malware gefunden
Die Datei 'C:\System Volume
Information\_restore{4633B204-BA6F-4815-962C-DC18F25AB34D}\RP641\A0132881.exe'
enthielt einen Virus oder unerwünschtes Programm 'ADWARE/EoRezo.Gen4' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ignoriert.
20.10.2014 12:02 [System-Scanner] Malware gefunden
Die Datei 'C:\RECYCLER\S-1-5-21-796845957-790525478-682003330-1011\Dc1.exe'
enthielt einen Virus oder unerwünschtes Programm 'Adware/MPlug.6.14' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ignoriert.
20.10.2014 12:02 [System-Scanner] Malware gefunden
Die Datei 'C:\System Volume
Information\_restore{4633B204-BA6F-4815-962C-DC18F25AB34D}\RP645\A0133556.exe'
enthielt einen Virus oder unerwünschtes Programm 'ADWARE/CrossRider.Gen4'
[adware].
Durchgeführte Aktion(en):
Die Datei wurde ignoriert.
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-10-2014
Ran by KSC1 (administrator) on KSC1-PC on 21-10-2014 13:14:12
Running from C:\Users\KSC1\Downloads
Loaded Profile: KSC1 (Available profiles: KSC1)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Realtek Semiconductor Corp.) C:\Windows\SOUNDMAN.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Desktop.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-09-24] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SoundMan] => C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [] => [X]
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\KSC1\AppData\Roaming\Mozilla\Firefox\Profiles\4f31030r.default
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
Chrome:
=======
CHR Profile: C:\Users\KSC1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\KSC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-11]
CHR Extension: (Google Drive) - C:\Users\KSC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\KSC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-11]
CHR Extension: (YouTube) - C:\Users\KSC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-11]
CHR Extension: (Google-Suche) - C:\Users\KSC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-11]
CHR Extension: (Google Wallet) - C:\Users\KSC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-11]
CHR Extension: (Google Mail) - C:\Users\KSC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-11]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-09-24] (Avira Operations GmbH & Co. KG)
R3 MonitorFunction; C:\Windows\System32\DRIVERS\TVMonitor.sys [13304 2013-10-17] (TeamViewer GmbH)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-09-24] (Avira GmbH)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-21 13:14 - 2014-10-21 13:15 - 00006807 _____ () C:\Users\KSC1\Downloads\FRST.txt
2014-10-21 13:14 - 2014-10-21 13:14 - 00000000 ____D () C:\FRST
2014-10-21 13:12 - 2014-10-21 13:12 - 00000470 _____ () C:\Users\KSC1\Downloads\defogger_disable.log
2014-10-21 13:12 - 2014-10-21 13:12 - 00000000 _____ () C:\Users\KSC1\defogger_reenable
2014-10-21 13:08 - 2014-10-21 13:09 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\KSC1\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-21 13:07 - 2014-10-21 13:08 - 01705698 _____ (Thisisu) C:\Users\KSC1\Downloads\JRT.exe
2014-10-21 13:07 - 2014-10-21 13:07 - 01962496 _____ () C:\Users\KSC1\Downloads\AdwCleaner_4.001.exe
2014-10-21 13:07 - 2014-10-21 13:07 - 00380416 _____ () C:\Users\KSC1\Downloads\Gmer-19357.exe
2014-10-21 13:06 - 2014-10-21 13:07 - 01102336 _____ (Farbar) C:\Users\KSC1\Downloads\FRST.exe
2014-10-21 13:06 - 2014-10-21 13:06 - 00050477 _____ () C:\Users\KSC1\Downloads\Defogger.exe
2014-10-15 13:22 - 2014-10-15 13:22 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-10-15 10:44 - 2014-10-15 10:44 - 00000000 ____D () C:\Users\KSC1\AppData\Roaming\AdobeUM
2014-10-15 10:14 - 2014-10-15 10:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-15 09:27 - 2014-09-29 02:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 09:26 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 09:26 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 09:26 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 09:26 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 09:26 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 09:26 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 09:26 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 09:26 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 09:26 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 09:26 - 2014-09-19 03:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 09:26 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 09:26 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 09:26 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 09:26 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 09:26 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 09:26 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 09:26 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 09:26 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 09:26 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 09:26 - 2014-09-19 02:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 09:26 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 09:26 - 2014-09-19 02:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 09:26 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 09:26 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 09:26 - 2014-09-19 02:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 09:26 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 09:26 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 09:26 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 09:26 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 09:26 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 09:26 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 09:26 - 2011-03-11 07:39 - 00143744 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2014-10-15 09:26 - 2011-03-11 07:39 - 00117120 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2014-10-15 09:26 - 2011-03-11 07:38 - 00332160 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2014-10-15 09:26 - 2011-03-11 07:38 - 00080256 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2014-10-15 09:26 - 2011-03-11 07:38 - 00022400 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2014-10-15 09:26 - 2011-03-11 07:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2014-10-15 09:26 - 2011-03-11 07:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2014-10-15 09:26 - 2011-03-11 06:01 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-10-15 09:25 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-15 09:25 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-15 09:25 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-15 09:25 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-15 09:25 - 2014-07-09 03:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-15 09:25 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-15 09:25 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 09:25 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 09:25 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 09:24 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 09:24 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 09:24 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 09:24 - 2014-07-17 03:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 09:24 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 09:24 - 2014-07-17 03:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 09:24 - 2014-07-17 03:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 09:24 - 2014-07-17 03:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-15 09:24 - 2014-07-17 03:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 09:24 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 09:24 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 09:24 - 2014-07-17 03:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 09:24 - 2014-07-17 03:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 09:24 - 2014-07-07 03:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 09:24 - 2014-07-07 03:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 09:24 - 2014-07-07 03:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 09:23 - 2014-08-19 04:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 09:23 - 2014-08-19 04:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 09:23 - 2014-08-19 04:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 09:23 - 2014-08-19 04:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 09:23 - 2014-08-19 04:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 09:23 - 2014-08-19 03:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 09:23 - 2014-07-07 03:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 09:23 - 2014-07-07 03:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 09:23 - 2014-07-07 03:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 09:23 - 2014-07-07 03:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 09:23 - 2014-07-07 03:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 09:23 - 2014-07-07 03:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 09:23 - 2014-07-07 03:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 09:23 - 2014-07-07 03:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 09:23 - 2014-07-07 03:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 09:23 - 2014-07-07 03:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 09:23 - 2014-07-07 03:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 09:23 - 2014-07-07 03:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 09:23 - 2014-07-07 03:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 09:23 - 2014-07-07 03:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 09:23 - 2014-07-07 03:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 09:23 - 2014-07-07 03:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 09:23 - 2014-07-07 03:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 09:23 - 2014-07-07 03:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 09:23 - 2014-07-07 03:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 09:23 - 2014-07-07 03:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 09:23 - 2014-07-07 03:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 09:23 - 2014-07-07 03:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 09:23 - 2014-07-07 03:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 09:23 - 2014-07-07 03:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 09:23 - 2014-07-07 03:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-15 09:23 - 2014-07-07 03:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 09:23 - 2014-07-07 03:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 09:23 - 2014-07-07 03:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 09:23 - 2014-07-07 03:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 09:23 - 2014-07-07 03:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 09:23 - 2014-07-07 03:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 09:23 - 2014-06-28 02:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 09:23 - 2014-06-28 02:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 09:23 - 2014-06-28 02:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 09:21 - 2014-10-15 09:19 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-14 17:13 - 2014-10-14 17:13 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-10-14 17:13 - 2014-10-14 17:13 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-10-14 15:36 - 2014-10-14 15:36 - 00000000 ____D () C:\Windows\pss
2014-10-14 15:31 - 2014-10-14 15:31 - 00000000 ____D () C:\Intel
2014-10-14 15:15 - 2014-10-14 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-10-14 15:13 - 2014-10-14 15:13 - 00000000 ____D () C:\Windows\PCHEALTH
2014-10-14 15:10 - 2014-10-14 15:10 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-10-14 15:08 - 2014-10-14 15:13 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-10-14 15:07 - 2014-10-14 15:07 - 00000000 __RHD () C:\MSOCache
2014-10-14 14:08 - 2014-10-14 15:00 - 1025493776 _____ (Microsoft Corporation) C:\Users\KSC1\Downloads\MicrosoftInstaller.exe
2014-10-14 14:04 - 2014-10-15 10:44 - 00000000 ____D () C:\Users\KSC1\AppData\Local\Adobe
2014-10-14 14:02 - 2014-10-14 14:03 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-10-14 14:02 - 2014-10-14 14:02 - 00002459 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 7.0.lnk
2014-10-14 14:02 - 2014-10-14 14:02 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Designer 7.0.lnk
2014-10-14 14:02 - 2014-10-14 14:02 - 00002447 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 7.0 Professional.lnk
2014-10-14 14:01 - 2014-10-14 14:01 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-14 14:00 - 2014-10-14 14:00 - 00000000 ____D () C:\Users\Public\Documents\Adobe PDF
2014-10-14 14:00 - 2014-10-14 14:00 - 00000000 ____D () C:\Program Files\Adobe
2014-10-14 13:22 - 2014-10-14 13:23 - 05272421 _____ () C:\Users\KSC1\Downloads\GFX_XP2K_MCE_14.17.0.4396_PV.EXE
2014-10-14 12:32 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-10-14 12:17 - 2014-10-15 13:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-14 12:17 - 2014-10-15 13:01 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 12:07 - 2014-10-14 12:07 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-14 12:07 - 2014-10-14 12:07 - 00000000 ____D () C:\Users\KSC1\AppData\Roaming\Mozilla
2014-10-14 12:07 - 2014-10-14 12:07 - 00000000 ____D () C:\Users\KSC1\AppData\Local\Mozilla
2014-10-14 12:06 - 2014-10-16 08:06 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-14 12:06 - 2014-10-14 12:06 - 00000000 ____D () C:\ProgramData\Mozilla
2014-10-14 12:00 - 2014-10-14 12:00 - 00244408 _____ () C:\Users\KSC1\Downloads\Firefox Setup Stub 32.0.3.exe
2014-10-14 11:52 - 2013-10-17 17:32 - 00013304 _____ (TeamViewer GmbH) C:\Windows\system32\Drivers\TVMonitor.sys
2014-10-14 11:20 - 2014-10-14 11:20 - 00000000 __SHD () C:\Users\KSC1\AppData\Local\EmieUserList
2014-10-14 11:20 - 2014-10-14 11:20 - 00000000 __SHD () C:\Users\KSC1\AppData\Local\EmieSiteList
2014-10-14 08:47 - 2012-02-11 07:37 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2014-10-14 08:44 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-10-14 08:44 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-10-14 08:44 - 2013-11-23 20:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-10-14 08:44 - 2011-02-25 07:30 - 02616320 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-10-14 08:40 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-10-14 08:18 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-10-14 07:55 - 2014-10-14 14:04 - 00000000 ____D () C:\Users\KSC1\AppData\Roaming\Adobe
2014-10-13 12:30 - 2012-07-26 05:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-10-13 12:30 - 2012-07-26 05:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-10-13 12:30 - 2012-07-26 05:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-10-13 12:30 - 2012-07-26 05:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-10-13 12:30 - 2012-07-26 05:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-10-13 12:30 - 2012-07-26 04:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-10-13 12:30 - 2012-07-26 04:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-10-13 12:30 - 2012-06-02 16:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-10-13 12:28 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-10-13 12:28 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-10-13 12:27 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-10-13 12:27 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-10-13 12:26 - 2012-03-01 07:46 - 00019824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2014-10-13 12:26 - 2012-03-01 07:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2014-10-13 12:20 - 2010-02-11 09:10 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2014-10-13 11:47 - 2014-10-13 11:47 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-10-13 11:47 - 2014-10-13 11:47 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-10-13 11:47 - 2014-10-13 11:47 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-13 11:47 - 2014-10-13 11:47 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-10-13 11:47 - 2014-10-13 11:47 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-13 11:47 - 2014-10-13 11:47 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-10-13 11:47 - 2014-10-13 11:47 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-10-13 11:47 - 2014-10-13 11:47 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-10-13 11:47 - 2014-10-13 11:47 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-10-13 11:47 - 2014-10-13 11:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-10-13 11:47 - 2014-10-13 11:47 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-10-13 11:47 - 2014-10-13 11:47 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-10-13 11:47 - 2014-10-13 11:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-10-13 11:47 - 2014-10-13 11:47 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-13 11:47 - 2014-10-13 11:47 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-10-13 11:47 - 2014-10-13 11:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-10-13 11:47 - 2014-10-13 11:47 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-10-13 11:47 - 2014-10-13 11:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-10-13 11:47 - 2014-10-13 11:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-10-13 11:47 - 2014-10-13 11:47 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-10-13 11:47 - 2014-10-13 11:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-10-13 11:47 - 2014-10-13 11:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-13 11:47 - 2014-10-13 11:47 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-10-13 11:47 - 2014-10-13 11:47 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-10-13 11:47 - 2014-10-13 11:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-13 11:47 - 2014-10-13 11:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-13 11:46 - 2014-10-13 11:46 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-10-13 11:46 - 2014-10-13 11:46 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-10-13 11:46 - 2014-10-13 11:46 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-10-13 11:46 - 2014-10-13 11:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-10-13 11:46 - 2014-10-13 11:46 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-10-13 11:45 - 2014-10-13 11:45 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-10-13 11:45 - 2014-10-13 11:45 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-10-13 11:42 - 2014-10-13 11:42 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-10-13 11:42 - 2014-10-13 11:42 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-10-13 11:42 - 2014-10-13 11:42 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-10-13 11:42 - 2014-10-13 11:42 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-10-13 11:42 - 2014-10-13 11:42 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-10-13 11:42 - 2014-10-13 11:42 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-10-13 11:42 - 2014-10-13 11:42 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-10-13 11:42 - 2014-10-13 11:42 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-10-13 11:42 - 2014-10-13 11:42 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-10-13 11:42 - 2014-10-13 11:42 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-10-13 11:42 - 2014-10-13 11:42 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-10-13 11:42 - 2014-10-13 11:42 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-10-13 11:42 - 2014-10-13 11:42 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-10-13 11:42 - 2014-10-13 11:42 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-10-13 11:42 - 2014-10-13 11:42 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-10-13 11:42 - 2014-10-13 11:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-10-13 11:42 - 2014-10-13 11:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-10-13 11:42 - 2014-10-13 11:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-10-13 11:42 - 2014-10-13 11:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-10-13 11:42 - 2014-10-13 11:42 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-10-13 11:39 - 2014-10-13 11:53 - 00016565 _____ () C:\Windows\IE11_main.log
2014-10-13 11:39 - 2014-10-13 11:39 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-10-13 10:29 - 2013-10-04 03:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-10-13 10:29 - 2013-10-04 03:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-10-13 10:29 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-10-13 10:29 - 2013-07-03 05:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-10-13 10:29 - 2013-07-03 05:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-10-13 10:29 - 2012-08-22 19:16 - 00712048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-10-13 10:29 - 2012-07-04 21:45 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2014-10-13 10:29 - 2011-04-29 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-10-13 10:29 - 2011-04-29 04:46 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-10-13 10:29 - 2011-04-29 04:46 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-10-13 10:28 - 2013-10-30 04:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-10-13 10:28 - 2013-02-12 05:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2014-10-13 10:28 - 2012-11-02 07:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2014-10-13 10:28 - 2011-06-16 06:33 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2014-10-13 10:28 - 2011-02-18 07:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2014-10-13 10:27 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-10-13 10:27 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-10-13 10:27 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-10-13 10:27 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-10-13 10:27 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-10-13 10:27 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-10-13 10:27 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-10-13 10:27 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-10-13 10:27 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-10-13 10:27 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-10-13 10:27 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-10-13 10:27 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-10-13 10:27 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-10-13 10:27 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-10-13 10:27 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-10-13 10:27 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-10-13 10:27 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-10-13 10:27 - 2013-01-24 06:47 - 00196328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-10-13 10:26 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-10-13 10:26 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-10-13 10:26 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-10-13 10:26 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-10-13 10:26 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-10-13 10:26 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-10-13 10:26 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-10-13 10:26 - 2012-08-21 22:12 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2014-10-13 10:26 - 2011-03-03 07:38 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-10-13 10:26 - 2011-03-03 07:38 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-10-13 10:26 - 2011-03-03 07:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2014-10-13 10:25 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-10-13 10:25 - 2013-02-15 05:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-13 10:25 - 2011-12-30 07:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2014-10-13 10:25 - 2011-08-17 06:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2014-10-13 10:25 - 2011-08-17 06:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2014-10-13 10:25 - 2011-05-24 12:44 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2014-10-13 10:24 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-10-13 10:24 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-10-13 10:24 - 2013-10-04 03:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-10-13 10:24 - 2013-10-04 03:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-10-13 10:24 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-10-13 10:24 - 2013-07-12 12:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-10-13 10:24 - 2013-06-06 06:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-10-13 10:24 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-10-13 10:24 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-10-13 10:24 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-10-13 10:24 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-10-13 10:24 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-10-13 10:24 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2014-10-13 10:24 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-10-13 10:24 - 2012-09-26 00:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2014-10-13 10:24 - 2012-07-04 23:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2014-10-13 10:24 - 2012-07-04 23:14 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2014-10-13 10:24 - 2012-07-04 23:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2014-10-13 10:24 - 2012-05-05 09:46 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-13 10:24 - 2011-07-09 04:30 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-10-13 10:24 - 2011-04-27 04:17 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-10-13 10:24 - 2011-04-27 04:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-10-13 10:23 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-10-13 10:23 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-10-13 10:23 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-10-13 10:23 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-10-13 10:23 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-13 10:23 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-10-13 10:23 - 2013-11-26 13:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-10-13 10:23 - 2011-08-27 06:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-10-13 10:23 - 2011-08-27 06:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2014-10-13 10:22 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-13 10:22 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-10-13 10:22 - 2014-01-28 04:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-10-13 10:22 - 2013-08-28 02:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-10-13 10:22 - 2013-03-19 05:33 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2014-10-13 10:22 - 2012-12-07 14:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-10-13 10:22 - 2012-12-07 14:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2014-10-13 10:22 - 2012-12-07 12:46 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2014-10-13 10:22 - 2012-12-07 12:46 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2014-10-13 10:22 - 2012-12-07 12:46 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2014-10-13 10:22 - 2012-12-07 12:46 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2014-10-13 10:22 - 2012-12-07 12:46 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2014-10-13 10:22 - 2012-12-07 12:46 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2014-10-13 10:22 - 2012-12-07 12:46 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2014-10-13 10:22 - 2012-12-07 12:46 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2014-10-13 10:22 - 2012-12-07 12:46 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2014-10-13 10:22 - 2012-12-07 12:46 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2014-10-13 10:22 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2014-10-13 10:22 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2014-10-13 10:22 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2014-10-13 10:22 - 2012-12-07 12:46 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2014-10-13 10:21 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-10-13 10:21 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-10-13 10:21 - 2013-07-04 11:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-10-13 10:21 - 2012-10-09 19:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-10-13 10:21 - 2012-10-09 19:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-10-13 10:20 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-10-13 10:20 - 2014-02-04 04:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-10-13 10:20 - 2014-02-04 04:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-10-13 10:20 - 2014-02-04 04:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-10-13 10:20 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-10-13 10:20 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-10-13 10:20 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-10-13 10:20 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-10-13 10:20 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-10-13 10:20 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-10-13 10:20 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-10-13 10:20 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-10-13 10:20 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-10-13 10:20 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-10-13 10:20 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-10-13 10:20 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-10-13 10:20 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-10-13 10:20 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-10-13 10:20 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-10-13 10:20 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-10-13 10:20 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-10-13 10:20 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-10-13 10:20 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-10-13 10:20 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-10-13 10:20 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-10-13 10:20 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-10-13 10:20 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-10-13 10:20 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-10-13 10:20 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-10-13 10:20 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-10-13 10:20 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-10-13 10:20 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-10-13 10:20 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-10-13 10:20 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-10-13 10:20 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-10-13 10:20 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-10-13 10:20 - 2012-10-03 18:42 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2014-10-13 10:20 - 2012-10-03 18:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2014-10-13 10:20 - 2012-10-03 18:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2014-10-13 10:20 - 2012-10-03 18:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2014-10-13 10:20 - 2012-10-03 18:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2014-10-13 10:20 - 2012-10-03 18:40 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-10-13 10:20 - 2012-10-03 17:21 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-10-13 10:19 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-10-13 10:19 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-10-13 10:19 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-13 10:19 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-10-13 10:19 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-10-13 10:19 - 2014-01-24 04:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-10-13 10:19 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-10-13 10:19 - 2013-10-12 04:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-10-13 10:19 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-10-13 10:19 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-10-13 10:19 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-10-13 10:18 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-10-13 10:17 - 2012-06-06 07:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2014-10-13 10:17 - 2012-04-26 06:45 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2014-10-13 10:17 - 2012-04-26 06:41 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2014-10-13 10:17 - 2011-11-17 07:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2014-10-13 10:17 - 2011-05-03 06:30 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-10-13 10:17 - 2010-12-23 07:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2014-10-13 10:17 - 2010-12-23 07:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2014-10-13 10:17 - 2010-12-23 07:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2014-10-13 10:16 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-10-13 10:16 - 2013-06-26 00:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-10-13 10:16 - 2012-11-29 00:57 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-10-13 10:16 - 2012-11-29 00:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2014-10-13 10:16 - 2012-11-29 00:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2014-10-13 10:16 - 2012-05-14 06:33 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-10-13 10:16 - 2012-05-01 06:44 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-10-13 10:16 - 2012-03-17 09:27 - 00056176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2014-10-13 10:16 - 2012-01-04 10:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2014-10-13 10:16 - 2011-12-16 09:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2014-10-13 10:16 - 2011-10-15 07:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2014-10-13 10:16 - 2011-06-15 10:55 - 00319488 _____ (Microsoft Corporation) C:\Windows\system32\odbcjt32.dll
2014-10-13 10:16 - 2011-06-15 10:55 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll
2014-10-13 10:16 - 2011-06-15 10:55 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll
2014-10-13 10:16 - 2011-06-15 10:55 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll
2014-10-13 10:16 - 2011-06-15 10:55 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll
2014-10-13 10:16 - 2011-05-04 06:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2014-10-13 10:16 - 2011-05-04 06:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2014-10-13 10:16 - 2011-05-04 06:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2014-10-13 10:16 - 2011-05-04 06:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2014-10-13 10:16 - 2011-05-04 06:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2014-10-13 10:16 - 2011-05-04 06:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2014-10-13 10:16 - 2011-05-04 06:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2014-10-13 10:16 - 2011-05-04 06:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2014-10-13 10:16 - 2011-05-04 06:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2014-10-13 10:16 - 2011-04-09 07:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-10-13 10:16 - 2011-03-11 07:33 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2014-10-13 10:16 - 2011-03-11 07:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2014-10-13 10:16 - 2011-02-23 06:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2014-10-13 10:16 - 2011-02-12 07:35 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe
2014-10-13 10:15 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-13 10:15 - 2013-11-27 03:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-10-13 10:15 - 2013-11-27 03:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-10-13 10:15 - 2013-11-27 03:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-10-13 10:15 - 2013-11-27 03:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-10-13 10:15 - 2013-11-27 03:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-10-13 10:15 - 2013-11-27 03:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-10-13 10:13 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-10-13 10:12 - 2014-10-13 10:12 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-10-13 10:10 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-10-13 10:10 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-10-13 10:10 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-10-13 10:10 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-10-13 10:10 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-10-13 10:10 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-10-13 10:10 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-10-13 10:10 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-10-13 10:10 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-10-13 10:06 - 2014-10-13 10:15 - 00000000 ___RD () C:\Users\KSC1\Desktop\Meins
2014-10-13 10:05 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-10-13 10:05 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-10-13 10:05 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-10-13 10:05 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-10-13 10:05 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-10-13 10:05 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-10-13 10:05 - 2013-07-04 14:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-10-13 09:35 - 2013-02-27 06:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-10-11 20:29 - 2012-02-17 07:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-10-11 20:29 - 2012-02-17 06:13 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-10-11 20:24 - 2014-10-11 20:24 - 00000000 ____D () C:\Users\KSC1\AppData\Roaming\Avira
2014-10-11 20:16 - 2014-09-24 12:44 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-10-11 20:15 - 2014-09-24 12:44 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-11 20:15 - 2014-09-24 12:44 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-11 20:15 - 2014-09-24 12:44 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-10-11 20:08 - 2014-10-14 15:13 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-10-11 20:03 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-11 20:03 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-11 20:03 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-11 20:03 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-11 20:03 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-11 20:03 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-11 20:03 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-11 20:03 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-11 20:03 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-11 19:52 - 2014-10-11 19:07 - 00000000 ____D () C:\Windows\Panther
2014-10-11 19:52 - 2013-07-31 15:00 - 00000210 ____H () C:\Boot.BAK
2014-10-11 19:44 - 2014-10-11 19:44 - 00001138 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-10-11 19:44 - 2014-10-11 19:44 - 00000000 ____D () C:\Users\KSC1\AppData\Roaming\TeamViewer
2014-10-11 19:44 - 2014-10-11 19:44 - 00000000 ____D () C:\Program Files\TeamViewer
2014-10-11 19:42 - 2014-10-11 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-11 19:41 - 2014-10-21 12:46 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-11 19:41 - 2014-10-21 12:27 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-11 19:41 - 2014-10-11 19:42 - 00000000 ____D () C:\Users\KSC1\AppData\Local\Google
2014-10-11 19:41 - 2014-10-11 19:42 - 00000000 ____D () C:\Program Files\Google
2014-10-11 19:29 - 2014-10-15 13:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-11 19:29 - 2014-10-11 19:29 - 00000000 ____D () C:\Users\KSC1\AppData\Local\Microsoft Help
2014-10-11 19:25 - 2014-10-14 15:32 - 00085360 _____ () C:\Users\KSC1\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-11 19:24 - 2014-10-11 20:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-11 19:24 - 2014-10-11 20:15 - 00000000 ____D () C:\ProgramData\Avira
2014-10-11 19:24 - 2014-10-11 20:15 - 00000000 ____D () C:\Program Files\Avira
2014-10-11 19:24 - 2014-10-11 19:24 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-11 19:07 - 2014-10-21 13:12 - 00000000 ____D () C:\Users\KSC1
2014-10-11 19:07 - 2014-10-11 19:07 - 00001409 _____ () C:\Users\KSC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-11 19:07 - 2014-10-11 19:07 - 00000020 ___SH () C:\Users\KSC1\ntuser.ini
2014-10-11 19:07 - 2014-10-11 19:07 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-10-11 19:07 - 2014-10-11 19:07 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-10-11 19:07 - 2014-10-11 19:07 - 00000000 _SHDL () C:\Users\KSC1\Startmenü
2014-10-11 19:07 - 2014-10-11 19:07 - 00000000 _SHDL () C:\Users\KSC1\Netzwerkumgebung
2014-10-11 19:07 - 2014-10-11 19:07 - 00000000 _SHDL () C:\Users\KSC1\Druckumgebung
2014-10-11 19:07 - 2014-10-11 19:07 - 00000000 _SHDL () C:\Users\KSC1\Documents\Eigene Musik
2014-10-11 19:07 - 2014-10-11 19:07 - 00000000 _SHDL () C:\Users\KSC1\Documents\Eigene Bilder
2014-10-11 19:07 - 2014-10-11 19:07 - 00000000 _SHDL () C:\Users\KSC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-10-11 19:07 - 2014-10-11 19:07 - 00000000 _SHDL () C:\Users\KSC1\AppData\Local\Verlauf
2014-10-11 19:07 - 2014-10-11 19:07 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-10-11 19:07 - 2014-10-11 19:07 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-10-11 19:07 - 2014-10-11 19:07 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-10-11 19:07 - 2014-10-11 19:07 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-10-11 19:07 - 2014-10-11 19:07 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-10-11 19:07 - 2014-10-11 19:07 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-10-11 19:07 - 2014-10-11 19:07 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-10-11 19:07 - 2014-10-11 19:07 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-10-11 19:07 - 2014-10-11 19:07 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-10-11 19:07 - 2014-10-11 19:07 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-10-11 19:07 - 2014-10-11 19:07 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-10-11 19:07 - 2014-10-11 19:07 - 00000000 _SHDL () C:\Programme
2014-10-11 19:07 - 2014-10-11 19:07 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-10-11 19:07 - 2014-10-11 19:07 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2014-10-11 19:07 - 2014-10-11 19:07 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-10-11 19:07 - 2014-10-11 19:07 - 00000000 __SHD () C:\Recovery
2014-10-11 19:07 - 2014-10-11 19:07 - 00000000 ____D () C:\Users\KSC1\AppData\Local\VirtualStore
2014-10-11 19:07 - 2009-07-14 06:42 - 00000000 ___RD () C:\Users\KSC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-11 19:07 - 2009-07-14 06:37 - 00000000 ___RD () C:\Users\KSC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-11 18:58 - 2014-10-11 18:58 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2014-10-11 18:57 - 2014-10-21 13:02 - 01688724 _____ () C:\Windows\WindowsUpdate.log
2014-10-11 18:57 - 2014-10-11 18:57 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2014-10-11 18:54 - 2014-10-11 18:57 - 00001355 _____ () C:\Windows\TSSysprep.log
2014-10-11 18:42 - 2014-10-11 19:52 - 00008192 __RSH () C:\BOOTSECT.BAK
2014-10-11 18:42 - 2014-06-28 02:21 - 00391640 __RSH () C:\bootmgr
2014-10-10 15:02 - 2014-10-11 19:22 - 00000000 ____D () C:\Scan
2014-10-10 15:01 - 2014-10-14 15:35 - 00000000 ____D () C:\Temp
2014-10-10 15:01 - 2014-10-11 19:23 - 00000000 ____D () C:\Users\KSC1\Desktop\Vorlagen KSC
2014-09-27 16:18 - 2014-09-27 16:18 - 00000000 ____D () C:\62a96916-600a-482f-adf1-d1d0099faaf4
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-21 12:34 - 2009-07-14 06:34 - 00031680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-21 12:34 - 2009-07-14 06:34 - 00031680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-21 12:26 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-21 12:26 - 2009-07-14 06:39 - 00023051 _____ () C:\Windows\setupact.log
2014-10-20 08:13 - 2010-11-20 23:01 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-16 11:51 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-10-16 11:33 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-16 08:09 - 2009-07-14 06:33 - 00333912 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 08:08 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-10-15 12:58 - 2009-07-14 04:04 - 00000478 _____ () C:\Windows\win.ini
2014-10-14 17:16 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-10-14 15:14 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-10-14 15:10 - 2010-11-21 02:33 - 00000000 ____D () C:\Windows\ShellNew
2014-10-14 13:18 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-10-14 09:03 - 2010-11-21 02:33 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-14 07:47 - 2010-11-21 02:28 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE
2014-10-14 07:46 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\Windows Defender
2014-10-14 07:46 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\zh-TW
2014-10-14 07:46 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-10-14 07:46 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\zh-CN
2014-10-14 07:46 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-10-14 07:46 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\sv-SE
2014-10-14 07:46 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\ru-RU
2014-10-14 07:46 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\pt-PT
2014-10-14 07:46 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2014-10-14 07:46 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\pl-PL
2014-10-14 07:46 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\nl-NL
2014-10-14 07:46 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\nb-NO
2014-10-14 07:46 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\ko-KR
2014-10-14 07:46 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\ja-JP
2014-10-14 07:46 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\it-IT
2014-10-14 07:46 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\hu-HU
2014-10-14 07:46 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\fr-FR
2014-10-14 07:46 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\fi-FI
2014-10-14 07:46 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\el-GR
2014-10-13 09:18 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Public\Libraries
2014-10-13 09:13 - 2010-11-20 23:48 - 00139106 _____ () C:\Windows\PFRO.log
2014-10-11 19:52 - 2009-07-14 06:57 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-10-11 19:52 - 2009-07-14 06:52 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-10-11 19:52 - 2006-02-09 15:53 - 00000354 __RSH () C:\Boot.ini.saved
2014-10-11 19:28 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\restore
2014-10-11 19:07 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-10-11 19:07 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\Recovery
2014-10-11 19:07 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Windows NT
2014-10-11 18:58 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-11 18:54 - 2010-11-21 02:33 - 00000000 ____D () C:\Windows\CSC
2014-10-11 18:54 - 2009-07-14 06:34 - 00002790 _____ () C:\Windows\DtcInstall.log
2014-10-02 10:00 - 2013-07-26 16:46 - 00000210 _____ () C:\Users\KSC1\Desktop\Fetscher Admin Reservierung.url
Some content of TEMP:
====================
C:\Users\KSC1\AppData\Local\Temp\avgnt.exe
C:\Users\KSC1\AppData\Local\Temp\Instngin.dll
C:\Users\KSC1\AppData\Local\Temp\PCIUtil.dll
C:\Users\KSC1\AppData\Local\Temp\Setup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-16 11:43
==================== End Of Log ============================
FRST-Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-10-2014
Ran by KSC1 at 2014-10-21 13:16:22
Running from C:\Users\KSC1\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}<
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (HKLM\...\Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V) (Version: 7.0.0 - Adobe Systems)
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (Version: 7.0.0 - Adobe Systems) Hidden
Avira (HKLM\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Mozilla Firefox 33.0 (x86 de) (HKLM\...\Mozilla Firefox 33.0 (x86 de)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
21-10-2014 09:10:15 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {30FB0A9B-DE24-4345-80ED-79681625CD3D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-11] (Google Inc.)
Task: {F23EF626-0453-4544-BDD6-921B466EC3C3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-11] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2004-12-14 03:28 - 2004-12-14 03:28 - 01212416 _____ () C:\Program Files\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk => C:\Windows\pss\Adobe Acrobat - Schnellstart.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 7.0 => "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
MSCONFIG\startupreg: igfxhkcmd => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: igfxpers => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: igfxtray => C:\Windows\system32\igfxtray.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-2863104400-3830343225-733573291-500 - Administrator - Disabled)
Gast (S-1-5-21-2863104400-3830343225-733573291-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2863104400-3830343225-733573291-1002 - Limited - Enabled)
KSC1 (S-1-5-21-2863104400-3830343225-733573291-1000 - Administrator - Enabled) => C:\Users\KSC1
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/21/2014 00:28:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/21/2014 08:54:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/20/2014 08:08:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/19/2014 07:55:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/17/2014 11:38:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/16/2014 08:11:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/16/2014 08:08:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. "ESENT"-Fehler: -107.
Error: (10/16/2014 08:08:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. "ESENT"-Fehler: -107.
Error: (10/16/2014 08:08:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. "ESENT"-Fehler: -107.
Error: (10/16/2014 08:08:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (10/21/2014 01:01:54 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (10/21/2014 00:57:19 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.
Error: (10/19/2014 11:40:06 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.
Error: (10/19/2014 11:05:10 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService erreicht.
Error: (10/19/2014 08:45:37 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.
Error: (10/19/2014 07:54:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.
Error: (10/14/2014 08:36:49 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f0902 fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2893294)
Error: (10/14/2014 08:36:49 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f0902 fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2871997)
Error: (10/14/2014 08:36:49 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Update für Microsoft Outlook 2010 (KB2553248) 32-Bit-Edition
Error: (10/14/2014 08:36:49 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f0902 fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2993651)
Microsoft Office Sessions:
=========================
Error: (10/21/2014 00:28:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/21/2014 08:54:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/20/2014 08:08:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/19/2014 07:55:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/17/2014 11:38:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/16/2014 08:11:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/16/2014 08:08:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -107
Error: (10/16/2014 08:08:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -107
Error: (10/16/2014 08:08:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -107
Error: (10/16/2014 08:08:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of memory in use: 65%
Total physical RAM: 1007.55 MB
Available physical RAM: 349.27 MB
Total Pagefile: 2031.55 MB
Available Pagefile: 1086.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.65 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:74.53 GB) (Free:47.24 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: B3A1B3A1)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-21 13:56:18
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST380817AS rev.3.42 74,53GB
Running: Gmer-19357.exe; Driver: C:\Users\KSC1\AppData\Local\Temp\kwtdqpog.sys
---- System - GMER 2.1 ----
SSDT 8CCC8596 ZwCreateSection
SSDT 8CCC85A0 ZwRequestWaitReplyPort
SSDT 8CCC859B ZwSetContextThread
SSDT 8CCC85A5 ZwSetSecurityObject
SSDT 8CCC85AA ZwSystemDebugControl
SSDT 8CCC8537 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwRollbackEnlistment + 1419 8287B995 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8289B5F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 14BF 828A2B94 4 Bytes [96, 85, CC, 8C]
.text ntoskrnl.exe!KeRemoveQueueEx + 181B 828A2EF0 4 Bytes [A0, 85, CC, 8C]
.text ntoskrnl.exe!KeRemoveQueueEx + 185F 828A2F34 4 Bytes [9B, 85, CC, 8C]
.text ntoskrnl.exe!KeRemoveQueueEx + 18DB 828A2FB0 4 Bytes [A5, 85, CC, 8C]
.text ntoskrnl.exe!KeRemoveQueueEx + 192F 828A3004 4 Bytes [AA, 85, CC, 8C]
.text ...
---- User code sections - GMER 2.1 ----
.text C:\Windows\Explorer.EXE[1216] SHELL32.dll!SHFormatDrive + 7D3 76F04808 8 Bytes [80, 11, 7D, 61, C0, 11, 7D, ...] {ADC BYTE [ECX], 0x7d; POPA ; RCL BYTE [ECX], 0x7d; POPA }
---- EOF - GMER 2.1 ----
Danke Euch im Voraus für Eure Hilfe! Viele Grüße, Christian |
|
21.10.2014, 14:03
| #2 |
| /// TB-Ausbilder   | Windows 7: ADWARE/CrossRider.Gen4, ADWARE/EoRezo.Gen4 und ADWARE/MPlug 6.14 durch AntiVir gefunden Hallo cHetterich
__________________ Mein Name ist Timo und ich werde Dir bei deinem Problem behilflich sein.
 Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist immer der sicherste Weg. Wir "arbeiten" hier alle freiwillig und in unserer Freizeit *hust*. Daher kann es bei Antworten zu Verzögerungen kommen. Solltest du innerhalb 48 Std keine Antwort von mir erhalten, dann schreib mit eine PM Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis ich oder jemand vom Team sagt, dass Du clean bist.
__________________ |
|
21.10.2014, 14:08
| #3 |
| /// TB-Ausbilder | Windows 7: ADWARE/CrossRider.Gen4, ADWARE/EoRezo.Gen4 und ADWARE/MPlug 6.14 durch AntiVir gefunden Sag deinem Onkel bzw. der Firma, das wir gerne Spenden nehmen
__________________ Auf dem ersten Blick sieht man auch nur "Spuren" von AdWare, deshalb sollte hier sehr schnell ein sauberes System möglich sein. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Papierkorb leeren ! Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Downloade Dir bitte  Malwarebytes Anti-Malware
Achtung, ESET Scan dauert länger: ESET Online Scanner
__________________ |
|
21.10.2014, 17:07
| #4 |
| | Windows 7: ADWARE/CrossRider.Gen4, ADWARE/EoRezo.Gen4 und ADWARE/MPlug 6.14 durch AntiVir gefunden Hallo Timo, vielen Dank für Deine schnelle Antwort. Die Spende wird sicher kommen, ob nun von meinem Onkel, der Firma oder mir ;-) Hier die gewünschten Infos: FRST-Log Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-10-2014
Ran by KSC1 at 2014-10-21 15:19:05 Run:1
Running from C:\Users\KSC1\Downloads
Loaded Profile: KSC1 (Available profiles: KSC1)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
emptytemp:
*****************
EmptyTemp: => Removed 218.4 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====
Code:
ATTFilter # AdwCleaner v4.001 - Bericht erstellt am 21/10/2014 um 15:29:57
# DB v2014-10-20.3
# Aktualisiert 20/10/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : KSC1 - KSC1-PC
# Gestartet von : C:\Users\KSC1\Downloads\AdwCleaner_4.001.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{06E58E5E-F8CB-4049-991E-A41C03BD419E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{43D9E6F0-1776-4897-AE14-ECEDECBAFEC0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5A074B29-F830-49DE-A31B-5BB9D7F6B407}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{DCC70A83-E184-40A3-906B-779AF5E941C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Mozilla Firefox v33.0 (x86 de)
-\\ Google Chrome v38.0.2125.104
*************************
AdwCleaner[R0].txt - [3350 octets] - [21/10/2014 15:24:52]
AdwCleaner[S0].txt - [3263 octets] - [21/10/2014 15:29:57]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3323 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 7 Professional x86
Ran by KSC1 on 21.10.2014 at 15:37:28,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.10.2014 at 15:43:11,48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 21.10.2014 Suchlauf-Zeit: 15:48:37 Logdatei: mbam.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.10.21.05 Rootkit Datenbank: v2014.10.20.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: KSC1 Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 277213 Verstrichene Zeit: 13 Min, 24 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=aa10aa2e913d4f4faf413249c441aebf
# engine=20703
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-21 04:03:06
# local_time=2014-10-21 06:03:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 32332 2351926 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 66 85 641782 165538577 0 0
# scanned=106265
# found=0
# cleaned=0
# scan_time=6570
Scheint, als ob alles beseitigt wurde, oder? Viele Grüße, Christian |
|
22.10.2014, 08:17
| #5 |
| /// TB-Ausbilder | Windows 7: ADWARE/CrossRider.Gen4, ADWARE/EoRezo.Gen4 und ADWARE/MPlug 6.14 durch AntiVir gefunden Das deutest du genau richtig. Die gemeldeten Funde von Avira waren auch ausschliesslich einfache AdWare, also nervige Werbung die es .z.b. auch bei Chip.de oder anderen Downloadportalen "gratis dazu" gibt, das schafft sogar Avira  Also die Logs sind soweit sauber. Die Reihenfolge ist hier entscheidend.
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ändere regelmäßig alle deine Passwörter, jetzt, nach der Bereinigung ist ein idealer Zeitpunkt dafür
Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti-Viren-Programm und zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden. Mozilla Firefox
Performance
Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
| Themen zu Windows 7: ADWARE/CrossRider.Gen4, ADWARE/EoRezo.Gen4 und ADWARE/MPlug 6.14 durch AntiVir gefunden |
| administrator, adobe, adware, adware crossrider.gen4, adware eorezo.gen4, adware mplug 6.14, adware/crossrider.gen, adware/crossrider.gen4, antivir, antivirus, avira, browser, cpu, desktop, explorer, home, malware, microsoft, mozilla, nvidia, opera, pdf, programm, realtek, registry, services.exe, svchost.exe, updates, viren, virus, windows, windows 7 32 bit |
Linear-Darstellung
