|
Plagegeister aller Art und deren Bekämpfung: Win8 64bit (neu) bootet langsam, pop ups und werbungen im chrome...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
31.03.2015, 09:05 | #16 |
| Win8 64bit (neu) bootet langsam, pop ups und werbungen im chrome...Code:
ATTFilter 2015-03-07 12:26 - 2014-10-29 04:24 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\NcaApi.dll 2015-03-07 12:26 - 2014-10-29 04:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\pcwrun.exe 2015-03-07 12:26 - 2014-10-29 04:23 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\dispci.dll 2015-03-07 12:26 - 2014-10-29 04:23 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\montr_ci.dll 2015-03-07 12:26 - 2014-10-29 04:22 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\newdev.exe 2015-03-07 12:26 - 2014-10-29 04:22 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\radarrs.dll 2015-03-07 12:26 - 2014-10-29 04:22 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\PNPXAssocPrx.dll 2015-03-07 12:26 - 2014-10-29 04:22 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll 2015-03-07 12:26 - 2014-10-29 04:22 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\ndproxystub.dll 2015-03-07 12:26 - 2014-10-29 04:22 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\dxgwdi.dll 2015-03-07 12:26 - 2014-10-29 04:20 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\iscsicpl.dll 2015-03-07 12:26 - 2014-10-29 04:20 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\ncpa.cpl 2015-03-07 12:26 - 2014-10-29 04:20 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\shutdown.exe 2015-03-07 12:26 - 2014-10-29 04:19 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\control.exe 2015-03-07 12:26 - 2014-10-29 04:19 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\tabcal.exe 2015-03-07 12:26 - 2014-10-29 04:19 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairingWizard.exe 2015-03-07 12:26 - 2014-10-29 04:19 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\MultiDigiMon.exe 2015-03-07 12:26 - 2014-10-29 04:19 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Eap3Host.exe 2015-03-07 12:26 - 2014-10-29 04:19 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\DefaultDeviceManager.dll 2015-03-07 12:26 - 2014-10-29 04:18 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\MdRes.exe 2015-03-07 12:26 - 2014-10-29 04:18 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\dvdupgrd.exe 2015-03-07 12:26 - 2014-10-29 04:18 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\grpconv.exe 2015-03-07 12:26 - 2014-10-29 04:17 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\MdSched.exe 2015-03-07 12:26 - 2014-10-29 04:17 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\mobsync.exe 2015-03-07 12:26 - 2014-10-29 04:17 - 00045056 ____C (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2015-03-07 12:26 - 2014-10-29 04:17 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\FXSUNATD.exe 2015-03-07 12:26 - 2014-10-29 04:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\DDACLSys.dll 2015-03-07 12:26 - 2014-10-29 04:17 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RemoveDeviceElevated.dll 2015-03-07 12:26 - 2014-10-29 04:08 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-03-07 12:26 - 2014-10-29 04:05 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\gptext.dll 2015-03-07 12:26 - 2014-10-29 04:03 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\txfw32.dll 2015-03-07 12:26 - 2014-10-29 04:00 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dramp.dll 2015-03-07 12:26 - 2014-10-29 04:00 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\miguiresource.dll 2015-03-07 12:26 - 2014-10-29 04:00 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\tpmcompc.dll 2015-03-07 12:26 - 2014-10-29 04:00 - 00040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SortWindows61.dll 2015-03-07 12:26 - 2014-10-29 04:00 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Nlsdl.dll 2015-03-07 12:26 - 2014-10-29 04:00 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mciwave.dll 2015-03-07 12:26 - 2014-10-29 04:00 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mciseq.dll 2015-03-07 12:26 - 2014-10-29 04:00 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscpxl32.dLL 2015-03-07 12:26 - 2014-10-29 04:00 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiatrace.dll 2015-03-07 12:26 - 2014-10-29 04:00 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d8thk.dll 2015-03-07 12:26 - 2014-10-29 04:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscat32.dll 2015-03-07 12:26 - 2014-10-29 04:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browseui.dll 2015-03-07 12:26 - 2014-10-29 04:00 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensApi.dll 2015-03-07 12:26 - 2014-10-29 04:00 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\softpub.dll 2015-03-07 12:26 - 2014-10-29 04:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacchooks.dll 2015-03-07 12:26 - 2014-10-29 04:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nddeapi.dll 2015-03-07 12:26 - 2014-10-29 04:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiwer.dll 2015-03-07 12:26 - 2014-10-29 04:00 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssip32.dll 2015-03-07 12:26 - 2014-10-29 04:00 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ir50_32.dll 2015-03-07 12:26 - 2014-10-29 04:00 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ir41_32.ax 2015-03-07 12:26 - 2014-10-29 04:00 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OskSupport.dll 2015-03-07 12:26 - 2014-10-29 04:00 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ir50_qcx.dll 2015-03-07 12:26 - 2014-10-29 04:00 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ir50_qc.dll 2015-03-07 12:26 - 2014-10-29 04:00 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ir41_qcx.dll 2015-03-07 12:26 - 2014-10-29 04:00 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ir41_qc.dll 2015-03-07 12:26 - 2014-10-29 04:00 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ir32_32.dll 2015-03-07 12:26 - 2014-10-29 04:00 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\getuname.dll 2015-03-07 12:26 - 2014-10-29 04:00 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osuninst.dll 2015-03-07 12:26 - 2014-10-29 03:59 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lsmproxy.dll 2015-03-07 12:26 - 2014-10-29 03:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vdmdbg.dll 2015-03-07 12:26 - 2014-10-29 03:59 - 00016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsock32.dll 2015-03-07 12:26 - 2014-10-29 03:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subst.exe 2015-03-07 12:26 - 2014-10-29 03:59 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msidcrl40.dll 2015-03-07 12:26 - 2014-10-29 03:59 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WlS0WndH.dll 2015-03-07 12:26 - 2014-10-29 03:59 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sas.dll 2015-03-07 12:26 - 2014-10-29 03:59 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XInput9_1_0.dll 2015-03-07 12:26 - 2014-10-29 03:59 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll 2015-03-07 12:26 - 2014-10-29 03:59 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxex.dll 2015-03-07 12:26 - 2014-10-29 03:58 - 00107008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\telephon.cpl 2015-03-07 12:26 - 2014-10-29 03:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.exe 2015-03-07 12:26 - 2014-10-29 03:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe 2015-03-07 12:26 - 2014-10-29 03:58 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iyuv_32.dll 2015-03-07 12:26 - 2014-10-29 03:58 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzutil.exe 2015-03-07 12:26 - 2014-10-29 03:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cliconfg.exe 2015-03-07 12:26 - 2014-10-29 03:58 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msyuv.dll 2015-03-07 12:26 - 2014-10-29 03:58 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sort.exe 2015-03-07 12:26 - 2014-10-29 03:58 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osbaseln.dll 2015-03-07 12:26 - 2014-10-29 03:58 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\umdmxfrm.dll 2015-03-07 12:26 - 2014-10-29 03:58 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WINSRPC.DLL 2015-03-07 12:26 - 2014-10-29 03:58 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe 2015-03-07 12:26 - 2014-10-29 03:58 - 00015872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hh.exe 2015-03-07 12:26 - 2014-10-29 03:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll 2015-03-07 12:26 - 2014-10-29 03:58 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfts.dll 2015-03-07 12:26 - 2014-10-29 03:58 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsbyuv.dll 2015-03-07 12:26 - 2014-10-29 03:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TapiUnattend.exe 2015-03-07 12:26 - 2014-10-29 03:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwinsat.dll 2015-03-07 12:26 - 2014-10-29 03:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\recover.exe 2015-03-07 12:26 - 2014-10-29 03:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlmsprep.dll 2015-03-07 12:26 - 2014-10-29 03:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chcp.com 2015-03-07 12:26 - 2014-10-29 03:58 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsied.dll 2015-03-07 12:26 - 2014-10-29 03:58 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tapiperf.dll 2015-03-07 12:26 - 2014-10-29 03:58 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtprio.dll 2015-03-07 12:26 - 2014-10-29 03:58 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TimeDateMUICallback.dll 2015-03-07 12:26 - 2014-10-29 03:58 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\acledit.dll 2015-03-07 12:26 - 2014-10-29 03:57 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\FXSTIFF.dll 2015-03-07 12:26 - 2014-10-29 03:57 - 00024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmintf.dll 2015-03-07 12:26 - 2014-10-29 03:57 - 00019456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\npmproxy.dll 2015-03-07 12:26 - 2014-10-29 03:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpupdate.exe 2015-03-07 12:26 - 2014-10-29 03:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tcmsetup.exe 2015-03-07 12:26 - 2014-10-29 03:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\syssetup.dll 2015-03-07 12:26 - 2014-10-29 03:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\muifontsetup.dll 2015-03-07 12:26 - 2014-10-29 03:57 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\panmap.dll 2015-03-07 12:26 - 2014-10-29 03:57 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usbperf.dll 2015-03-07 12:26 - 2014-10-29 03:57 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshirda.dll 2015-03-07 12:26 - 2014-10-29 03:57 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RdpSaPs.dll 2015-03-07 12:26 - 2014-10-29 03:57 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcico.dll 2015-03-07 12:26 - 2014-10-29 03:57 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spnet.dll 2015-03-07 12:26 - 2014-10-29 03:56 - 00019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bitsprx5.dll 2015-03-07 12:26 - 2014-10-29 03:56 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncInfrastructureps.dll 2015-03-07 12:26 - 2014-10-29 03:56 - 00015872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\irclass.dll 2015-03-07 12:26 - 2014-10-29 03:56 - 00015872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dispex.dll 2015-03-07 12:26 - 2014-10-29 03:56 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSChannel.dll 2015-03-07 12:26 - 2014-10-29 03:56 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bitsprx6.dll 2015-03-07 12:26 - 2014-10-29 03:56 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscproxystub.dll 2015-03-07 12:26 - 2014-10-29 03:56 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bitsprx7.dll 2015-03-07 12:26 - 2014-10-29 03:56 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bitsprx3.dll 2015-03-07 12:26 - 2014-10-29 03:56 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncHostps.dll 2015-03-07 12:26 - 2014-10-29 03:56 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bitsprx4.dll 2015-03-07 12:26 - 2014-10-29 03:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmcodecdspps.dll 2015-03-07 12:26 - 2014-10-29 03:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcji32.dll 2015-03-07 12:26 - 2014-10-29 03:56 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odtext32.dll 2015-03-07 12:26 - 2014-10-29 03:56 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odpdx32.dll 2015-03-07 12:26 - 2014-10-29 03:56 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odfox32.dll 2015-03-07 12:26 - 2014-10-29 03:56 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oddbse32.dll 2015-03-07 12:26 - 2014-10-29 03:56 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odexl32.dll 2015-03-07 12:26 - 2014-10-29 03:55 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctfime.ime 2015-03-07 12:26 - 2014-10-29 03:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secinit.exe 2015-03-07 12:26 - 2014-10-29 03:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VscMgrPS.dll 2015-03-07 12:26 - 2014-10-29 03:53 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\dpapimig.exe 2015-03-07 12:26 - 2014-10-29 03:53 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ktmutil.exe 2015-03-07 12:26 - 2014-10-29 03:53 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bitsprx2.dll 2015-03-07 12:26 - 2014-10-29 03:53 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\verclsid.exe 2015-03-07 12:26 - 2014-10-29 03:52 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsicpl.exe 2015-03-07 12:26 - 2014-10-29 03:52 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hdwwiz.exe 2015-03-07 12:26 - 2014-10-29 03:52 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winver.exe 2015-03-07 12:26 - 2014-10-29 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spopk.dll 2015-03-07 12:26 - 2014-10-29 03:52 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\regedt32.exe 2015-03-07 12:26 - 2014-10-29 03:52 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmdext.dll 2015-03-07 12:26 - 2014-10-29 03:52 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TapiSysprep.dll 2015-03-07 12:26 - 2014-10-29 03:51 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ndadmin.exe 2015-03-07 12:26 - 2014-10-29 03:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\runas.exe 2015-03-07 12:26 - 2014-10-29 03:51 - 00016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdial.exe 2015-03-07 12:26 - 2014-10-29 03:51 - 00016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasautou.exe 2015-03-07 12:26 - 2014-10-29 03:51 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcmonitor.dll 2015-03-07 12:26 - 2014-10-29 03:51 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LAPRXY.DLL 2015-03-07 12:26 - 2014-10-29 03:51 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InfDefaultInstall.exe 2015-03-07 12:26 - 2014-10-29 03:49 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairingProxy.dll 2015-03-07 12:26 - 2014-10-29 03:48 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RmClient.exe 2015-03-07 12:26 - 2014-10-29 03:47 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eventcls.dll 2015-03-07 12:26 - 2014-10-29 03:46 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcad32.exe 2015-03-07 12:26 - 2014-10-29 03:46 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\serialui.dll 2015-03-07 12:26 - 2014-10-29 03:44 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserAccountControlSettings.exe 2015-03-07 12:26 - 2014-10-29 03:44 - 00094720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Narrator.exe 2015-03-07 12:26 - 2014-10-29 03:44 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationNotifications.exe 2015-03-07 12:26 - 2014-10-29 03:43 - 00019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NcaApi.dll 2015-03-07 12:26 - 2014-10-29 03:43 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wowreg32.exe 2015-03-07 12:26 - 2014-10-29 03:42 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\newdev.exe 2015-03-07 12:26 - 2014-10-29 03:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdmps.dll 2015-03-07 12:26 - 2014-10-29 03:42 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ndproxystub.dll 2015-03-07 12:26 - 2014-10-29 03:40 - 00100352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncpa.cpl 2015-03-07 12:26 - 2014-10-29 03:40 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairingWizard.exe 2015-03-07 12:26 - 2014-10-29 03:40 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Netplwiz.exe 2015-03-07 12:26 - 2014-10-29 03:39 - 00217088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartScreenSettings.exe 2015-03-07 12:26 - 2014-10-29 03:39 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\control.exe 2015-03-07 12:26 - 2014-10-29 03:39 - 00097792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Fondue.exe 2015-03-07 12:26 - 2014-10-29 03:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DpiScaling.exe 2015-03-07 12:26 - 2014-10-29 03:39 - 00058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RunLegacyCPLElevated.exe 2015-03-07 12:26 - 2014-10-29 03:39 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ComputerDefaults.exe 2015-03-07 12:26 - 2014-10-29 03:38 - 00138240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll 2015-03-07 12:26 - 2014-10-29 03:38 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mobsync.exe 2015-03-07 12:26 - 2014-10-29 03:38 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\grpconv.exe 2015-03-07 12:26 - 2014-10-29 03:38 - 00015872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DDACLSys.dll 2015-03-07 12:26 - 2014-10-29 03:38 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RemoveDeviceElevated.dll 2015-03-07 12:26 - 2014-10-29 03:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\efsui.exe 2015-03-07 12:26 - 2014-10-29 03:32 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2015-03-07 12:26 - 2014-10-29 03:29 - 00019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gptext.dll 2015-03-07 12:26 - 2014-10-29 03:29 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\dpapi.dll 2015-03-07 12:26 - 2014-10-29 03:28 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\C_G18030.DLL 2015-03-07 12:26 - 2014-10-29 03:28 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\mprmsg.dll 2015-03-07 12:26 - 2014-10-29 03:28 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\KdsCli.dll 2015-03-07 12:26 - 2014-10-29 03:28 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\reg.exe 2015-03-07 12:26 - 2014-10-29 03:28 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\sc.exe 2015-03-07 12:26 - 2014-10-29 03:28 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\perfproc.dll 2015-03-07 12:26 - 2014-10-29 03:28 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\nshhttp.dll 2015-03-07 12:26 - 2014-10-29 03:28 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\icacls.exe 2015-03-07 12:26 - 2014-10-29 03:28 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\sdhcinst.dll 2015-03-07 12:26 - 2014-10-29 03:28 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\snmpapi.dll 2015-03-07 12:26 - 2014-10-29 03:28 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\userinit.exe 2015-03-07 12:26 - 2014-10-29 03:28 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\perfnet.dll 2015-03-07 12:26 - 2014-10-29 03:28 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\TimeBrokerClient.dll 2015-03-07 12:26 - 2014-10-29 03:28 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\fltLib.dll 2015-03-07 12:26 - 2014-10-29 03:28 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\PATHPING.EXE 2015-03-07 12:26 - 2014-10-29 03:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\rasadhlp.dll 2015-03-07 12:26 - 2014-10-29 03:28 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\wmsgapi.dll 2015-03-07 12:26 - 2014-10-29 03:28 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\nrpsrv.dll 2015-03-07 12:26 - 2014-10-29 03:28 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll 2015-03-07 12:26 - 2014-10-29 03:28 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\C_IS2022.DLL 2015-03-07 12:26 - 2014-10-29 03:28 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winrssrv.dll 2015-03-07 12:26 - 2014-10-29 03:28 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\whhelper.dll 2015-03-07 12:26 - 2014-10-29 03:28 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\fdBthProxy.dll 2015-03-07 12:26 - 2014-10-29 03:28 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\sscoreext.dll 2015-03-07 12:26 - 2014-10-29 03:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msidle.dll 2015-03-07 12:26 - 2014-10-29 03:28 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll 2015-03-07 12:26 - 2014-10-29 03:27 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nslookup.exe 2015-03-07 12:26 - 2014-10-29 03:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\esentprf.dll 2015-03-07 12:26 - 2014-10-29 03:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\setx.exe 2015-03-07 12:26 - 2014-10-29 03:27 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\mspatcha.dll 2015-03-07 12:26 - 2014-10-29 03:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\SecEdit.exe 2015-03-07 12:26 - 2014-10-29 03:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\perfdisk.dll 2015-03-07 12:26 - 2014-10-29 03:27 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\virtdisk.dll 2015-03-07 12:26 - 2014-10-29 03:27 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\deviceassociation.dll 2015-03-07 12:26 - 2014-10-29 03:27 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wcmapi.dll 2015-03-07 12:26 - 2014-10-29 03:27 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\fvecerts.dll 2015-03-07 12:26 - 2014-10-29 03:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\schedcli.dll 2015-03-07 12:26 - 2014-10-29 03:27 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\adhapi.dll 2015-03-07 12:26 - 2014-10-29 03:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-03-07 12:26 - 2014-10-29 03:27 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\PING.EXE 2015-03-07 12:26 - 2014-10-29 03:27 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\CSystemEventsBrokerClient.dll 2015-03-07 12:26 - 2014-10-29 03:27 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\httpprxp.dll 2015-03-07 12:26 - 2014-10-29 03:27 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerClient.dll 2015-03-07 12:26 - 2014-10-29 03:27 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\finger.exe 2015-03-07 12:26 - 2014-10-29 03:27 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Register-CimProvider.exe 2015-03-07 12:26 - 2014-10-29 03:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\smphost.dll 2015-03-07 12:26 - 2014-10-29 03:27 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\TetheringIeProvider.dll 2015-03-07 12:26 - 2014-10-29 03:26 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-03-07 12:26 - 2014-10-29 03:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-03-07 12:26 - 2014-10-29 03:26 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appsruprov.dll 2015-03-07 12:26 - 2014-10-29 03:26 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\pots.dll 2015-03-07 12:26 - 2014-10-29 03:26 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapPeerProxy.dll 2015-03-07 12:26 - 2014-10-29 03:26 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\ProximityRtapiPal.dll 2015-03-07 12:26 - 2014-10-29 03:26 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wpcsvc.dll 2015-03-07 12:26 - 2014-10-29 03:25 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\winlogonext.dll 2015-03-07 12:26 - 2014-10-29 03:25 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tpmcompc.dll 2015-03-07 12:26 - 2014-10-29 03:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\ncuprov.dll 2015-03-07 12:26 - 2014-10-29 03:25 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\wininitext.dll 2015-03-07 12:26 - 2014-10-29 03:25 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\dnsext.dll 2015-03-07 12:26 - 2014-10-29 03:24 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\procinst.dll 2015-03-07 12:26 - 2014-10-29 03:23 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Custom.ps.dll 2015-03-07 12:26 - 2014-10-29 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Background.ps.dll 2015-03-07 12:26 - 2014-10-29 03:22 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\vss_ps.dll 2015-03-07 12:26 - 2014-10-29 03:22 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\TaskSchdPS.dll 2015-03-07 12:26 - 2014-10-29 03:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\catsrvps.dll 2015-03-07 12:26 - 2014-10-29 03:21 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\perfctrs.dll 2015-03-07 12:26 - 2014-10-29 03:21 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\ipconfig.exe 2015-03-07 12:26 - 2014-10-29 03:21 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\nlmproxy.dll 2015-03-07 12:26 - 2014-10-29 03:21 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\defragproxy.dll 2015-03-07 12:26 - 2014-10-29 03:21 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\AuthHostProxy.dll 2015-03-07 12:26 - 2014-10-29 03:21 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\cfmifsproxy.dll 2015-03-07 12:26 - 2014-10-29 03:20 - 00072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapimig.exe 2015-03-07 12:26 - 2014-10-29 03:20 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\NETSTAT.EXE 2015-03-07 12:26 - 2014-10-29 03:20 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\keepaliveprovider.dll 2015-03-07 12:26 - 2014-10-29 03:19 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\raschapext.dll 2015-03-07 12:26 - 2014-10-29 03:19 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\rastlsext.dll 2015-03-07 12:26 - 2014-10-29 03:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll 2015-03-07 12:26 - 2014-10-29 03:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\inetmib1.dll 2015-03-07 12:26 - 2014-10-29 03:14 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\nci.dll 2015-03-07 12:26 - 2014-10-29 03:12 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\wwaninst.dll 2015-03-07 12:26 - 2014-10-29 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\winrs.exe 2015-03-07 12:26 - 2014-10-29 03:06 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapi.dll 2015-03-07 12:26 - 2014-10-29 03:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprext.dll 2015-03-07 12:26 - 2014-10-29 03:05 - 00222720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\C_G18030.DLL 2015-03-07 12:26 - 2014-10-29 03:05 - 00113152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprmsg.dll 2015-03-07 12:26 - 2014-10-29 03:05 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unlodctr.exe 2015-03-07 12:26 - 2014-10-29 03:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vpnikeapi.dll 2015-03-07 12:26 - 2014-10-29 03:05 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfnet.dll 2015-03-07 12:26 - 2014-10-29 03:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TimeBrokerClient.dll 2015-03-07 12:26 - 2014-10-29 03:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PATHPING.EXE 2015-03-07 12:26 - 2014-10-29 03:05 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mountvol.exe 2015-03-07 12:26 - 2014-10-29 03:05 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TRACERT.EXE 2015-03-07 12:26 - 2014-10-29 03:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SystemEventsBrokerClient.dll 2015-03-07 12:26 - 2014-10-29 03:05 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmsgapi.dll 2015-03-07 12:26 - 2014-10-29 03:05 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\finger.exe 2015-03-07 12:26 - 2014-10-29 03:05 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasadhlp.dll 2015-03-07 12:26 - 2014-10-29 03:05 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll 2015-03-07 12:26 - 2014-10-29 03:05 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\whhelper.dll 2015-03-07 12:26 - 2014-10-29 03:05 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\C_IS2022.DLL 2015-03-07 12:26 - 2014-10-29 03:05 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrssrv.dll 2015-03-07 12:26 - 2014-10-29 03:05 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdBthProxy.dll 2015-03-07 12:26 - 2014-10-29 03:05 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msidle.dll 2015-03-07 12:26 - 2014-10-29 03:05 - 00006144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll 2015-03-07 12:26 - 2014-10-29 03:04 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\CertEnrollCtrl.exe 2015-03-07 12:26 - 2014-10-29 03:04 - 00027648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcmapi.dll 2015-03-07 12:26 - 2014-10-29 03:04 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fltMC.exe 2015-03-07 12:26 - 2014-10-29 03:04 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Register-CimProvider.exe 2015-03-07 12:26 - 2014-10-29 03:04 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\smphost.dll 2015-03-07 12:26 - 2014-10-29 03:04 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\HOSTNAME.EXE 2015-03-07 12:26 - 2014-10-29 03:04 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpcsvc.dll 2015-03-07 12:26 - 2014-10-29 03:03 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MRINFO.EXE 2015-03-07 12:26 - 2014-10-29 03:03 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ProximityRtapiPal.dll 2015-03-07 12:26 - 2014-10-29 03:02 - 00072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll 2015-03-07 12:26 - 2014-10-29 03:02 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininitext.dll 2015-03-07 12:26 - 2014-10-29 03:01 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TaskSchdPS.dll 2015-03-07 12:26 - 2014-10-29 03:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vss_ps.dll 2015-03-07 12:26 - 2014-10-29 03:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdProxy.dll 2015-03-07 12:26 - 2014-10-29 03:01 - 00027648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Enumeration.ps.dll 2015-03-07 12:26 - 2014-10-29 03:01 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\slpts.dll 2015-03-07 12:26 - 2014-10-29 03:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvps.dll 2015-03-07 12:26 - 2014-10-29 03:00 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlmproxy.dll 2015-03-07 12:26 - 2014-10-29 03:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfmifsproxy.dll 2015-03-07 12:26 - 2014-10-29 02:59 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\raschapext.dll 2015-03-07 12:26 - 2014-10-29 02:59 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastlsext.dll 2015-03-07 12:26 - 2014-10-29 02:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\Startupscan.dll 2015-03-07 12:26 - 2014-10-29 02:55 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\CheckNetIsolation.exe 2015-03-07 12:26 - 2014-10-29 02:46 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Startupscan.dll 2015-03-07 12:26 - 2014-10-29 02:45 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll 2015-03-07 12:25 - 2014-10-29 05:54 - 05120000 _____ (Microsoft Corporation) C:\Windows\system32\AuthFWSnapin.dll 2015-03-07 12:25 - 2014-10-29 05:54 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\AuthFWWizFwk.dll 2015-03-07 12:25 - 2014-10-29 05:07 - 05120000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthFWSnapin.dll 2015-03-07 12:25 - 2014-10-29 05:07 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthFWWizFwk.dll 2015-03-07 12:25 - 2014-10-29 04:50 - 02628608 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0009.dll 2015-03-07 12:25 - 2014-10-29 04:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\DeviceUxRes.dll 2015-03-07 12:25 - 2014-10-29 04:49 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll 2015-03-07 12:25 - 2014-10-29 04:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Firewall.cpl 2015-03-07 12:25 - 2014-10-29 04:49 - 00004608 _____ (Microsoft Corporation) C:\Windows\system32\ws2help.dll 2015-03-07 12:25 - 2014-10-29 04:49 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-03-07 12:25 - 2014-10-29 04:49 - 00002560 _____ (Microsoft Corporation) C:\Windows\system32\rnr20.dll 2015-03-07 12:25 - 2014-10-29 04:48 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2015-03-07 12:25 - 2014-10-29 04:48 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\ktmw32.dll 2015-03-07 12:25 - 2014-10-29 04:48 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasacd.sys 2015-03-07 12:25 - 2014-10-29 04:48 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll 2015-03-07 12:25 - 2014-10-29 04:48 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\WSHTCPIP.DLL 2015-03-07 12:25 - 2014-10-29 04:48 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wship6.dll 2015-03-07 12:25 - 2014-10-29 04:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys 2015-03-07 12:25 - 2014-10-29 04:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\Locator.exe 2015-03-07 12:25 - 2014-10-29 04:48 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll 2015-03-07 12:25 - 2014-10-29 04:47 - 00098304 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2015-03-07 12:25 - 2014-10-29 04:47 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\qwavedrv.sys 2015-03-07 12:25 - 2014-10-29 04:47 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys 2015-03-07 12:25 - 2014-10-29 04:46 - 00081920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS 2015-03-07 12:25 - 2014-10-29 04:46 - 00057856 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys 2015-03-07 12:25 - 2014-10-29 04:46 - 00053248 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys 2015-03-07 12:25 - 2014-10-29 04:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiscap.sys 2015-03-07 12:25 - 2014-10-29 04:46 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys 2015-03-07 12:25 - 2014-10-29 04:46 - 00029696 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys 2015-03-07 12:25 - 2014-10-29 04:45 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\OobeFldr.dll 2015-03-07 12:25 - 2014-10-29 04:45 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys 2015-03-07 12:25 - 2014-10-29 04:45 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Ndu.sys 2015-03-07 12:25 - 2014-10-29 04:45 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mslldp.sys 2015-03-07 12:25 - 2014-10-29 04:45 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\mciwave.dll 2015-03-07 12:25 - 2014-10-29 04:45 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\mciseq.dll 2015-03-07 12:25 - 2014-10-29 04:45 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-03-07 12:25 - 2014-10-29 04:45 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-03-07 12:25 - 2014-10-29 04:45 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-03-07 12:25 - 2014-10-29 04:45 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\normaliz.dll 2015-03-07 12:25 - 2014-10-29 04:44 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\MSchedExe.exe 2015-03-07 12:25 - 2014-10-29 04:44 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\regini.exe 2015-03-07 12:25 - 2014-10-29 04:43 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe 2015-03-07 12:25 - 2014-10-29 04:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\tzutil.exe 2015-03-07 12:25 - 2014-10-29 04:43 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-03-07 12:25 - 2014-10-29 04:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\hh.exe 2015-03-07 12:25 - 2014-10-29 04:43 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\cmdkey.exe 2015-03-07 12:25 - 2014-10-29 04:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\dvdplay.exe 2015-03-07 12:25 - 2014-10-29 04:43 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\help.exe 2015-03-07 12:25 - 2014-10-29 04:43 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe 2015-03-07 12:25 - 2014-10-29 04:42 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\colorcpl.exe 2015-03-07 12:25 - 2014-10-29 04:42 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\cliconfg.exe 2015-03-07 12:25 - 2014-10-29 04:42 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\snmptrap.exe 2015-03-07 12:25 - 2014-10-29 04:42 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TapiUnattend.exe 2015-03-07 12:25 - 2014-10-29 04:42 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\dcomcnfg.exe 2015-03-07 12:25 - 2014-10-29 04:42 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\RpcNs4.dll 2015-03-07 12:25 - 2014-10-29 04:41 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\tcmsetup.exe 2015-03-07 12:25 - 2014-10-29 04:41 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\scrnsave.scr 2015-03-07 12:25 - 2014-10-29 04:41 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\lpksetupproxyserv.dll 2015-03-07 12:25 - 2014-10-29 04:40 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\easinvoker.proxystub.dll 2015-03-07 12:25 - 2014-10-29 04:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2015-03-07 12:25 - 2014-10-29 04:38 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\pstorec.dll 2015-03-07 12:25 - 2014-10-29 04:37 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\secinit.exe 2015-03-07 12:25 - 2014-10-29 04:37 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\ctfmon.exe 2015-03-07 12:25 - 2014-10-29 04:35 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\PnPutil.exe 2015-03-07 12:25 - 2014-10-29 04:34 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\winver.exe 2015-03-07 12:25 - 2014-10-29 04:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\rdrleakdiag.exe 2015-03-07 12:25 - 2014-10-29 04:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dialer.exe 2015-03-07 12:25 - 2014-10-29 04:34 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-03-07 12:25 - 2014-10-29 04:34 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\cofire.exe 2015-03-07 12:25 - 2014-10-29 04:34 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\fsavailux.exe 2015-03-07 12:25 - 2014-10-29 04:34 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2015-03-07 12:25 - 2014-10-29 04:34 - 00011264 _____ (Microsoft Corporation) C:\Windows\write.exe 2015-03-07 12:25 - 2014-10-29 04:34 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\write.exe 2015-03-07 12:25 - 2014-10-29 04:34 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\systray.exe 2015-03-07 12:25 - 2014-10-29 04:33 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\runas.exe 2015-03-07 12:25 - 2014-10-29 04:33 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\InfDefaultInstall.exe 2015-03-07 12:25 - 2014-10-29 04:30 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\sigverif.exe 2015-03-07 12:25 - 2014-10-29 04:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\RmClient.exe 2015-03-07 12:25 - 2014-10-29 04:29 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iscsicli.exe 2015-03-07 12:25 - 2014-10-29 04:28 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\odbcad32.exe 2015-03-07 12:25 - 2014-10-29 04:25 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe 2015-03-07 12:25 - 2014-10-29 04:24 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\LocationNotifications.exe 2015-03-07 12:25 - 2014-10-29 04:23 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\BitLockerWizardElev.exe 2015-03-07 12:25 - 2014-10-29 04:23 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\wowreg32.exe 2015-03-07 12:25 - 2014-10-29 04:20 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\proquota.exe 2015-03-07 12:25 - 2014-10-29 04:20 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\WallpaperHost.exe 2015-03-07 12:25 - 2014-10-29 04:19 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\DeviceProperties.exe 2015-03-07 12:25 - 2014-10-29 04:19 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\SystemPropertiesRemote.exe 2015-03-07 12:25 - 2014-10-29 04:19 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\SystemPropertiesProtection.exe 2015-03-07 12:25 - 2014-10-29 04:19 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\SystemPropertiesPerformance.exe 2015-03-07 12:25 - 2014-10-29 04:19 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\SystemPropertiesHardware.exe 2015-03-07 12:25 - 2014-10-29 04:19 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe 2015-03-07 12:25 - 2014-10-29 04:19 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\SystemPropertiesComputerName.exe 2015-03-07 12:25 - 2014-10-29 04:19 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\SystemPropertiesAdvanced.exe 2015-03-07 12:25 - 2014-10-29 04:19 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\Netplwiz.exe 2015-03-07 12:25 - 2014-10-29 04:18 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\SmartScreenSettings.exe 2015-03-07 12:25 - 2014-10-29 04:18 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\OptionalFeatures.exe 2015-03-07 12:25 - 2014-10-29 04:18 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\Fondue.exe 2015-03-07 12:25 - 2014-10-29 04:18 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\DpiScaling.exe 2015-03-07 12:25 - 2014-10-29 04:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\RunLegacyCPLElevated.exe 2015-03-07 12:25 - 2014-10-29 04:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\ComputerDefaults.exe 2015-03-07 12:25 - 2014-10-29 04:12 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\efsui.exe 2015-03-07 12:25 - 2014-10-29 04:09 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\bthudtask.exe 2015-03-07 12:25 - 2014-10-29 04:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\credwiz.exe 2015-03-07 12:25 - 2014-10-29 04:05 - 02628608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NlsLexicons0009.dll 2015-03-07 12:25 - 2014-10-29 04:04 - 00638976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll 2015-03-07 12:25 - 2014-10-29 04:04 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceUxRes.dll 2015-03-07 12:25 - 2014-10-29 04:04 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll 2015-03-07 12:25 - 2014-10-29 04:04 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2help.dll 2015-03-07 12:25 - 2014-10-29 04:04 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-03-07 12:25 - 2014-10-29 04:04 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rnr20.dll 2015-03-07 12:25 - 2014-10-29 04:03 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2015-03-07 12:25 - 2014-10-29 04:03 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ktmw32.dll 2015-03-07 12:25 - 2014-10-29 04:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wship6.dll 2015-03-07 12:25 - 2014-10-29 04:03 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSHTCPIP.DLL 2015-03-07 12:25 - 2014-10-29 04:03 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll 2015-03-07 12:25 - 2014-10-29 04:00 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OobeFldr.dll 2015-03-07 12:25 - 2014-10-29 04:00 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-03-07 12:25 - 2014-10-29 04:00 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2015-03-07 12:25 - 2014-10-29 04:00 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2015-03-07 12:25 - 2014-10-29 04:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\normaliz.dll 2015-03-07 12:25 - 2014-10-29 04:00 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprop.dll 2015-03-07 12:25 - 2014-10-29 03:59 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\help.exe 2015-03-07 12:25 - 2014-10-29 03:58 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\colorcpl.exe 2015-03-07 12:25 - 2014-10-29 03:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmdkey.exe 2015-03-07 12:25 - 2014-10-29 03:58 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dvdplay.exe 2015-03-07 12:25 - 2014-10-29 03:58 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dcomcnfg.exe 2015-03-07 12:25 - 2014-10-29 03:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DDOIProxy.dll 2015-03-07 12:25 - 2014-10-29 03:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrnsave.scr 2015-03-07 12:25 - 2014-10-29 03:57 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RpcNs4.dll 2015-03-07 12:25 - 2014-10-29 03:56 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pstorec.dll 2015-03-07 12:25 - 2014-10-29 03:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ctfmon.exe 2015-03-07 12:25 - 2014-10-29 03:53 - 00009728 _____ (Microsoft Corporation) C:\Windows\winhlp32.exe 2015-03-07 12:25 - 2014-10-29 03:52 - 00108032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msra.exe 2015-03-07 12:25 - 2014-10-29 03:52 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\write.exe 2015-03-07 12:25 - 2014-10-29 03:51 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\systray.exe 2015-03-07 12:25 - 2014-10-29 03:45 - 00108032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe 2015-03-07 12:25 - 2014-10-29 03:45 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\AxInstUI.exe 2015-03-07 12:25 - 2014-10-29 03:39 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceProperties.exe 2015-03-07 12:25 - 2014-10-29 03:39 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SystemPropertiesRemote.exe 2015-03-07 12:25 - 2014-10-29 03:39 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SystemPropertiesProtection.exe 2015-03-07 12:25 - 2014-10-29 03:39 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SystemPropertiesPerformance.exe 2015-03-07 12:25 - 2014-10-29 03:39 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SystemPropertiesHardware.exe 2015-03-07 12:25 - 2014-10-29 03:39 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe 2015-03-07 12:25 - 2014-10-29 03:39 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SystemPropertiesComputerName.exe 2015-03-07 12:25 - 2014-10-29 03:39 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe 2015-03-07 12:25 - 2014-10-29 03:32 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bthudtask.exe 2015-03-07 12:25 - 2014-10-29 03:29 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mprext.dll 2015-03-07 12:25 - 2014-10-29 03:29 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\dabapi.dll 2015-03-07 12:25 - 2014-10-29 03:29 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\C_ISCII.DLL 2015-03-07 12:25 - 2014-10-29 03:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\mountvol.exe 2015-03-07 12:25 - 2014-10-29 03:28 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\TCPSVCS.EXE 2015-03-07 12:25 - 2014-10-29 03:28 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\TcpipSetup.dll 2015-03-07 12:25 - 2014-10-29 03:28 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\backgroundTaskHost.exe 2015-03-07 12:25 - 2014-10-29 03:27 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\lodctr.exe 2015-03-07 12:25 - 2014-10-29 03:27 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\unlodctr.exe 2015-03-07 12:25 - 2014-10-29 03:27 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\cacls.exe 2015-03-07 12:25 - 2014-10-29 03:27 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\fltMC.exe 2015-03-07 12:25 - 2014-10-29 03:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\TRACERT.EXE 2015-03-07 12:25 - 2014-10-29 03:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\HOSTNAME.EXE 2015-03-07 12:25 - 2014-10-29 03:26 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\VaultCmd.exe 2015-03-07 12:25 - 2014-10-29 03:26 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\MRINFO.EXE 2015-03-07 12:25 - 2014-10-29 03:23 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\AppxStreamingDataSourcePS.dll 2015-03-07 12:25 - 2014-10-29 03:21 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\CallButtons.ProxyStub.dll 2015-03-07 12:25 - 2014-10-29 03:21 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\ROUTE.EXE 2015-03-07 12:25 - 2014-10-29 03:21 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\dllhst3g.exe 2015-03-07 12:25 - 2014-10-29 03:12 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\DsmUserTask.exe 2015-03-07 12:25 - 2014-10-29 03:06 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\C_ISCII.DLL 2015-03-07 12:25 - 2014-10-29 03:06 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dabapi.dll 2015-03-07 12:25 - 2014-10-29 03:05 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TCPSVCS.EXE 2015-03-07 12:25 - 2014-10-29 03:05 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\backgroundTaskHost.exe 2015-03-07 12:25 - 2014-10-29 03:03 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\LaunchTM.exe 2015-03-07 12:25 - 2014-10-29 03:01 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Custom.ps.dll 2015-03-07 12:25 - 2014-10-29 03:01 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Background.ps.dll 2015-03-07 12:25 - 2014-10-29 03:00 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CallButtons.ProxyStub.dll 2015-03-07 12:25 - 2014-10-29 02:58 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\bootim.exe 2015-03-07 12:25 - 2014-10-29 02:50 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LaunchTM.exe 2015-03-07 12:25 - 2014-10-07 05:30 - 00026112 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys 2015-03-07 12:25 - 2014-10-07 05:29 - 00107520 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys 2015-03-07 12:25 - 2014-10-07 05:29 - 00032256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys 2015-03-07 12:25 - 2014-10-07 05:29 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys 2015-03-07 11:51 - 2014-10-31 06:50 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\BulkOperationHost.exe 2015-03-07 11:51 - 2014-10-31 05:30 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll 2015-03-07 11:51 - 2014-10-31 05:23 - 00733696 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll 2015-03-07 11:51 - 2014-10-31 05:22 - 00291840 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll 2015-03-07 11:51 - 2014-10-31 05:18 - 04840960 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll 2015-03-07 11:51 - 2014-10-31 05:09 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe 2015-03-07 11:51 - 2014-10-31 04:12 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll 2015-03-06 11:06 - 2015-03-12 08:49 - 00483768 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-05 09:40 - 2015-03-05 09:40 - 00000162 _____ () C:\Users\Nialini\Downloads\7a520d718fd7d1b9b6f3dcc4e1d82741.mp4 2015-03-04 17:12 - 2015-03-04 17:12 - 00003106 _____ () C:\Windows\System32\Tasks\{433BDCCC-EC66-445E-89E9-02970CB051F8} 2015-03-03 12:56 - 2014-12-13 23:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls 2015-03-03 12:56 - 2014-12-13 23:28 - 00513488 _____ () C:\Windows\system32\locale.nls 2015-03-03 12:56 - 2014-10-29 03:27 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll 2015-03-03 12:56 - 2014-10-29 03:27 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll 2015-03-03 12:56 - 2014-10-29 03:04 - 00868352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll 2015-03-03 12:56 - 2014-10-29 03:04 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-31 09:41 - 2014-10-24 19:36 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1789025147-3919218259-3160605203-1001 2015-03-31 09:36 - 2014-10-24 18:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-31 09:27 - 2015-02-18 14:57 - 00005148 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for CHILLAXIN-Nialini Chillaxin 2015-03-31 09:26 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-03-31 09:22 - 2015-01-22 18:47 - 00000000 ____D () C:\Users\Nialini\AppData\Roaming\3DataManager 2015-03-31 09:17 - 2015-02-03 14:59 - 00000000 ____D () C:\Users\Nialini\AppData\Roaming\Skype 2015-03-31 09:17 - 2014-10-25 21:17 - 00000000 ___DO () C:\Users\Nialini\SkyDrive 2015-03-31 09:15 - 2015-01-01 18:50 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-31 09:15 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-31 09:14 - 2013-08-22 21:11 - 00000000 ____D () C:\Windows\SKB 2015-03-31 09:13 - 2013-08-22 15:25 - 00786432 ___SH () C:\Windows\system32\config\BBI 2015-03-31 09:02 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru 2015-03-31 09:00 - 2015-01-01 18:50 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-31 08:37 - 2013-09-10 00:53 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-31 08:37 - 2013-08-28 11:59 - 00765582 _____ () C:\Windows\system32\perfh007.dat 2015-03-31 08:37 - 2013-08-28 11:59 - 00159366 _____ () C:\Windows\system32\perfc007.dat 2015-03-31 08:31 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2015-03-31 08:29 - 2014-12-14 16:54 - 00000000 ____D () C:\Users\Nialini\AppData\Roaming\Windows Open Service 2015-03-31 08:28 - 2015-01-11 19:20 - 00000000 ____D () C:\AdwCleaner 2015-03-31 08:24 - 2014-10-24 19:40 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{92A6BE45-9F49-4B5C-B806-97AB2470EB38} 2015-03-30 21:46 - 2014-05-12 19:05 - 00065536 _____ () C:\Windows\system32\spu_storage.bin 2015-03-30 20:39 - 2014-10-24 19:30 - 00000000 ____D () C:\Users\Nialini\AppData\Local\Packages 2015-03-30 16:31 - 2014-10-29 17:36 - 00000478 _____ () C:\Windows\Tasks\Wise Disk Cleaner Schedule Task.job 2015-03-30 12:02 - 2015-02-24 12:55 - 00000000 __RHD () C:\MSOCache 2015-03-30 11:40 - 2014-10-24 19:29 - 00000000 ____D () C:\Users\Nialini 2015-03-30 11:39 - 2014-10-29 17:29 - 00000000 ____D () C:\Program Files (x86)\SlimComputer 2015-03-30 11:37 - 2015-02-17 10:34 - 00000000 ____D () C:\Program Files (x86)\Nitro PDF 2015-03-22 14:53 - 2014-05-12 19:42 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-03-22 10:37 - 2014-10-24 18:54 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-03-22 10:37 - 2014-10-24 18:53 - 00000000 ____D () C:\Users\Nialini\AppData\Local\Adobe 2015-03-21 10:03 - 2015-01-01 18:52 - 00002166 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-03-16 21:58 - 2015-02-17 09:37 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2015-03-14 21:11 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache 2015-03-13 09:41 - 2015-02-18 14:57 - 00003102 _____ () C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1789025147-3919218259-3160605203-1001 2015-03-12 00:52 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData 2015-03-12 00:52 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-12 00:52 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-12 00:52 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-03-12 00:52 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore 2015-03-12 00:52 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender 2015-03-12 00:52 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2015-03-12 00:51 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-03-12 00:51 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-03-12 00:51 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-03-12 00:51 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-03-12 00:51 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-12 00:51 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-03-12 00:51 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\MediaViewer 2015-03-12 00:51 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\FileManager 2015-03-12 00:51 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Camera 2015-03-12 00:50 - 2013-08-22 21:11 - 00000000 ____D () C:\Program Files\Windows Journal 2015-03-12 00:50 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\SysWOW64\sppui 2015-03-12 00:50 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\SysWOW64\setup 2015-03-12 00:50 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\SysWOW64\migwiz 2015-03-12 00:50 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\SysWOW64\Com 2015-03-12 00:50 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices 2015-03-12 00:50 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer 2015-03-12 00:50 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform 2015-03-12 00:50 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\System 2015-03-12 00:50 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\SysWOW64\oobe 2015-03-12 00:50 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2015-03-12 00:50 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\servicing 2015-03-12 00:48 - 2013-08-22 17:36 - 00000000 ___SD () C:\Windows\system32\dsc 2015-03-12 00:48 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2015-03-12 00:48 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns 2015-03-12 00:48 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\SystemResetPlatform 2015-03-12 00:48 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sppui 2015-03-12 00:48 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\setup 2015-03-12 00:48 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\migwiz 2015-03-12 00:48 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\Com 2015-03-12 00:48 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\IME 2015-03-12 00:48 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\Sysprep 2015-03-12 00:48 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\oobe 2015-03-12 00:48 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\Dism 2015-03-12 00:46 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell 2015-03-12 00:46 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices 2015-03-12 00:46 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer 2015-03-12 00:46 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform 2015-03-11 20:35 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-03-11 19:44 - 2014-10-25 20:04 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-11 19:36 - 2014-10-25 20:04 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-08 20:33 - 2014-05-12 19:42 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games 2015-03-07 14:41 - 2013-08-22 17:36 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll 2015-03-07 14:41 - 2013-08-22 17:36 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll 2015-03-04 17:55 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-03-04 17:29 - 2014-10-24 18:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-03 11:12 - 2014-11-09 22:25 - 00000000 ____D () C:\Users\Nialini\AppData\Local\Popcorn-Time ==================== Files in the root of some directories ======= 2015-01-06 21:54 - 2015-01-06 21:54 - 0886723 _____ () C:\ProgramData\1420572632.bdinstall.bin Some content of TEMP: ==================== C:\Users\Nialini\AppData\Local\Temp\Quarantine.exe C:\Users\Nialini\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-25 20:23 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015 Ran by Nialini at 2015-03-31 09:50:59 Running from C:\Users\Nialini\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 3DataManager (HKLM-x32\...\3DataManager) (Version: 3.0 - 3DataManager) 7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated) Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden AMD Catalyst Install Manager (HKLM\...\{5D42947B-E961-C0B5-5A70-EA0F753331EB}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks) Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros) Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Bitdefender Total Security 2015 (HKLM\...\Bitdefender) (Version: 18.19.0.1369 - Bitdefender) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.2.0 - Conexant) ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper) doPDF (Version: 8.2.927 - Softland) Hidden doPDF 8 (HKLM-x32\...\{c123892f-7c27-41c0-bc5a-d00de200cf08}) (Version: 8.2.927 - Softland) DTS Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.) Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.8 - Genesys Logic) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.) Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden HOFER Bestellsoftware 4.12.1 (HKLM-x32\...\HOFER Bestellsoftware) (Version: 4.12.1 - ORWO Net) Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation) Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4701.1002 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1789025147-3919218259-3160605203-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM-x32\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.1 - Mozilla) novaPDF 8 add-in for Microsoft Office (x64) (HKLM\...\{B318D20E-B189-415F-99AB-E79083DF0D7C}) (Version: 8.2.927 - Softland) novaPDF 8 add-in for Microsoft Office (x86) (HKLM-x32\...\{0817448B-D9B3-4EE8-BEDB-441D26297325}) (Version: 8.2.927 - Softland) novaPDF 8 Printer Driver (HKLM\...\{6A608A18-0E2F-4CD4-9A7C-784E9CA26EEB}) (Version: 8.2.927 - Softland) OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC) Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.300 - Qualcomm Atheros) Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.) Secure Banking (HKLM\...\{2088356A-A860-4619-B6DC-F6785AEBBBF7}) (Version: 2.0.2 - Machinecode Technologies) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.) Spotify (HKLM-x32\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated) TOSHIBA Addendum (HKLM-x32\...\{CE0374A6-B204-4336-8293-63FBB1DADBF4}) (Version: 1.00 - TOSHIBA) TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation) TOSHIBA Display Utility (HKLM\...\{84FA4D2D-4273-4C66-BD3D-ADD3FE48DFA2}) (Version: 1.1.5.0 - Toshiba Corporation) TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation) TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation) TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA) TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 5.0.1.0 - Toshiba Corporation) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.09.6400 - Toshiba Corporation) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation) TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation) TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation) TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation) Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.6.0 - Toshiba Europe GmbH) TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102 - Toshiba Corporation) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent) WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.14 - WildTangent) Hidden ZTE All 5.36.0751 (HKLM-x32\...\{31E45C82-3493-4809-95CD-F97834631CF9}) (Version: 5.36.0751 - ZTE) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1789025147-3919218259-3160605203-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Nialini\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 20-03-2015 09:21:33 Geplanter Prüfpunkt 30-03-2015 11:37:40 Removed SlimComputer 30-03-2015 11:44:26 Removed novaPDF 8 add-in for Microsoft Office (x64) 30-03-2015 11:45:38 Removed novaPDF 8 add-in for Microsoft Office (x86) 30-03-2015 11:46:49 Removed novaPDF 8 Printer Driver 30-03-2015 14:50:16 Installed 7-Zip 9.38 (x64 edition) 30-03-2015 20:41:45 Secure Banking wurde installiert. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0037C51B-9FB9-489A-A8AC-E72CABD0698D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-22] (Adobe Systems Incorporated) Task: {0E3D35A8-0375-447A-8EDB-987D082A129C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation) Task: {0F08EACB-7058-4777-AA61-189E5928B9F2} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation) Task: {16FF7F86-8084-46CD-BD26-5FCED98C7F6F} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {2B2D9D34-8830-47EC-B28B-1BBF770E812E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {419BAF97-F859-49D8-B6D7-4ED5802A48EB} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {4BEDC712-DF3F-4184-813E-83B1F17EF54A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-02-10] (Microsoft Corporation) Task: {5E262360-7D7B-4979-8AE3-E5A42708E4B8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-11] (Microsoft Corporation) Task: {5EA93156-61EE-4B18-8263-3748DC120E38} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft) Task: {84A3FC86-B49C-4470-A81A-643266825567} - System32\Tasks\UMonitor Task => C:\Windows\SysWOW64\UMonit64.exe [2013-08-28] () Task: {895330C1-9C78-4BBC-A796-64B2B9A06EFE} - System32\Tasks\Microsoft Office 15 Sync Maintenance for CHILLAXIN-Nialini Chillaxin => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation) Task: {91C11428-901D-4B53-856A-47E7E9086306} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {9B9DFD21-8E31-4334-BB1B-8EE1E2FD1E0E} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1789025147-3919218259-3160605203-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe Task: {9C3EB89D-FC1C-4D69-AC7E-2AEA667625A8} - System32\Tasks\{433BDCCC-EC66-445E-89E9-02970CB051F8} => pcalua.exe -a "C:\Program Files (x86)\3DataManager\Uninstaller.exe" Task: {A627BC55-A97D-41E8-99C5-E71C118E7276} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-07-19] (Toshiba Europe GmbH) Task: {AB238A4A-5C29-41CF-91DA-FE060295FA94} - System32\Tasks\Wise Disk Cleaner Schedule Task => C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe Task: {BFA9AD55-CAE3-46A1-AC3E-55C549083BBC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-01] (Google Inc.) Task: {C89F0B34-823E-4AFC-B9B2-A0352281503C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation) Task: {DFC0A588-1C38-41A5-AB90-8CFDD63CD960} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2015-02-09] () Task: {F8715CD6-6254-4A52-9FFB-BE1751955621} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-01] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Wise Disk Cleaner Schedule Task.job => C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe ==================== Loaded Modules (whitelisted) ============== 2015-01-06 21:43 - 2014-08-27 17:31 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll 2015-01-06 21:43 - 2013-09-03 15:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll 2015-01-06 21:43 - 2014-11-19 21:28 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui 2015-01-06 21:43 - 2012-10-29 15:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll 2015-02-06 16:05 - 2015-02-06 16:05 - 00784712 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00050_003\ashttpbr.mdl 2015-02-06 16:05 - 2015-02-06 16:05 - 00573544 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00050_003\ashttpdsp.mdl 2015-02-06 16:05 - 2015-02-06 16:05 - 02657264 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00050_003\ashttpph.mdl 2015-02-06 16:05 - 2015-02-06 16:05 - 01331648 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00050_003\ashttprbl.mdl 2013-08-31 04:47 - 2013-08-31 04:47 - 00099328 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe 2015-02-25 17:20 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2013-09-10 21:54 - 2013-09-10 21:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe 2015-02-09 17:46 - 2015-02-09 17:46 - 00137368 _____ () C:\Program Files\Softland\novaPDF 8\Server\AgileDotNetRT64.dll 2015-02-09 17:46 - 2015-02-09 17:46 - 00034592 _____ () C:\Program Files\Softland\novaPDF 8\Server\CryptUtil.dll 2015-02-09 17:47 - 2015-02-09 17:47 - 00026912 _____ () C:\Program Files\Softland\novaPDF 8\Server\WAFServicePlugin.dll 2015-01-22 18:44 - 2010-12-23 14:20 - 00327680 ____N () C:\Program Files (x86)\3DataManager\WTGService.exe 2014-05-12 19:18 - 2013-08-28 17:08 - 00053248 _____ () C:\Windows\SysWOW64\UMonit64.exe 2012-07-19 03:38 - 2012-07-19 03:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll 2015-01-19 15:28 - 2015-01-19 15:28 - 01459712 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\5c9c0b89a558d0e589c254af6b1ca238\Windows.UI.ni.dll 2015-01-18 14:14 - 2015-01-18 14:14 - 00521216 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Data\e291aa8a59dc390d0cdf99d3c6d8b6e5\Windows.Data.ni.dll 2015-01-18 14:14 - 2015-01-18 14:14 - 00363520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\b3972424579e18e6699549ecb948c4ef\Windows.Foundation.ni.dll 2013-08-31 04:47 - 2013-08-31 04:47 - 00016896 _____ () C:\Program Files\ATI Technologies\ATI.ACE\a4\AS4.NativeProxy.dll 2015-02-24 13:06 - 2015-02-24 13:06 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Nialini\SkyDrive:ms-properties AlternateDataStreams: C:\Users\Nialini\Desktop\AdwCleaner_4.200.exe:BDU AlternateDataStreams: C:\Users\Nialini\Desktop\FRST64.exe:BDU AlternateDataStreams: C:\Users\Nialini\Desktop\JRT.exe:BDU AlternateDataStreams: C:\Users\Nialini\Desktop\mbam-setup-2.1.4.1018.exe:BDU AlternateDataStreams: C:\Users\Nialini\Downloads\Defogger.exe:BDU AlternateDataStreams: C:\Users\Nialini\Downloads\dopdf-full.exe:BDU AlternateDataStreams: C:\Users\Nialini\Downloads\HOFER-Bestellsoftware-Setup.exe:BDU AlternateDataStreams: C:\Users\Nialini\Downloads\Setup.X86.de-DE_O365HomePremRetail_611a4e07-1a5d-4a7c-becb-6cc4171f6c51_TX_DB_.exe:BDU AlternateDataStreams: C:\Users\Nialini\Downloads\Silverlight_x64.exe:BDU AlternateDataStreams: C:\Users\Nialini\Downloads\SkypeSetupFull.exe:BDU AlternateDataStreams: C:\Users\Nialini\Downloads\SpyHunter-Installer.exe:BDU ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1789025147-3919218259-3160605203-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nialini\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: Media is not connected to internet. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "Launcher.lnk" HKLM\...\StartupApproved\Run: => "Bdagent" HKLM\...\StartupApproved\Run: => "SecureBanking" HKU\S-1-5-21-1789025147-3919218259-3160605203-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk" HKU\S-1-5-21-1789025147-3919218259-3160605203-1001\...\StartupApproved\Run: => "Bitdefender-Geldbörse-Agent" ==================== Accounts: ============================= Administrator (S-1-5-21-1789025147-3919218259-3160605203-500 - Administrator - Disabled) Gast (S-1-5-21-1789025147-3919218259-3160605203-501 - Limited - Disabled) Nialini (S-1-5-21-1789025147-3919218259-3160605203-1001 - Administrator - Enabled) => C:\Users\Nialini ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: AMD A6-5200 APU with Radeon(TM) HD Graphics Percentage of memory in use: 40% Total physical RAM: 3533.51 MB Available physical RAM: 2092.4 MB Total Pagefile: 4685.51 MB Available Pagefile: 2791.29 MB Total Virtual: 131072 MB Available Virtual: 131071.81 MB ==================== Drives ================================ Drive c: (TI31197600A) (Fixed) (Total:687.71 GB) (Free:623.73 GB) NTFS Drive e: (3DataManager) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ |
31.03.2015, 12:19 | #17 |
/// TB-Ausbilder | Win8 64bit (neu) bootet langsam, pop ups und werbungen im chrome... Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
__________________Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start CloseProcesses: HKLM\...\Run: [] => [X] SearchScopes: HKU\S-1-5-21-1789025147-3919218259-3160605203-1001 -> {BEF4DA2E-F0AB-4627-BAF8-556AA3CA3CBF} URL = FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml S2 OpenService; C:\Users\Nialini\AppData\Roaming\Windows Open Service\OpenService.exe [X] C:\Users\Nialini\AppData\Roaming\Windows Open Service C:\Users\Nialini\Downloads\SpyHunter-Installer.exe C:\ProgramData\1420572632.bdinstall.bin EmptyTemp: end Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
31.03.2015, 17:05 | #18 |
| Win8 64bit (neu) bootet langsam, pop ups und werbungen im chrome... FRST
__________________Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015 Ran by Nialini at 2015-03-31 14:40:25 Run:1 Running from C:\Users\Nialini\Desktop Loaded Profiles: Nialini (Available profiles: Nialini) Boot Mode: Normal ============================================== Content of fixlist: ***************** start CloseProcesses: HKLM\...\Run: [] => [X] SearchScopes: HKU\S-1-5-21-1789025147-3919218259-3160605203-1001 -> {BEF4DA2E-F0AB-4627-BAF8-556AA3CA3CBF} URL = FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml S2 OpenService; C:\Users\Nialini\AppData\Roaming\Windows Open Service\OpenService.exe [X] C:\Users\Nialini\AppData\Roaming\Windows Open Service C:\Users\Nialini\Downloads\SpyHunter-Installer.exe C:\ProgramData\1420572632.bdinstall.bin EmptyTemp: end ***************** Processes closed successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. "HKU\S-1-5-21-1789025147-3919218259-3160605203-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BEF4DA2E-F0AB-4627-BAF8-556AA3CA3CBF}" => Key deleted successfully. HKCR\CLSID\{BEF4DA2E-F0AB-4627-BAF8-556AA3CA3CBF} => Key not found. Firefox newtab deleted successfully. OpenService => Service deleted successfully. C:\Users\Nialini\AppData\Roaming\Windows Open Service => Moved successfully. C:\Users\Nialini\Downloads\SpyHunter-Installer.exe => Moved successfully. C:\ProgramData\1420572632.bdinstall.bin => Moved successfully. EmptyTemp: => Removed 168.4 MB temporary data. The system needed a reboot. ==== End of Fixlog 14:40:42 ==== Code:
ATTFilter HitmanPro 3.7.9.240 www.hitmanpro.com Computer name . . . . : CHILLAXIN Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : CHILLAXIN\Nialini UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2015-03-31 14:54:13 Scan mode . . . . . . : Normal Scan duration . . . . : 6m 48s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 1 Objects scanned . . . : 1*803*302 Files scanned . . . . : 40*591 Remnants scanned . . : 497*908 files / 1*264*803 keys Suspicious files ____________________________________________________________ C:\Users\Nialini\Desktop\FRST64.exe Size . . . . . . . : 2*095*616 bytes Age . . . . . . . : 1.1 days (2015-03-30 13:09:36) Entropy . . . . . : 7.5 SHA-256 . . . . . : 72AAB1C62CF0BC00F5B102954B603D1509B2AF5F0BD1911E9CAE98C4DDE2D152 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=8f98ca460f70cf4ca676c8678631434d # engine=23169 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-03-31 03:36:38 # local_time=2015-03-31 05:36:38 (+0100, Mitteleuropäische Sommerzeit) # country="Austria" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='Bitdefender Antivirus' # compatibility_mode=2065 16777213 100 100 7712 131661507 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 1701835 52697491 0 0 # scanned=333973 # found=24 # cleaned=24 # scan_time=6571 sh=E56A3939B21F63347D0F9D3620F34F7ED842D868 ft=1 fh=2039782032193218 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HDvidCodec.com\hdvidextsetup.exe.vir" sh=ACA42B80EFE1FAB62EF8ADD570E650F13DD1A2C7 ft=1 fh=ad5f3b328e958b1e vn="Variante von Win32/Toolbar.CrossRider.AX evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TheHDvid-Codec V10\ccfb24b6-acf9-4983-a007-6334fee13632-11.exe.vir" sh=AA1ABF9DD6204998DEC71237159344B9793DA4F9 ft=1 fh=d8a40c368c5dfa08 vn="Variante von Win32/Toolbar.CrossRider.AY evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TheHDvid-Codec V10\ccfb24b6-acf9-4983-a007-6334fee13632-2.exe.vir" sh=ACA42B80EFE1FAB62EF8ADD570E650F13DD1A2C7 ft=1 fh=ad5f3b328e958b1e vn="Variante von Win32/Toolbar.CrossRider.AX evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TheHDvid-Codec V10\ccfb24b6-acf9-4983-a007-6334fee13632-3.exe.vir" sh=B5427E8FC5661A386FAD1F8AADB4BB825FEBF03C ft=1 fh=c911ccad03e46774 vn="Variante von Win32/Toolbar.CrossRider.AX evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TheHDvid-Codec V10\ccfb24b6-acf9-4983-a007-6334fee13632-4.exe.vir" sh=E3D2C7C078D587EAEB281645B98AAC56A31905F2 ft=1 fh=de5ee63e2b976aae vn="Variante von Win32/Toolbar.CrossRider.AY evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TheHDvid-Codec V10\ccfb24b6-acf9-4983-a007-6334fee13632-5.exe.vir" sh=03D0CD39E0F3F771F6528DCFB758699CBC5F0F16 ft=1 fh=cbe1955a6ebd2db1 vn="Variante von Win32/Toolbar.CrossRider.BA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TheHDvid-Codec V10\TheHDvid-Codec V10-bg.exe.vir" sh=DCE475BE3059B10131723C815B63B71E73B8C627 ft=1 fh=47bc25159998465e vn="Variante von Win32/Toolbar.CrossRider.BA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TheHDvid-Codec V10\TheHDvid-Codec V10-bho.dll.vir" sh=A577D1C21249C8E75351AA9B60C3D4C52DCDA8DC ft=1 fh=272b4c7d3661ac10 vn="Variante von Win64/Toolbar.Crossrider.O evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TheHDvid-Codec V10\TheHDvid-Codec V10-bho64.dll.vir" sh=244D87DF5A99983305CC67911D1680F62817F4BD ft=1 fh=4668b76983f7efa1 vn="Variante von Win32/Toolbar.CrossRider.BD evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TheHDvid-Codec V10\TheHDvid-Codec V10-buttonutil.dll.vir" sh=367E3DAE6DD6C65B269FEE92F2F7A85D56E572FA ft=1 fh=95e3d934ec744ab8 vn="Variante von Win32/Toolbar.CrossRider.BO evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TheHDvid-Codec V10\TheHDvid-Codec V10-buttonutil.exe.vir" sh=CBDB492386F422374F82824A7998FAF9CA2F1392 ft=1 fh=ce50a74e989a46e9 vn="Variante von Win64/Toolbar.Crossrider.O evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TheHDvid-Codec V10\TheHDvid-Codec V10-buttonutil64.dll.vir" sh=70971840CCFB13AB3FEBEA25911103F8D8E75359 ft=1 fh=c497dc93fc50a242 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TheHDvid-Codec V10\TheHDvid-Codec V10-buttonutil64.exe.vir" sh=B406AD9DC149439444C390EC0274B767CC96539B ft=1 fh=f2f7fe6dac073d96 vn="Variante von Win32/Toolbar.CrossRider.AY evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TheHDvid-Codec V10\TheHDvid-Codec V10-codedownloader.exe.vir" sh=13CA9B0A602386E52591CE4FE2970A1D18677155 ft=1 fh=0604d12fc370c65e vn="Variante von Win32/Toolbar.CrossRider.AW evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TheHDvid-Codec V10\Uninstall.exe.vir" sh=30D816F0739712A0C82B368AD0B1A139F1E742ED ft=1 fh=2a62d8fe5ccc2586 vn="Win32/Packed.VMDetector.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TheHDvid-Codec V10\utils.exe.vir" sh=9117619B06D281F69F59E9962C7384329D310D12 ft=1 fh=c71c0011858e6961 vn="Variante von Win32/Adware.AddLyrics.CE Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver4BetterMarkIt\181.dll.vir" sh=035D92A10AF624EECE3F944045079B8B8B2B33B4 ft=1 fh=50b1e597f86532e2 vn="Variante von Win64/Adware.AddLyrics.I Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver4BetterMarkIt\181_x64.dll.vir" sh=F86A412CB6B7F45E0360BBF54E53828F1DF0704E ft=1 fh=0505442c796e0be1 vn="Variante von Win64/Adware.AddLyrics.C Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver4BetterMarkIt\x64\TandemRunner.exe.vir" sh=6E5D0AB18B498E8EBC6BAB9C850F38D26CE427F9 ft=1 fh=8a80bf55b7b691e4 vn="Win64/Adware.AddLyrics.D Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver4BetterMarkIt\x64\webinstrNew.sys.vir" sh=EAE558A2686977DE3245F6B1DA76AD64017E8570 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Nialini\AppData\Roaming\Mozilla\Firefox\Profiles\3k1unqf1.default\Extensions\43f13f31-cec7-4ac7-ad4a-18dfdaeae120@gmail.com\extensionData\plugins\91.js.vir" sh=6E5D0AB18B498E8EBC6BAB9C850F38D26CE427F9 ft=1 fh=8a80bf55b7b691e4 vn="Win64/Adware.AddLyrics.D Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\webinstrNew.sys.vir" sh=ED236C089004E9D91946E71A620191931D1D1C3E ft=1 fh=9b63f4d65d40a02a vn="NSIS/TrojanDownloader.Adload.AC Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nialini\Downloads\HDvid-codec-FF.exe" sh=885C75651E04868872C854C2DDEBA37ACEACAED6 ft=1 fh=0b7742d3269be413 vn="Win32/WinloadSDA.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nialini\Downloads\Paint.NET-lnstall.exe" ESETSmartInstaller@High as downloader log: all ok Code:
ATTFilter Results of screen317's Security Check version 0.99.99 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Bitdefender Antivirus Windows Defender Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 17.0.0.134 Mozilla Firefox 35.0.1 Firefox out of Date! Google Chrome (41.0.2272.101) Google Chrome (41.0.2272.89) ````````Process Check: objlist.exe by Laurent```````` Bitdefender Bitdefender 2015 vsserv.exe Bitdefender Bitdefender 2015 updatesrv.exe Bitdefender Bitdefender 2015 bdagent.exe Bitdefender Bitdefender 2015 bdwtxag.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` |
31.03.2015, 21:38 | #19 |
/// TB-Ausbilder | Win8 64bit (neu) bootet langsam, pop ups und werbungen im chrome... Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber. Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde: Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen. Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung: Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional: NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen. Lade Software von einem sauberen Portal wie . Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
01.04.2015, 21:17 | #20 |
| Win8 64bit (neu) bootet langsam, pop ups und werbungen im chrome... Hi Matthias, defogger gibt mir eine fehlmeldung! wurde nicht verwendet, auf re enable geklickt und gibt mir die meldung: unable to open file! ok ich denke es ist in ordnung alles, hat doch gefunkt! Danke für deine Hilfe :-) |
01.04.2015, 22:43 | #21 |
/// TB-Ausbilder | Win8 64bit (neu) bootet langsam, pop ups und werbungen im chrome... Ja, das passt dann so. Ich bin froh, dass wir helfen konnten In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
Themen zu Win8 64bit (neu) bootet langsam, pop ups und werbungen im chrome... |
64bit, anweisung, bitdefender, bootet, bootet langsam, click, defender, gen, installier, installiert, langsam, laptop, nervige, neu, nichts, pop ups, rechner, security, seite, teilweise, unerwünschte, ups, verseucht, werbungen, win, ziemlich |