Windows 7: Avast blockt ständig Webseiten, svchost.exe

janzek · 06.06.2015, 14:43

Hallo,
seit einigen Tagen werden auf meinem Rechner von Avast Internet Secrurity immer Webseiten geblockt, wenn der Rechner aus dem Standby kommt. Ich bin mir nicht sicher, ob es eine Infektion des Rechners ist oder ob hier ein anderer Fehler vorliegt. In der Meldung erscheint: Prozess: C:/Windows/system32/svchost.exe. Ich würde mich freuen, wenn ihr mich hierbei unterstützen könntet, der Rechner fällt unter die Ausnahme der gewerblichen Nutzung (Kleingewerbe). Ich habe im ersten Schritt nur die defogger_disable.txt und die Addition.txt gepostet. Bitte teilt mir kurz mit, ob ich die FRST.txt und die gmer.txt als ZIB anhängen soll, da beide zu lang sind.
Gruss janzek

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:12 on 06/06/2015 (Gaby)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version:06-06-2015
Ran by Gaby at 2015-06-06 14:16:49
Running from C:\Users\Gaby\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3507930614-119480243-4004697037-500 - Administrator - Disabled)
Gaby (S-1-5-21-3507930614-119480243-4004697037-1000 - Administrator - Enabled) => C:\Users\Gaby
Gast (S-1-5-21-3507930614-119480243-4004697037-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.64 - DivX, LLC)
HP Photosmart 5520 series - Grundlegende Software für das Gerät (HKLM\...\{4F396B08-301D-4E53-A372-95A7E93ABD04}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 5520 series Hilfe (HKLM-x32\...\{640A03B3-4E6B-4440-A350-E6A8D6348F12}) (Version: 27.0.0 - Hewlett Packard)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
microlobu (HKLM-x32\...\{255C9759-DE14-4130-A81E-47DB208F7755}) (Version: 1.4.7 - microlobu)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3507930614-119480243-4004697037-1000\...\OneDriveSetup.exe) (Version: 17.3.5849.0427 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
PDF Architect 3 (HKLM-x32\...\PDF Architect 3) (Version: 3.0.45.22485 - pdfforge GmbH)
PDF Architect 3 Create Module (x32 Version: 3.0.13.22993 - pdfforge GmbH) Hidden
PDF Architect 3 Edit Module (x32 Version: 3.0.13.22993 - pdfforge GmbH) Hidden
PDF Architect 3 View Module (x32 Version: 3.0.13.22993 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.1 - pdfforge)
Sage BankCom (x32 Version: 2.00.0000 - Sage Software GmbH) Hidden
Sage GS-Buchhalter (HKLM-x32\...\Sage GS-Buchhalter) (Version: 2012 - Sage Software GmbH)
Sage HBCI-Kontaktverwaltung (HKLM-x32\...\{32BFD212-A55E-4D1A-9E42-DB3764B761B8}) (Version: 3.0 - Sage Software GmbH)
SageDB 5.0 (HKLM-x32\...\SageDB 5.0) (Version:  - )
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.14.99 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.34.161 - Akademische Arbeitsgemeinschaft)
System Explorer 6.4.2 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version:  - Mister Group)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3507930614-119480243-4004697037-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3507930614-119480243-4004697037-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3507930614-119480243-4004697037-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3507930614-119480243-4004697037-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3507930614-119480243-4004697037-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3507930614-119480243-4004697037-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3507930614-119480243-4004697037-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

03-06-2015 19:00:13 Windows Update
03-06-2015 19:47:05 Windows Update
04-06-2015 19:00:24 Windows Update
04-06-2015 22:09:42 Windows Update
05-06-2015 17:38:42 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {009A4DFC-2243-4540-BF80-8016C337CD39} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {06B42E3B-9C22-4DDE-A8FB-D3835E46A9D5} - System32\Tasks\{A5668AC8-6286-47EC-BBEE-1861531A1221} => pcalua.exe -a C:\Users\Gaby\AppData\Roaming\istartsurf\UninstallManager.exe -c  -ptid=air
Task: {15CA2C8E-09C0-4744-9EA1-EEADADACD1A1} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {1AE13626-67B4-4BF0-904E-712B22F05F0B} - System32\Tasks\{B312B1ED-D02E-4A10-8247-6C954C8232DE} => pcalua.exe -a "C:\Program Files (x86)\microlobu\Lobu.exe" -d "C:\Program Files (x86)\microlobu\"
Task: {1CA9F809-91A3-4AA9-894A-8A94894D55E9} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Gaby-PC-Gaby Gaby-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-05-07] (Microsoft Corporation)
Task: {351C2194-C6DC-455A-B96F-D4EBF47B26E5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {39B23685-97B3-423D-8814-3D9A88B282F4} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-12-08] ()
Task: {408D9DA3-ED61-46DE-9120-73CE2BE14AAD} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {4CE160E0-D163-48FA-ACE7-44E77EAE21C3} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {73299E15-8048-4EC9-B351-CED872B68501} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {A33F1849-9FD7-432F-99C1-331C5192C91F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-22] (Microsoft Corporation)
Task: {B6575C0E-EC49-4322-9176-9366F2684837} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {D4751CDB-8FE1-4228-967B-2EEE33848E26} - System32\Tasks\{DFF9F36A-3569-4631-9263-DBD7D094A98B} => pcalua.exe -a "D:\Sicherung 03.05.2015\SSEStandard_20.32.155.exe" -d "D:\Sicherung 03.05.2015"
Task: {D9656710-D817-41DC-9536-F38585A7119D} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-12-08] ()
Task: {DA61F9F6-A19C-4679-94F7-B65E3BABAF8D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-26] (Adobe Systems Incorporated)
Task: {EE1B4CFF-8035-4914-B234-D24A96D34A8D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-06] (Avast Software s.r.o.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ParetoLogic Registration3.job => C:\Windows\system32\rundll32.exeGC:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-07 17:17 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-05-06 21:44 - 2011-07-18 14:55 - 05685248 _____ () C:\Program Files (x86)\Sage\SageDB 5.0\bin\mysqld-nt.exe
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2015-06-06 14:09 - 2015-06-06 14:09 - 00050477 _____ () C:\Users\Gaby\Desktop\Defogger.exe
2015-05-06 19:40 - 2015-05-06 19:40 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-06 19:40 - 2015-05-06 19:40 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-05 12:19 - 2015-06-05 12:19 - 02952192 _____ () C:\Program Files\AVAST Software\Avast\defs\15060500\algo.dll
2015-06-06 12:14 - 2015-06-06 12:14 - 02952192 _____ () C:\Program Files\AVAST Software\Avast\defs\15060600\algo.dll
2015-05-06 19:40 - 2015-05-06 19:40 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3507930614-119480243-4004697037-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Gaby\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{FE42E853-ECC0-46F2-9313-E0B0EA687FE0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2DDDB9AE-932C-4F92-B6C6-E6C27A17AFA4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C04B4630-1152-477D-8046-144F80BB9FDC}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\DeviceSetup.exe
FirewallRules: [{67B2E532-FA9B-4E06-AF05-EDDF5781BB17}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{1E530E32-23DA-4FE1-BC02-713AE73D964D}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{DCFF4BE1-659E-44A3-922A-93EA2824A127}] => (Allow) C:\Program Files (x86)\Sage\GSBuchhalter\GSBuchhalter.exe
FirewallRules: [{DEB814B1-6198-4692-9155-E3AB85B50A97}] => (Allow) C:\Program Files (x86)\Sage\SageDB 5.0\bin\mysqld-nt.exe
FirewallRules: [{99A56D33-1A89-4F69-8B30-6A814EFFF6CD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{B845949A-23CD-4C52-9A3B-1CA83A1E1FD6}] => (Allow) C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\OneDrive.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/06/2015 10:02:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/05/2015 07:41:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/04/2015 07:21:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2015 07:32:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 05:35:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 04:08:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 03:57:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 03:53:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 01:31:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 10:12:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/06/2015 02:15:52 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (06/06/2015 01:46:52 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (06/06/2015 01:46:39 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (06/06/2015 01:46:29 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (06/06/2015 01:15:58 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (06/06/2015 00:17:34 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (06/06/2015 00:17:34 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (06/06/2015 00:14:24 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (06/06/2015 00:14:10 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (06/06/2015 10:14:11 AM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.


Microsoft Office:
=========================
Error: (06/06/2015 10:02:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/05/2015 07:41:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/04/2015 07:21:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2015 07:32:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 05:35:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 04:08:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 03:57:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 03:53:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 01:31:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 10:12:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Processor: AMD Athlon(tm) II X2 250 Processor
Percentage of memory in use: 35%
Total physical RAM: 3838.18 MB
Available physical RAM: 2487.28 MB
Total Pagefile: 7674.57 MB
Available Pagefile: 5490.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:78.13 GB) (Free:45.19 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:195.31 GB) (Free:170.42 GB) NTFS
Drive e: (Volume) (Fixed) (Total:192.31 GB) (Free:179.85 GB) NTFS
Drive f: () (Fixed) (Total:22.93 GB) (Free:10.75 GB) NTFS
Drive g: () (Fixed) (Total:53.75 GB) (Free:47.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 76.7 GB) (Disk ID: BBF4220A)
Partition 1: (Active) - (Size=22.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=53.8 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B660B660)
Partition 1: (Active) - (Size=78.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=387.6 GB) - (Type=OF Extended)

==================== End of log ============================

schrauber · 06.06.2015, 15:23

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

janzek · 06.06.2015, 16:00

OK, hier Teil 1 der FRST

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-06-2015
Ran by Gaby (administrator) on GABY-PC on 06-06-2015 14:15:57
Running from C:\Users\Gaby\Desktop
Loaded Profiles: Gaby (Available Profiles: Gaby)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 3\creator-ws.exe
() C:\Program Files (x86)\Sage\SageDB 5.0\bin\mysqld-nt.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Mister Group) C:\Program Files (x86)\System Explorer\SystemExplorer.exe
(Mister Group) C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 3\ws.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Users\Gaby\Desktop\Defogger.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-04-08] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [SystemExplorerAutoStart] => C:\Program Files (x86)\System Explorer\SystemExplorer.exe [3391720 2015-05-21] (Mister Group)
HKU\S-1-5-21-3507930614-119480243-4004697037-1000\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3507930614-119480243-4004697037-1000\...\MountPoints2: {9ed501c2-f409-11e4-a1e6-806e6f6e6963} - H:\SETUP.EXE
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64\FileSyncShell64.dll [2015-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64\FileSyncShell64.dll [2015-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64\FileSyncShell64.dll [2015-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64\FileSyncShell64.dll [2015-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64\FileSyncShell64.dll [2015-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-06] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll [2015-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll [2015-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll [2015-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll [2015-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll [2015-05-07] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3507930614-119480243-4004697037-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3507930614-119480243-4004697037-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3507930614-119480243-4004697037-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3507930614-119480243-4004697037-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3507930614-119480243-4004697037-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3507930614-119480243-4004697037-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = 
SearchScopes: HKU\S-1-5-21-3507930614-119480243-4004697037-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = 
SearchScopes: HKU\S-1-5-21-3507930614-119480243-4004697037-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-07] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-06] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: No Name -> {06E08260-0695-4EC1-A74B-1310D8899D93} ->  No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-06] (Avast Software s.r.o.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-07] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Gaby\AppData\Roaming\Mozilla\Firefox\Profiles\2afqvvv9.default
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: www.web.de
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-26] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-26] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-07] (Microsoft Corporation)
FF Plugin-x32: PDF Architect 3 -> C:\Program Files (x86)\PDF Architect 3\np-previewer.dll [2015-04-24] (pdfforge GmbH)
FF user.js: detected! => C:\Users\Gaby\AppData\Roaming\Mozilla\Firefox\Profiles\2afqvvv9.default\user.js [2015-05-11]
FF SearchPlugin: C:\Users\Gaby\AppData\Roaming\Mozilla\Firefox\Profiles\2afqvvv9.default\searchplugins\google-avast.xml [2015-05-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-06]
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-06] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-05-06] (Avast Software s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R3 PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2244312 2015-04-24] (pdfforge GmbH)
S3 PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [901336 2015-04-24] (pdfforge GmbH)
R2 PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [740568 2015-04-24] (pdfforge GmbH)
R2 SageDB 5.0; C:\Program Files (x86)\Sage\SageDB 5.0\bin\mysqld-nt.exe [5685248 2011-07-18] () [File not signed]
R3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-06] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-05-06] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-06] (Avast Software s.r.o.)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449896 2015-05-06] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-06] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-06] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-06] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-06] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-06] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-06 14:15 - 2015-06-06 14:16 - 00014549 _____ C:\Users\Gaby\Desktop\FRST.txt
2015-06-06 14:15 - 2015-06-06 14:15 - 00000000 ____D C:\FRST
2015-06-06 14:14 - 2015-06-06 14:14 - 02108928 _____ (Farbar) C:\Users\Gaby\Desktop\FRST64.exe
2015-06-06 14:12 - 2015-06-06 14:12 - 00000470 _____ C:\Users\Gaby\Desktop\defogger_disable.log
2015-06-06 14:12 - 2015-06-06 14:12 - 00000000 _____ C:\Users\Gaby\defogger_reenable
2015-06-06 14:09 - 2015-06-06 14:09 - 00050477 _____ C:\Users\Gaby\Desktop\Defogger.exe
2015-06-03 08:03 - 2015-06-04 07:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-02 10:12 - 2015-06-02 10:12 - 00275160 _____ C:\Windows\Minidump\060215-19874-01.dmp
2015-06-01 17:57 - 2015-06-06 10:02 - 00000492 _____ C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2015-06-01 17:57 - 2015-06-04 19:00 - 00000466 _____ C:\Windows\Tasks\ParetoLogic Registration3.job
2015-06-01 17:57 - 2015-06-01 17:57 - 00003128 _____ C:\Windows\System32\Tasks\ParetoLogic Registration3
2015-06-01 17:57 - 2015-06-01 17:57 - 00002916 _____ C:\Windows\System32\Tasks\ParetoLogic Update Version3 Startup Task
2015-06-01 17:57 - 2015-06-01 17:57 - 00000000 ____D C:\Users\Gaby\AppData\Roaming\ParetoLogic
2015-06-01 17:57 - 2015-06-01 17:57 - 00000000 ____D C:\Users\Gaby\AppData\Roaming\DriverCure
2015-06-01 17:56 - 2015-06-02 13:29 - 00000000 ____D C:\ProgramData\ParetoLogic
2015-06-01 17:56 - 2015-06-02 08:03 - 00000440 _____ C:\Windows\Tasks\ParetoLogic Update Version3.job
2015-06-01 17:56 - 2015-06-01 17:57 - 00003250 _____ C:\Windows\System32\Tasks\ParetoLogic Update Version3
2015-06-01 17:55 - 2015-06-01 17:55 - 05813872 _____ (ParetoLogic Inc.) C:\Users\Gaby\Downloads\ParetoLogic PC Health Advisor_de.exe
2015-06-01 08:46 - 2015-06-01 08:46 - 00275160 _____ C:\Windows\Minidump\060115-20389-01.dmp
2015-05-29 18:49 - 2015-05-29 18:49 - 00275160 _____ C:\Windows\Minidump\052915-17643-01.dmp
2015-05-29 08:06 - 2015-05-29 08:06 - 00275160 _____ C:\Windows\Minidump\052915-19858-01.dmp
2015-05-28 15:50 - 2015-05-28 15:52 - 00000000 ____D C:\ProgramData\SystemExplorer
2015-05-28 15:50 - 2015-05-28 15:50 - 01918512 _____ (Mister Group ) C:\Users\Gaby\Downloads\SystemExplorerSetup_642.exe
2015-05-28 15:50 - 2015-05-28 15:50 - 00001086 _____ C:\Users\Public\Desktop\System Explorer.lnk
2015-05-28 15:50 - 2015-05-28 15:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer
2015-05-28 15:50 - 2015-05-28 15:50 - 00000000 ____D C:\Program Files (x86)\System Explorer
2015-05-27 08:48 - 2015-05-27 08:48 - 00000000 ____D C:\Users\Gaby\AppData\Local\TempTaskUpdateDetection1134F557-1C0C-41B3-B1F2-A39BA126BB19
2015-05-27 08:18 - 2015-05-27 08:18 - 06381872 _____ C:\Users\Gaby\Downloads\VR_PROTECT.exe.rar
2015-05-27 08:18 - 2015-05-27 08:18 - 00000000 ____D C:\Users\Gaby\AppData\Roaming\WinRAR
2015-05-26 07:59 - 2015-05-26 07:59 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Gaby\Downloads\mbam-setup-2.1.6.1022(1).exe
2015-05-23 12:29 - 2015-06-01 07:41 - 00196630 _____ C:\211.sal
2015-05-23 12:15 - 2015-05-23 12:15 - 00002335 _____ C:\meldearchiv265159952369.mla
2015-05-23 12:14 - 2015-05-23 12:14 - 00003154 _____ C:\Windows\System32\Tasks\{B312B1ED-D02E-4A10-8247-6C954C8232DE}
2015-05-15 16:29 - 2015-05-06 19:40 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-15 15:51 - 2015-05-15 15:51 - 00000000 __SHD C:\Users\Gaby\AppData\Local\EmieUserList
2015-05-15 15:51 - 2015-05-15 15:51 - 00000000 __SHD C:\Users\Gaby\AppData\Local\EmieSiteList
2015-05-15 15:51 - 2015-05-15 15:51 - 00000000 __SHD C:\Users\Gaby\AppData\Local\EmieBrowserModeList
2015-05-13 19:01 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 19:01 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 09:26 - 2015-06-02 10:12 - 00000000 ____D C:\Windows\Minidump
2015-05-13 09:26 - 2015-05-13 09:26 - 00275160 _____ C:\Windows\Minidump\051315-26707-01.dmp
2015-05-13 09:25 - 2015-06-02 10:12 - 403577944 _____ C:\Windows\MEMORY.DMP
2015-05-13 07:53 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 07:53 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 07:53 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 07:53 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 07:53 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 07:53 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 07:53 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 07:53 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 07:53 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 07:53 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 07:53 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 07:53 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 07:53 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 07:53 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 07:53 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 07:53 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 07:53 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 07:53 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 07:53 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 07:53 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 07:53 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 07:53 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 07:53 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 07:53 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 07:53 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 07:53 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 07:53 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 07:53 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 07:53 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 07:53 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 07:53 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 07:53 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 07:53 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 07:53 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 07:53 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 07:53 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 07:53 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 07:53 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 07:53 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 07:53 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 07:53 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 07:53 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 07:53 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 07:53 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 07:53 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 07:53 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 07:53 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 07:53 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 07:53 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 07:53 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 07:53 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 07:53 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 07:53 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 07:53 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 07:53 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 07:53 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 07:53 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 07:53 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 07:53 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 07:53 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 07:53 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 07:53 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 07:53 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 07:53 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 07:53 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 07:53 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-12 17:53 - 2015-05-12 17:53 - 00001570 _____ C:\Users\Gaby\Desktop\DivX Movies.lnk
2015-05-12 17:52 - 2015-05-12 17:52 - 00001062 _____ C:\Users\Public\Desktop\DivX Player.lnk
2015-05-12 17:52 - 2015-05-12 17:52 - 00000000 ____D C:\Users\Gaby\AppData\Roaming\DivX
2015-05-12 17:52 - 2015-05-12 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2015-05-12 17:52 - 2015-05-12 17:52 - 00000000 ____D C:\Program Files\DivX
2015-05-11 15:36 - 2015-06-04 10:53 - 00000000 ____D C:\Users\Gaby\AppData\Roaming\Coronic
2015-05-11 11:30 - 2015-06-06 13:16 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-11 11:30 - 2015-05-26 08:00 - 00001102 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-11 11:30 - 2015-05-26 08:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-11 11:30 - 2015-05-26 08:00 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-11 11:30 - 2015-05-11 11:32 - 01010672 _____ (DivX, LLC) C:\Users\Gaby\Downloads\DivXInstaller.exe
2015-05-11 11:30 - 2015-05-11 11:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-05-11 11:30 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-11 11:30 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-11 11:30 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-11 11:28 - 2015-05-11 11:28 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Gaby\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-11 11:27 - 2015-05-11 11:27 - 00000000 ____D C:\Users\Gaby\AppData\Roaming\Macromedia
2015-05-11 11:27 - 2015-05-11 11:27 - 00000000 ____D C:\Users\Gaby\AppData\Local\Macromedia
2015-05-11 11:26 - 2015-05-11 11:26 - 00000000 ____D C:\Windows\system32\appmgmt
2015-05-11 11:22 - 2015-06-06 13:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-11 11:22 - 2015-05-26 14:00 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-11 11:22 - 2015-05-26 14:00 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-11 11:22 - 2015-05-26 14:00 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-11 11:22 - 2015-05-26 14:00 - 00000000 ____D C:\Users\Gaby\AppData\Local\Adobe
2015-05-11 11:22 - 2015-05-11 11:22 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-05-11 11:22 - 2015-05-11 11:22 - 00000000 ____D C:\Windows\system32\Macromed
2015-05-11 11:22 - 2015-05-11 11:22 - 00000000 ____D C:\ProgramData\McAfee
2015-05-11 11:16 - 2015-05-12 17:53 - 00000000 ____D C:\Program Files (x86)\DivX
2015-05-11 11:13 - 2015-05-13 10:06 - 00000000 ____D C:\Users\Gaby\AppData\Roaming\PDF Architect 3
2015-05-11 11:13 - 2015-05-11 11:13 - 00000983 _____ C:\Users\Public\Desktop\PDF Architect 3.lnk
2015-05-11 11:10 - 2015-05-11 11:13 - 00000000 ____D C:\Program Files (x86)\PDF Architect 3
2015-05-11 11:10 - 2015-05-11 11:10 - 00000000 ____D C:\Users\Gaby\Documents\PDF Architect
2015-05-11 11:10 - 2015-05-11 11:10 - 00000000 ____D C:\ProgramData\PDF Architect 3
2015-05-11 11:10 - 2015-05-11 11:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 3
2015-05-11 11:09 - 2015-05-11 11:13 - 00000000 ____D C:\Program Files\PDFCreator
2015-05-11 11:09 - 2015-05-11 11:10 - 00115592 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2015-05-11 11:09 - 2015-05-11 11:09 - 00000836 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2015-05-11 11:09 - 2015-05-11 11:09 - 00000000 ____D C:\Users\Gaby\AppData\Roaming\pdfforge
2015-05-11 11:09 - 2015-05-11 11:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-05-11 11:06 - 2015-05-11 11:06 - 27837984 _____ (pdfforge ) C:\Users\Gaby\Downloads\PDFCreator-2_1_1-setup.exe
2015-05-11 11:03 - 2015-05-12 17:53 - 00000000 ____D C:\ProgramData\DivX
2015-05-08 16:53 - 2015-06-06 12:26 - 00000000 ____D C:\auswert
2015-05-08 12:57 - 2015-05-08 12:57 - 00000000 ____D C:\Users\Gaby\Desktop\Bilder Maler
2015-05-08 12:15 - 2012-02-11 08:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2015-05-08 12:15 - 2012-02-11 08:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2015-05-08 12:15 - 2011-02-25 08:19 - 02871808 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-05-08 12:15 - 2011-02-25 07:30 - 02616320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-05-07 19:59 - 2015-05-07 19:59 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2015-05-07 19:06 - 2015-05-07 20:00 - 00293284 _____ C:\Windows\msxml4-KB973688-enu.LOG
2015-05-07 19:04 - 2015-05-07 19:59 - 00292296 _____ C:\Windows\msxml4-KB954430-enu.LOG
2015-05-07 17:25 - 2015-05-07 18:35 - 00002135 _____ C:\Users\Gaby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-05-07 17:25 - 2015-05-07 18:35 - 00000000 ___RD C:\Users\Gaby\OneDrive
2015-05-07 17:25 - 2015-05-07 17:25 - 00002120 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-05-07 17:25 - 2015-05-07 17:25 - 00002120 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-05-07 17:25 - 2015-05-07 17:25 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-05-07 17:25 - 2015-05-07 17:25 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2015-05-07 17:20 - 2015-05-07 17:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-05-07 17:19 - 2015-05-07 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-07 17:17 - 2015-05-22 14:36 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-05-07 17:16 - 2015-05-07 17:16 - 01080000 _____ (Microsoft Corporation) C:\Users\Gaby\Downloads\Setup.X86.de-DE_O365HomePremRetail_ea75f84b-b91d-4064-8510-c90f4a835ae1_TX_DB_.exe
2015-05-07 17:16 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-05-07 17:16 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-05-07 17:16 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-05-07 17:16 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-05-07 17:16 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-05-07 17:16 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2015-05-07 17:16 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2015-05-07 17:16 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2015-05-07 17:16 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2015-05-07 17:16 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2015-05-07 17:14 - 2011-03-11 08:41 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2015-05-07 17:14 - 2011-03-11 08:41 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2015-05-07 17:14 - 2011-03-11 08:41 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2015-05-07 17:14 - 2011-03-11 08:41 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2015-05-07 17:14 - 2011-03-11 08:41 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2015-05-07 17:14 - 2011-03-11 08:33 - 02565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2015-05-07 17:14 - 2011-03-11 08:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2015-05-07 17:14 - 2011-03-11 07:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2015-05-07 17:14 - 2011-03-11 07:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2015-05-07 17:14 - 2011-03-11 06:37 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2015-05-07 16:57 - 2015-05-07 16:57 - 00000000 ____D C:\Users\Gaby\AppData\Roaming\Adobe
2015-05-07 16:35 - 2015-05-15 16:25 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-07 16:35 - 2015-05-07 16:35 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-07 16:35 - 2015-05-07 16:35 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-05-07 16:35 - 2015-05-07 16:35 - 00000000 ____D C:\Windows\system32\appraiser
2015-05-07 12:58 - 2015-01-09 01:44 - 00419936 _____ C:\Windows\SysWOW64\locale.nls
2015-05-07 12:58 - 2015-01-09 01:43 - 00419936 _____ C:\Windows\system32\locale.nls
2015-05-07 12:45 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2015-05-07 12:40 - 2015-06-06 10:24 - 00005128 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Gaby-PC-Gaby Gaby-PC
2015-05-07 12:38 - 2015-05-07 12:38 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-07 12:38 - 2015-05-07 12:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-07 12:38 - 2015-05-07 12:38 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-07 12:38 - 2015-05-07 12:38 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-07 12:38 - 2015-05-07 12:38 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-07 12:38 - 2015-05-07 12:38 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-07 12:38 - 2015-05-07 12:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2015-05-07 12:38 - 2015-05-07 12:38 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-05-07 12:38 - 2015-05-07 12:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-07 12:38 - 2015-05-07 12:38 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-07 12:38 - 2015-05-07 12:38 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-05-07 12:38 - 2015-05-07 12:38 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2015-05-07 12:38 - 2015-05-07 12:38 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-07 12:38 - 2015-05-07 12:38 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-05-07 12:38 - 2015-05-07 12:38 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2015-05-07 12:38 - 2015-05-07 12:38 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-07 12:38 - 2015-05-07 12:38 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-07 12:38 - 2015-05-07 12:38 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-05-07 12:38 - 2015-05-07 12:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-05-07 12:38 - 2015-05-07 12:38 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-05-07 12:38 - 2015-05-07 12:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2015-05-07 12:38 - 2015-05-07 12:38 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-05-07 12:38 - 2015-05-07 12:38 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-05-07 12:38 - 2015-05-07 12:38 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-05-07 12:38 - 2015-05-07 12:38 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-07 12:38 - 2015-05-07 12:38 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-05-07 12:38 - 2015-05-07 12:38 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-07 12:38 - 2015-05-07 12:38 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-05-07 12:38 - 2015-05-07 12:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-05-07 12:36 - 2015-05-07 12:36 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

janzek · 06.06.2015, 16:01

Teil 2 FRST

Code:

ATTFilter

2015-05-07 12:34 - 2015-06-05 17:39 - 00066984 _____ C:\Windows\IE11_main.log
2015-05-07 12:07 - 2015-05-13 19:04 - 00000000 ____D C:\Windows\system32\MRT
2015-05-07 12:07 - 2015-05-13 19:02 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-07 12:07 - 2015-05-07 12:07 - 00000000 ____D C:\Users\Gaby\Documents\Benutzerdefinierte Office-Vorlagen
2015-05-07 11:01 - 2015-05-27 17:56 - 00000000 ____D C:\Users\Gaby\Desktop\Nebenkosten Donnerschwee
2015-05-07 11:01 - 2015-05-14 15:09 - 00000000 ____D C:\Users\Gaby\Desktop\Gaby Diät
2015-05-07 11:01 - 2015-05-07 11:01 - 00000000 ____D C:\Users\Gaby\Desktop\Kontoauszüge
2015-05-07 11:01 - 2015-05-07 11:01 - 00000000 ____D C:\Users\Gaby\Desktop\Jahresmeldungen GmbH 2014
2015-05-07 11:01 - 2015-05-07 11:01 - 00000000 ____D C:\Users\Gaby\Desktop\Diekmann
2015-05-07 10:42 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-07 10:40 - 2015-06-05 17:24 - 00000000 ____D C:\Users\Gaby\Documents\Steuerfälle
2015-05-07 08:33 - 2012-07-26 05:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2015-05-07 08:33 - 2012-07-26 05:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2015-05-07 08:33 - 2012-07-26 05:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2015-05-07 08:33 - 2012-07-26 05:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2015-05-07 08:33 - 2012-07-26 05:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2015-05-07 08:33 - 2012-07-26 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2015-05-07 08:33 - 2012-07-26 04:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2015-05-07 08:33 - 2012-06-02 16:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2015-05-07 08:25 - 2012-03-01 08:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2015-05-07 08:25 - 2012-03-01 08:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2015-05-07 08:25 - 2012-03-01 07:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2015-05-07 08:18 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-05-07 08:18 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-05-07 08:18 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-05-07 08:18 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-05-07 08:18 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-05-07 08:18 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-05-07 08:17 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-05-07 08:17 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-05-07 08:16 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-05-07 08:16 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-05-07 08:16 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-05-07 08:16 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-05-07 08:16 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-05-07 08:16 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-05-07 08:16 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-05-07 08:16 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-05-07 08:16 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-05-07 08:16 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-05-07 08:16 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-05-07 08:15 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-05-07 08:15 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-05-07 08:15 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-05-07 08:15 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-05-07 08:15 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-05-07 08:15 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-05-07 08:15 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-05-07 08:15 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-05-07 08:15 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-05-07 08:15 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-05-07 08:15 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-05-07 08:15 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-05-07 08:15 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-05-07 08:15 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-05-07 08:15 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-05-07 08:15 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-05-07 08:15 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-05-07 08:15 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-05-07 08:15 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-05-07 08:15 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-05-07 08:15 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-05-07 08:15 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-05-07 08:15 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-05-07 08:15 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-05-07 08:15 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-05-07 08:15 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-05-07 08:15 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-05-07 08:15 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-05-07 08:15 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-05-07 08:15 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-05-07 08:15 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-05-07 08:15 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-05-07 08:15 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-05-07 08:15 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-05-07 08:15 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-05-07 08:15 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-05-07 08:15 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-05-07 08:15 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-05-07 08:15 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-05-07 08:15 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-05-07 08:15 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-05-07 08:15 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-05-07 08:15 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-05-07 08:15 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-05-07 08:15 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-05-07 08:15 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-05-07 08:15 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-05-07 08:15 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-05-07 08:15 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-05-07 08:15 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-05-07 08:15 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-05-07 08:15 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-05-07 08:15 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-05-07 08:15 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-05-07 08:15 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-05-07 08:15 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-05-07 08:15 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-05-07 08:15 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-05-07 08:15 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-05-07 08:15 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-05-07 08:15 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-05-07 08:15 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-05-07 08:15 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-05-07 08:15 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-05-07 08:15 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-05-07 08:15 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-05-07 08:15 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-05-07 08:15 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-05-07 08:15 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-05-07 08:15 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-05-07 08:13 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-05-07 08:13 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-05-07 08:13 - 2014-11-11 05:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-05-07 08:13 - 2014-11-11 04:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-05-07 08:13 - 2013-10-30 04:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2015-05-07 08:13 - 2013-10-30 04:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2015-05-07 08:13 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-05-07 08:13 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2015-05-07 08:13 - 2012-10-09 20:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2015-05-07 08:13 - 2012-10-09 20:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2015-05-07 08:13 - 2012-10-09 19:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2015-05-07 08:13 - 2012-10-09 19:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2015-05-07 08:13 - 2011-11-17 08:35 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2015-05-07 08:13 - 2011-11-17 07:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2015-05-07 08:13 - 2011-10-15 08:31 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2015-05-07 08:13 - 2011-10-15 07:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2015-05-07 08:12 - 2014-12-19 03:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-05-07 08:12 - 2014-10-14 04:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-05-07 08:11 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-05-07 08:11 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-05-07 08:11 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-05-07 08:11 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-05-07 08:11 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-05-07 08:11 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-05-07 08:11 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-05-07 08:11 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-05-07 08:11 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-05-07 08:11 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-05-07 08:11 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-05-07 08:11 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-05-07 08:11 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-05-07 08:11 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-05-07 08:11 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-05-07 08:11 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-05-07 08:11 - 2013-12-04 04:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2015-05-07 08:11 - 2013-12-04 04:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2015-05-07 08:11 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2015-05-07 08:11 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2015-05-07 08:11 - 2013-12-04 04:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2015-05-07 08:11 - 2013-12-04 04:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2015-05-07 08:11 - 2013-12-04 04:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2015-05-07 08:11 - 2013-12-04 04:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2015-05-07 08:11 - 2013-12-04 04:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2015-05-07 08:11 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2015-05-07 08:11 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2015-05-07 08:11 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2015-05-07 08:11 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2015-05-07 08:11 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2015-05-07 08:11 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2015-05-07 08:11 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2015-05-07 08:11 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2015-05-07 08:11 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2015-05-07 08:11 - 2012-01-04 12:44 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2015-05-07 08:11 - 2012-01-04 10:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2015-05-07 08:10 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-05-07 08:10 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-05-07 08:10 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-05-07 08:10 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-05-07 08:10 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-05-07 08:10 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-05-07 08:10 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-05-07 08:10 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-05-07 08:10 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-05-07 08:10 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-05-07 08:10 - 2014-12-19 05:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-05-07 08:10 - 2014-12-08 05:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-05-07 08:10 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-05-07 08:10 - 2014-12-06 06:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-05-07 08:10 - 2014-12-06 05:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-05-07 08:10 - 2014-12-06 05:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-05-07 08:10 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-05-07 08:10 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-05-07 08:10 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-05-07 08:10 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-05-07 08:10 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-05-07 08:10 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-05-07 08:10 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-05-07 08:10 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-05-07 08:10 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-05-07 08:10 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-05-07 08:10 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-05-07 08:10 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-05-07 08:10 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-05-07 08:10 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-05-07 08:10 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-05-07 08:10 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-05-07 08:10 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2015-05-07 08:10 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-05-07 08:10 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-05-07 08:10 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-05-07 08:10 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2015-05-07 08:10 - 2013-04-26 01:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2015-05-07 08:10 - 2013-04-01 00:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2015-05-07 08:10 - 2013-03-19 07:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2015-05-07 08:10 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-05-07 08:10 - 2013-01-24 08:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2015-05-07 08:10 - 2012-10-03 19:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2015-05-07 08:10 - 2012-10-03 19:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-05-07 08:10 - 2012-10-03 19:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-05-07 08:10 - 2012-10-03 19:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2015-05-07 08:10 - 2012-10-03 19:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2015-05-07 08:10 - 2012-10-03 18:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2015-05-07 08:10 - 2012-10-03 18:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2015-05-07 08:10 - 2012-10-03 18:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2015-05-07 08:10 - 2012-09-26 00:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2015-05-07 08:10 - 2012-09-26 00:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2015-05-07 08:10 - 2012-08-22 20:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-05-07 08:10 - 2012-07-04 22:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2015-05-07 08:10 - 2012-03-17 09:58 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2015-05-07 08:10 - 2011-07-09 04:46 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-05-07 08:10 - 2011-06-16 07:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2015-05-07 08:10 - 2011-06-16 06:33 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2015-05-07 08:10 - 2011-04-27 04:40 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-05-07 08:10 - 2011-04-27 04:39 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-05-07 08:09 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-05-07 08:09 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-05-07 08:09 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-05-07 08:09 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-05-07 08:09 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-05-07 08:09 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-05-07 08:09 - 2014-12-11 19:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-05-07 08:09 - 2014-10-30 04:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-05-07 08:09 - 2014-10-30 03:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-05-07 08:09 - 2014-10-14 04:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-05-07 08:09 - 2014-10-14 03:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-05-07 08:09 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-05-07 08:09 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2015-05-07 08:09 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-05-07 08:09 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-05-07 08:09 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-05-07 08:09 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-05-07 08:09 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-05-07 08:09 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-05-07 08:09 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2015-05-07 08:09 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2015-05-07 08:09 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2015-05-07 08:09 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2015-05-07 08:09 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2015-05-07 08:09 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2015-05-07 08:09 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2015-05-07 08:09 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2015-05-07 08:09 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2015-05-07 08:09 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2015-05-07 08:09 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2015-05-07 08:09 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2015-05-07 08:09 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2015-05-07 08:09 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2015-05-07 08:09 - 2013-10-19 04:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2015-05-07 08:09 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2015-05-07 08:09 - 2013-02-27 07:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-05-07 08:09 - 2012-11-23 05:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2015-05-07 08:09 - 2012-11-02 07:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2015-05-07 08:09 - 2012-11-02 07:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2015-05-07 08:09 - 2011-08-17 07:26 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2015-05-07 08:09 - 2011-08-17 07:25 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2015-05-07 08:09 - 2011-08-17 06:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2015-05-07 08:09 - 2011-08-17 06:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2015-05-07 08:09 - 2011-02-23 06:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2015-05-07 08:09 - 2011-02-12 13:34 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe
2015-05-07 08:08 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-05-07 08:08 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2015-05-07 08:08 - 2014-07-17 04:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-05-07 08:08 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-05-07 08:08 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-05-07 08:08 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-05-07 08:08 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-05-07 08:08 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-05-07 08:08 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-05-07 08:08 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-05-07 08:08 - 2013-05-10 07:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2015-05-07 08:08 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2015-05-07 08:08 - 2013-02-15 08:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-05-07 08:08 - 2013-02-15 08:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-05-07 08:08 - 2013-02-15 05:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-05-07 08:08 - 2012-12-07 15:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2015-05-07 08:08 - 2012-12-07 15:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2015-05-07 08:08 - 2012-12-07 14:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2015-05-07 08:08 - 2012-12-07 14:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2015-05-07 08:08 - 2012-12-07 13:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2015-05-07 08:08 - 2012-12-07 13:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2015-05-07 08:08 - 2012-12-07 13:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2015-05-07 08:08 - 2012-12-07 13:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2015-05-07 08:08 - 2012-12-07 13:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2015-05-07 08:08 - 2012-12-07 13:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2015-05-07 08:08 - 2012-12-07 13:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2015-05-07 08:08 - 2012-12-07 13:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2015-05-07 08:08 - 2012-12-07 13:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2015-05-07 08:08 - 2012-12-07 13:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2015-05-07 08:08 - 2012-12-07 13:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2015-05-07 08:08 - 2012-12-07 13:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2015-05-07 08:08 - 2012-12-07 13:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2015-05-07 08:08 - 2012-12-07 13:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2015-05-07 08:08 - 2012-12-07 12:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2015-05-07 08:08 - 2012-12-07 12:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2015-05-07 08:08 - 2012-12-07 12:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2015-05-07 08:08 - 2012-12-07 12:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2015-05-07 08:08 - 2012-12-07 12:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2015-05-07 08:08 - 2012-12-07 12:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2015-05-07 08:08 - 2012-12-07 12:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2015-05-07 08:08 - 2012-12-07 12:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2015-05-07 08:08 - 2012-12-07 12:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2015-05-07 08:08 - 2012-12-07 12:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2015-05-07 08:08 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2015-05-07 08:08 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2015-05-07 08:08 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2015-05-07 08:08 - 2012-12-07 12:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2015-05-07 08:08 - 2012-04-26 07:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2015-05-07 08:08 - 2012-04-26 07:34 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2015-05-07 08:07 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-05-07 08:07 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-05-07 08:07 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-05-07 08:07 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-05-07 08:07 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-05-07 08:07 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-05-07 08:07 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-05-07 08:07 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-05-07 08:07 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-05-07 08:07 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-05-07 08:07 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-05-07 08:07 - 2015-01-28 01:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-05-07 08:07 - 2014-11-08 05:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-05-07 08:07 - 2014-11-08 04:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-05-07 08:07 - 2014-10-25 03:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-05-07 08:07 - 2014-10-25 03:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-05-07 08:07 - 2014-10-03 04:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-05-07 08:07 - 2014-10-03 04:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-05-07 08:07 - 2014-10-03 04:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-05-07 08:07 - 2014-10-03 04:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-05-07 08:07 - 2014-10-03 04:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-05-07 08:07 - 2014-10-03 03:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-05-07 08:07 - 2014-10-03 03:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-05-07 08:07 - 2014-10-03 03:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-05-07 08:07 - 2014-10-03 03:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-05-07 08:07 - 2014-10-03 03:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-05-07 08:07 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-05-07 08:07 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2015-05-07 08:07 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2015-05-07 08:07 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2015-05-07 08:07 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2015-05-07 08:07 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2015-05-07 08:07 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2015-05-07 08:07 - 2013-10-12 04:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2015-05-07 08:07 - 2013-10-12 04:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2015-05-07 08:07 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2015-05-07 08:07 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2015-05-07 08:07 - 2013-10-12 03:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2015-05-07 08:07 - 2013-10-12 03:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2015-05-07 08:07 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2015-05-07 08:07 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2015-05-07 08:07 - 2013-10-04 04:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2015-05-07 08:07 - 2013-10-04 04:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2015-05-07 08:07 - 2013-10-04 03:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2015-05-07 08:07 - 2013-10-04 03:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2015-05-07 08:07 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2015-05-07 08:07 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2015-05-07 08:07 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2015-05-07 08:07 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2015-05-07 08:07 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-05-07 08:07 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-05-07 08:07 - 2012-07-05 00:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2015-05-07 08:07 - 2012-07-05 00:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2015-05-07 08:07 - 2012-07-05 00:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2015-05-07 08:07 - 2012-07-04 23:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2015-05-07 08:07 - 2012-07-04 23:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2015-05-07 08:07 - 2011-06-15 12:02 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll
2015-05-07 08:07 - 2011-06-15 12:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll
2015-05-07 08:07 - 2011-06-15 12:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll
2015-05-07 08:07 - 2011-06-15 12:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll
2015-05-07 08:07 - 2011-06-15 10:55 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2015-05-07 08:07 - 2011-06-15 10:55 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2015-05-07 08:07 - 2011-06-15 10:55 - 00122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2015-05-07 08:07 - 2011-06-15 10:55 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2015-05-07 08:07 - 2011-06-15 10:55 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2015-05-07 08:07 - 2011-05-04 07:25 - 02315776 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-05-07 08:07 - 2011-05-04 07:22 - 02223616 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-05-07 08:07 - 2011-05-04 07:22 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-05-07 08:07 - 2011-05-04 07:22 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-05-07 08:07 - 2011-05-04 07:22 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-05-07 08:07 - 2011-05-04 07:22 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2015-05-07 08:07 - 2011-05-04 07:19 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-05-07 08:07 - 2011-05-04 07:19 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-05-07 08:07 - 2011-05-04 07:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2015-05-07 08:07 - 2011-05-04 06:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-05-07 08:07 - 2011-05-04 06:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-05-07 08:07 - 2011-05-04 06:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-05-07 08:07 - 2011-05-04 06:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-05-07 08:07 - 2011-05-04 06:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2015-05-07 08:07 - 2011-05-04 06:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2015-05-07 08:07 - 2011-05-04 06:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-05-07 08:07 - 2011-05-04 06:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-05-07 08:07 - 2011-05-04 06:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2015-05-07 08:07 - 2011-05-03 07:29 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-07 08:07 - 2011-05-03 06:30 - 00741376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-07 08:07 - 2011-03-11 08:34 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-05-07 08:07 - 2011-03-11 08:34 - 01359872 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-05-07 08:07 - 2011-03-11 07:33 - 01164288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2015-05-07 08:07 - 2011-03-11 07:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2015-05-07 08:07 - 2010-12-23 12:42 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2015-05-07 08:07 - 2010-12-23 12:42 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2015-05-07 08:07 - 2010-12-23 12:36 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2015-05-07 08:07 - 2010-12-23 07:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2015-05-07 08:07 - 2010-12-23 07:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2015-05-07 08:07 - 2010-12-23 07:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2015-05-07 08:06 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-05-07 08:06 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-05-07 08:06 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-05-07 08:06 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-05-07 08:06 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-05-07 08:06 - 2014-11-26 05:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-05-07 08:06 - 2014-11-26 05:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-05-07 08:06 - 2014-11-11 03:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-05-07 08:06 - 2014-10-04 04:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-05-07 08:06 - 2014-10-04 03:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-05-07 08:06 - 2014-10-04 03:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-05-07 08:06 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-05-07 08:06 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-05-07 08:06 - 2014-08-12 04:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-05-07 08:06 - 2014-08-12 03:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-05-07 08:06 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-05-07 08:06 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-05-07 08:06 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-05-07 08:06 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-05-07 08:06 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-05-07 08:06 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2015-05-07 08:06 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2015-05-07 08:06 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2015-05-07 08:06 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2015-05-07 08:06 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2015-05-07 08:06 - 2013-04-10 08:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2015-05-07 08:06 - 2012-11-29 00:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2015-05-07 08:06 - 2012-11-29 00:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2015-05-07 08:06 - 2012-11-29 00:56 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2015-05-07 08:06 - 2012-08-21 23:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2015-05-07 08:06 - 2012-06-06 08:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2015-05-07 08:06 - 2012-06-06 07:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2015-05-07 08:06 - 2012-05-14 07:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-05-07 08:06 - 2011-12-30 08:26 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2015-05-07 08:06 - 2011-12-30 07:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2015-05-07 08:06 - 2011-12-16 10:46 - 00634880 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2015-05-07 08:06 - 2011-12-16 09:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2015-05-07 08:06 - 2011-08-27 07:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2015-05-07 08:06 - 2011-08-27 06:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2015-05-07 08:06 - 2011-05-24 13:42 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2015-05-07 08:06 - 2011-05-24 12:40 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2015-05-07 08:06 - 2011-05-24 12:40 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2015-05-07 08:06 - 2011-05-24 12:39 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2015-05-07 08:06 - 2011-05-24 12:37 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2015-05-07 08:06 - 2011-04-29 05:06 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-05-07 08:06 - 2011-04-29 05:05 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2015-05-07 08:06 - 2011-04-29 05:05 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2015-05-07 08:06 - 2011-03-03 08:24 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-05-07 08:06 - 2011-03-03 08:24 - 00183296 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2015-05-07 08:06 - 2011-03-03 08:21 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2015-05-07 08:06 - 2011-03-03 07:38 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-05-07 08:06 - 2011-03-03 07:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2015-05-07 08:06 - 2011-02-18 12:51 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2015-05-07 08:06 - 2011-02-18 07:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2015-05-07 08:06 - 2011-02-05 19:10 - 00020352 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll
2015-05-07 08:06 - 2011-02-05 19:10 - 00019328 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll
2015-05-07 08:06 - 2011-02-05 19:10 - 00017792 _____ (Microsoft Corporation) C:\Windows\system32\kdcom.dll
2015-05-07 08:06 - 2011-02-03 13:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-05-07 08:05 - 2015-01-09 05:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-05-07 08:05 - 2015-01-09 05:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-05-07 08:05 - 2015-01-09 05:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-05-07 08:05 - 2015-01-09 04:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-05-07 08:05 - 2013-10-12 04:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-05-07 08:05 - 2013-10-12 04:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-05-07 08:05 - 2013-10-12 04:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-05-07 08:05 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-05-07 08:05 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-05-07 07:42 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-05-07 07:42 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-05-07 07:42 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2015-05-07 04:04 - 2015-05-06 19:05 - 00000000 ____D C:\Windows\Panther
2015-05-07 04:03 - 2015-05-07 04:03 - 00008192 __RSH C:\BOOTSECT.BAK
2015-05-07 04:03 - 2015-05-07 04:03 - 00000000 ____D C:\Hotfix
2015-05-07 04:03 - 2011-02-16 04:16 - 00000029 ___RH C:\Windows\version
2015-05-07 04:03 - 2011-02-16 04:16 - 00000013 ____R C:\Windows\csup.txt
2015-05-07 04:03 - 2010-11-21 05:23 - 00383786 __RSH C:\bootmgr
2015-05-07 04:02 - 2015-06-05 07:47 - 00653928 _____ C:\Windows\system32\perfh007.dat
2015-05-07 04:02 - 2015-06-05 07:47 - 00129800 _____ C:\Windows\system32\perfc007.dat
2015-05-07 04:02 - 2015-05-07 04:02 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2015-05-07 04:02 - 2015-05-07 04:02 - 00000000 ____D C:\Windows\SysWOW64\de
2015-05-07 04:02 - 2015-05-07 04:02 - 00000000 ____D C:\Windows\SysWOW64\0407
2015-05-07 04:02 - 2015-05-07 04:01 - 00295922 _____ C:\Windows\system32\perfi007.dat
2015-05-07 04:02 - 2015-05-07 04:01 - 00038104 _____ C:\Windows\system32\perfd007.dat
2015-05-07 04:01 - 2015-05-07 04:01 - 00000000 ____D C:\Windows\system32\de
2015-05-07 04:01 - 2015-05-07 04:01 - 00000000 ____D C:\Windows\system32\0407
==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-06 14:12 - 2015-05-06 19:05 - 00000000 ____D C:\Users\Gaby
2015-06-06 13:47 - 2015-05-06 18:07 - 01994327 _____ C:\Windows\WindowsUpdate.log
2015-06-06 12:16 - 2015-05-06 20:21 - 00000000 ____D C:\Users\Gaby\Documents\Outlook-Dateien
2015-06-06 10:10 - 2009-07-14 06:45 - 00025680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-06 10:10 - 2009-07-14 06:45 - 00025680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-06 10:03 - 2015-05-06 19:41 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-06-06 10:02 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-06 10:02 - 2009-07-14 06:51 - 00027292 _____ C:\Windows\setupact.log
2015-06-05 07:47 - 2009-07-14 07:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-04 07:21 - 2015-05-06 19:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-04 07:21 - 2010-11-21 05:47 - 00047638 _____ C:\Windows\PFRO.log
2015-05-28 16:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-05-27 12:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-05-27 08:05 - 2015-03-12 11:49 - 21197880 _____ (GAD eG, Münster) C:\Users\Gaby\Desktop\VR_PROTECT.exe
2015-05-23 12:28 - 2015-05-06 19:57 - 00000000 ____D C:\Program Files (x86)\microlobu
2015-05-15 16:29 - 2015-05-06 19:54 - 00001982 _____ C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-05-15 16:29 - 2015-05-06 19:54 - 00001922 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2015-05-15 16:25 - 2010-11-21 09:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-05-15 16:25 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-05-15 16:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2015-05-14 10:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-05-13 19:29 - 2009-07-14 06:45 - 00433144 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-13 19:27 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-13 19:27 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-11 15:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Cursors
2015-05-11 11:26 - 2015-05-06 21:36 - 00000000 ____D C:\Program Files (x86)\Akademische Arbeitsgemeinschaft
2015-05-11 11:26 - 2015-05-06 21:35 - 00000000 ____D C:\ProgramData\AAV
2015-05-11 11:26 - 2015-05-06 19:31 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-11 11:26 - 2015-05-06 19:31 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-11 11:26 - 2015-05-06 19:06 - 00001433 _____ C:\Users\Gaby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-11 11:02 - 2015-05-06 19:56 - 00000000 ____D C:\Users\Gaby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-11 11:02 - 2015-05-06 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-11 11:02 - 2015-05-06 19:56 - 00000000 ____D C:\Program Files\WinRAR
2015-05-09 18:37 - 2015-05-06 20:14 - 00000000 ____D C:\Users\Gaby\AppData\Local\Microsoft Help
2015-05-09 11:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-05-09 11:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Dism
2015-05-08 10:52 - 2015-05-06 21:42 - 00002205 _____ C:\Users\Public\Desktop\SteuerSparErklärung 2015.lnk
2015-05-08 07:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2015-05-08 07:47 - 2015-05-06 19:38 - 00111448 _____ C:\Users\Gaby\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-07 17:20 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-05-07 17:06 - 2015-05-06 20:14 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-07 17:06 - 2015-05-06 20:14 - 00000000 ____D C:\Program Files\Microsoft Office
2015-05-07 17:05 - 2010-11-21 09:17 - 00000000 ____D C:\Windows\ShellNew
2015-05-07 17:02 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System
2015-05-07 17:02 - 2009-07-14 04:34 - 00000387 _____ C:\Windows\win.ini
2015-05-07 16:35 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2015-05-07 16:35 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-05-07 16:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2015-05-07 16:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2015-05-07 16:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2015-05-07 16:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\zh-HK
2015-05-07 16:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\tr-TR
2015-05-07 10:21 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\winrm
2015-05-07 10:21 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\WCN
2015-05-07 10:21 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\sysprep
2015-05-07 10:21 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2015-05-07 10:21 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2015-05-07 10:21 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\winrm
2015-05-07 10:21 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\WCN
2015-05-07 10:21 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\slmgr
2015-05-07 10:21 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2015-05-07 10:21 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\DigitalLocker
2015-05-07 10:21 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2015-05-07 10:21 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-05-07 10:21 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\DVD Maker
2015-05-07 10:21 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2015-05-07 10:21 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-05-07 10:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2015-05-07 10:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2015-05-07 10:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2015-05-07 10:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2015-05-07 10:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\com
2015-05-07 10:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sysprep
2015-05-07 10:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Setup
2015-05-07 10:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\oobe
2015-05-07 10:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\MUI
2015-05-07 10:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\migwiz
2015-05-07 10:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\com
2015-05-07 10:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\servicing
2015-05-07 10:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\IME
2015-05-07 04:03 - 2009-07-14 07:38 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG
2015-05-07 04:03 - 2009-07-14 07:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2015-05-07 04:03 - 2009-07-14 06:45 - 00000000 ____D C:\Windows\Setup
2015-05-07 04:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Recovery
2015-05-07 04:01 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\WinBioPlugIns

==================== Files in the root of some directories =======

2015-05-06 20:04 - 2015-05-06 20:04 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Gaby\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-03 10:47

==================== End of log ============================

janzek · 06.06.2015, 16:04

Teil 1 gmer

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-06-06 14:35:44
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500418AS rev.CC46 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Gaby\AppData\Local\Temp\kxldqpob.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                   000000007766dc60 5 bytes JMP 00000000777d0460
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                            000000007766dcb0 5 bytes JMP 00000000777d0450
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                            000000007766de10 5 bytes JMP 00000000777d0370
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                 000000007766de60 5 bytes JMP 00000000777d0470
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                       000000007766de70 5 bytes JMP 00000000777d03e0
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                            000000007766df20 5 bytes JMP 00000000777d0320
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                     000000007766df50 5 bytes JMP 00000000777d03b0
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                        000000007766df70 5 bytes JMP 00000000777d0390
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                              000000007766dfb0 5 bytes JMP 00000000777d02e0
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                            000000007766e030 5 bytes JMP 00000000777d02d0
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                          000000007766e050 5 bytes JMP 00000000777d0310
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                           000000007766e090 5 bytes JMP 00000000777d03c0
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                        000000007766e0e0 5 bytes JMP 00000000777d03f0
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                           000000007766e240 5 bytes JMP 00000000777d0230
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                000000007766e400 5 bytes JMP 00000000777d0480
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                               000000007766e430 5 bytes JMP 00000000777d03a0
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                        000000007766e510 5 bytes JMP 00000000777d02f0
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                     000000007766e520 5 bytes JMP 00000000777d0350
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                           000000007766e580 5 bytes JMP 00000000777d0290
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                        000000007766e610 5 bytes JMP 00000000777d02b0
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                         000000007766e630 5 bytes JMP 00000000777d03d0
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                            000000007766e640 5 bytes JMP 00000000777d0330
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                     000000007766e6b0 5 bytes JMP 00000000777d0410
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                        000000007766e6e0 5 bytes JMP 00000000777d0240
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                             000000007766e9a0 5 bytes JMP 00000000777d01e0
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                        000000007766ea60 5 bytes JMP 00000000777d0250
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                        000000007766ea90 5 bytes JMP 00000000777d0490
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                               000000007766eaa0 5 bytes JMP 00000000777d04a0
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                          000000007766ead0 5 bytes JMP 00000000777d0300
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                       000000007766eae0 5 bytes JMP 00000000777d0360
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                             000000007766eb40 5 bytes JMP 00000000777d02a0
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                          000000007766eb90 5 bytes JMP 00000000777d02c0
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                             000000007766ebc0 5 bytes JMP 00000000777d0380
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                              000000007766ebd0 5 bytes JMP 00000000777d0340
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                       000000007766eec0 5 bytes JMP 00000000777d0440
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                      000000007766f0c0 5 bytes JMP 00000000777d0260
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                         000000007766f0d0 5 bytes JMP 00000000777d0270
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                       000000007766f0e0 5 bytes JMP 00000000777d0400
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                   000000007766f2a0 5 bytes JMP 00000000777d01f0
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                    000000007766f2b0 5 bytes JMP 00000000777d0210
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                         000000007766f320 5 bytes JMP 00000000777d0200
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                         000000007766f380 5 bytes JMP 00000000777d0420
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                          000000007766f390 5 bytes JMP 00000000777d0430
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                     000000007766f3a0 5 bytes JMP 00000000777d0220
.text  C:\Windows\system32\services.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                             000000007766f480 5 bytes JMP 00000000777d0280
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                      000000007766dc60 5 bytes JMP 00000000777d0460
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                               000000007766dcb0 5 bytes JMP 00000000777d0450
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                               000000007766de10 5 bytes JMP 00000000777d0370
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                    000000007766de60 5 bytes JMP 00000000777d0470
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                          000000007766de70 5 bytes JMP 00000000777d03e0
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                               000000007766df20 5 bytes JMP 00000000777d0320
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                        000000007766df50 5 bytes JMP 00000000777d03b0
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                           000000007766df70 5 bytes JMP 00000000777d0390
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                 000000007766dfb0 5 bytes JMP 00000000777d02e0
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                               000000007766e030 5 bytes JMP 00000000777d02d0
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                             000000007766e050 5 bytes JMP 00000000777d0310
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                              000000007766e090 5 bytes JMP 00000000777d03c0
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                           000000007766e0e0 5 bytes JMP 00000000777d03f0
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                              000000007766e240 5 bytes JMP 00000000777d0230
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                   000000007766e400 5 bytes JMP 00000000777d0480
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                  000000007766e430 5 bytes JMP 00000000777d03a0
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                           000000007766e510 5 bytes JMP 00000000777d02f0
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                        000000007766e520 5 bytes JMP 00000000777d0350
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                              000000007766e580 5 bytes JMP 00000000777d0290
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                           000000007766e610 5 bytes JMP 00000000777d02b0
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                            000000007766e630 5 bytes JMP 00000000777d03d0
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                               000000007766e640 5 bytes JMP 00000000777d0330
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                        000000007766e6b0 5 bytes JMP 00000000777d0410
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                           000000007766e6e0 5 bytes JMP 00000000777d0240
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                000000007766e9a0 5 bytes JMP 00000000777d01e0
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                           000000007766ea60 5 bytes JMP 00000000777d0250
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                           000000007766ea90 5 bytes JMP 00000000777d0490
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                  000000007766eaa0 5 bytes JMP 00000000777d04a0
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                             000000007766ead0 5 bytes JMP 00000000777d0300
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                          000000007766eae0 5 bytes JMP 00000000777d0360
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                000000007766eb40 5 bytes JMP 00000000777d02a0
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                             000000007766eb90 5 bytes JMP 00000000777d02c0
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                000000007766ebc0 5 bytes JMP 00000000777d0380
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                 000000007766ebd0 5 bytes JMP 00000000777d0340
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                          000000007766eec0 5 bytes JMP 00000000777d0440
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                         000000007766f0c0 5 bytes JMP 00000000777d0260
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                            000000007766f0d0 5 bytes JMP 00000000777d0270
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                          000000007766f0e0 5 bytes JMP 00000000777d0400
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                      000000007766f2a0 5 bytes JMP 00000000777d01f0
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                       000000007766f2b0 5 bytes JMP 00000000777d0210
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                            000000007766f320 5 bytes JMP 00000000777d0200
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                            000000007766f380 5 bytes JMP 00000000777d0420
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                             000000007766f390 5 bytes JMP 00000000777d0430
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                        000000007766f3a0 5 bytes JMP 00000000777d0220
.text  C:\Windows\system32\lsass.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                000000007766f480 5 bytes JMP 00000000777d0280
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                    000000007766dc60 5 bytes JMP 00000000777d0460
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                             000000007766dcb0 5 bytes JMP 00000000777d0450
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                             000000007766de10 5 bytes JMP 00000000777d0370
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                  000000007766de60 5 bytes JMP 00000000777d0470
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                        000000007766de70 5 bytes JMP 00000000777d03e0
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                             000000007766df20 5 bytes JMP 00000000777d0320
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                      000000007766df50 5 bytes JMP 00000000777d03b0
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                         000000007766df70 5 bytes JMP 00000000777d0390
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                               000000007766dfb0 5 bytes JMP 00000000777d02e0
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                             000000007766e030 5 bytes JMP 00000000777d02d0
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                           000000007766e050 5 bytes JMP 00000000777d0310
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                            000000007766e090 5 bytes JMP 00000000777d03c0
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                         000000007766e0e0 5 bytes JMP 00000000777d03f0
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                            000000007766e240 5 bytes JMP 00000000777d0230
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                 000000007766e400 5 bytes JMP 00000000777d0480
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                000000007766e430 5 bytes JMP 00000000777d03a0
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                         000000007766e510 5 bytes JMP 00000000777d02f0
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                      000000007766e520 5 bytes JMP 00000000777d0350
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                            000000007766e580 5 bytes JMP 00000000777d0290
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                         000000007766e610 5 bytes JMP 00000000777d02b0
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                          000000007766e630 5 bytes JMP 00000000777d03d0
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                             000000007766e640 5 bytes JMP 00000000777d0330
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                      000000007766e6b0 5 bytes JMP 00000000777d0410
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                         000000007766e6e0 5 bytes JMP 00000000777d0240
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                              000000007766e9a0 5 bytes JMP 00000000777d01e0
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                         000000007766ea60 5 bytes JMP 00000000777d0250
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                         000000007766ea90 5 bytes JMP 00000000777d0490
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                000000007766eaa0 5 bytes JMP 00000000777d04a0
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                           000000007766ead0 5 bytes JMP 00000000777d0300
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                        000000007766eae0 5 bytes JMP 00000000777d0360
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                              000000007766eb40 5 bytes JMP 00000000777d02a0
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                           000000007766eb90 5 bytes JMP 00000000777d02c0
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                              000000007766ebc0 5 bytes JMP 00000000777d0380
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                               000000007766ebd0 5 bytes JMP 00000000777d0340
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                        000000007766eec0 5 bytes JMP 00000000777d0440
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                       000000007766f0c0 5 bytes JMP 00000000777d0260
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                          000000007766f0d0 5 bytes JMP 00000000777d0270
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                        000000007766f0e0 5 bytes JMP 00000000777d0400
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                    000000007766f2a0 5 bytes JMP 00000000777d01f0
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                     000000007766f2b0 5 bytes JMP 00000000777d0210
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                          000000007766f320 5 bytes JMP 00000000777d0200
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                          000000007766f380 5 bytes JMP 00000000777d0420
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                           000000007766f390 5 bytes JMP 00000000777d0430
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                      000000007766f3a0 5 bytes JMP 00000000777d0220
.text  C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                              000000007766f480 5 bytes JMP 00000000777d0280
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                    000000007766dc60 5 bytes JMP 00000000777d0460
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                             000000007766dcb0 5 bytes JMP 00000000777d0450
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                             000000007766de10 5 bytes JMP 00000000777d0370
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                  000000007766de60 5 bytes JMP 00000000777d0470
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                        000000007766de70 5 bytes JMP 00000000777d03e0
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                             000000007766df20 5 bytes JMP 00000000777d0320
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                      000000007766df50 5 bytes JMP 00000000777d03b0
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                         000000007766df70 5 bytes JMP 00000000777d0390
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                               000000007766dfb0 5 bytes JMP 00000000777d02e0
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                             000000007766e030 5 bytes JMP 00000000777d02d0
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                           000000007766e050 5 bytes JMP 00000000777d0310
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                            000000007766e090 5 bytes JMP 00000000777d03c0
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                         000000007766e0e0 5 bytes JMP 00000000777d03f0
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                            000000007766e240 5 bytes JMP 00000000777d0230
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                 000000007766e400 5 bytes JMP 00000000777d0480
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                000000007766e430 5 bytes JMP 00000000777d03a0
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                         000000007766e510 5 bytes JMP 00000000777d02f0
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                      000000007766e520 5 bytes JMP 00000000777d0350
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                            000000007766e580 5 bytes JMP 00000000777d0290
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                         000000007766e610 5 bytes JMP 00000000777d02b0
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                          000000007766e630 5 bytes JMP 00000000777d03d0
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                             000000007766e640 5 bytes JMP 00000000777d0330
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                      000000007766e6b0 5 bytes JMP 00000000777d0410
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                         000000007766e6e0 5 bytes JMP 00000000777d0240
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                              000000007766e9a0 5 bytes JMP 00000000777d01e0
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                         000000007766ea60 5 bytes JMP 00000000777d0250
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                         000000007766ea90 5 bytes JMP 00000000777d0490
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                000000007766eaa0 5 bytes JMP 00000000777d04a0
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                           000000007766ead0 5 bytes JMP 00000000777d0300
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                        000000007766eae0 5 bytes JMP 00000000777d0360
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                              000000007766eb40 5 bytes JMP 00000000777d02a0
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                           000000007766eb90 5 bytes JMP 00000000777d02c0
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                              000000007766ebc0 5 bytes JMP 00000000777d0380
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                               000000007766ebd0 5 bytes JMP 00000000777d0340
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                        000000007766eec0 5 bytes JMP 00000000777d0440
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                       000000007766f0c0 5 bytes JMP 00000000777d0260
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                          000000007766f0d0 5 bytes JMP 00000000777d0270
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                        000000007766f0e0 5 bytes JMP 00000000777d0400
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                    000000007766f2a0 5 bytes JMP 00000000777d01f0
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                     000000007766f2b0 5 bytes JMP 00000000777d0210
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                          000000007766f320 5 bytes JMP 00000000777d0200
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                          000000007766f380 5 bytes JMP 00000000777d0420
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                           000000007766f390 5 bytes JMP 00000000777d0430
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                      000000007766f3a0 5 bytes JMP 00000000777d0220
.text  C:\Windows\system32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                              000000007766f480 5 bytes JMP 00000000777d0280
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                    000000007766dc60 5 bytes JMP 0000000100070460
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                             000000007766dcb0 5 bytes JMP 0000000100070450
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                             000000007766de10 5 bytes JMP 0000000100070370
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                  000000007766de60 5 bytes JMP 0000000100070470
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                        000000007766de70 5 bytes JMP 00000001000703e0
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                             000000007766df20 5 bytes JMP 0000000100070320
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                      000000007766df50 5 bytes JMP 00000001000703b0
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                         000000007766df70 5 bytes JMP 0000000100070390
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                               000000007766dfb0 5 bytes JMP 00000001000702e0
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                             000000007766e030 5 bytes JMP 00000001000702d0
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                           000000007766e050 5 bytes JMP 0000000100070310
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                            000000007766e090 5 bytes JMP 00000001000703c0
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                         000000007766e0e0 5 bytes JMP 00000001000703f0
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                            000000007766e240 5 bytes JMP 0000000100070230
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                 000000007766e400 5 bytes JMP 0000000100070480
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                000000007766e430 5 bytes JMP 00000001000703a0
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                         000000007766e510 5 bytes JMP 00000001000702f0
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                      000000007766e520 5 bytes JMP 0000000100070350
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                            000000007766e580 5 bytes JMP 0000000100070290
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                         000000007766e610 5 bytes JMP 00000001000702b0
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                          000000007766e630 5 bytes JMP 00000001000703d0
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                             000000007766e640 5 bytes JMP 0000000100070330
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                      000000007766e6b0 5 bytes JMP 0000000100070410
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                         000000007766e6e0 5 bytes JMP 0000000100070240
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                              000000007766e9a0 5 bytes JMP 00000001000701e0
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                         000000007766ea60 5 bytes JMP 0000000100070250
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                         000000007766ea90 5 bytes JMP 0000000100070490
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                000000007766eaa0 5 bytes JMP 00000001000704a0
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                           000000007766ead0 5 bytes JMP 0000000100070300
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                        000000007766eae0 5 bytes JMP 0000000100070360
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                              000000007766eb40 5 bytes JMP 00000001000702a0
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                           000000007766eb90 5 bytes JMP 00000001000702c0
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                              000000007766ebc0 5 bytes JMP 0000000100070380
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                               000000007766ebd0 5 bytes JMP 0000000100070340
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                        000000007766eec0 5 bytes JMP 0000000100070440
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                       000000007766f0c0 5 bytes JMP 0000000100070260
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                          000000007766f0d0 5 bytes JMP 0000000100070270
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                        000000007766f0e0 5 bytes JMP 0000000100070400
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                    000000007766f2a0 5 bytes JMP 00000001000701f0
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                     000000007766f2b0 5 bytes JMP 0000000100070210
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                          000000007766f320 5 bytes JMP 0000000100070200
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                          000000007766f380 5 bytes JMP 0000000100070420
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                           000000007766f390 5 bytes JMP 0000000100070430
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                      000000007766f3a0 5 bytes JMP 0000000100070220
.text  C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                              000000007766f480 5 bytes JMP 0000000100070280
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                    000000007766dc60 5 bytes JMP 0000000100070460
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                             000000007766dcb0 5 bytes JMP 0000000100070450
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                             000000007766de10 5 bytes JMP 0000000100070370
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                  000000007766de60 5 bytes JMP 0000000100070470
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                        000000007766de70 5 bytes JMP 00000001000703e0
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                             000000007766df20 5 bytes JMP 0000000100070320
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                      000000007766df50 5 bytes JMP 00000001000703b0
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                         000000007766df70 5 bytes JMP 0000000100070390
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                               000000007766dfb0 5 bytes JMP 00000001000702e0
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                             000000007766e030 5 bytes JMP 00000001000702d0
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                           000000007766e050 5 bytes JMP 0000000100070310
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                            000000007766e090 5 bytes JMP 00000001000703c0
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                         000000007766e0e0 5 bytes JMP 00000001000703f0
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                            000000007766e240 5 bytes JMP 0000000100070230
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                 000000007766e400 5 bytes JMP 0000000100070480
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                000000007766e430 5 bytes JMP 00000001000703a0
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                         000000007766e510 5 bytes JMP 00000001000702f0
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                      000000007766e520 5 bytes JMP 0000000100070350
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                            000000007766e580 5 bytes JMP 0000000100070290
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                         000000007766e610 5 bytes JMP 00000001000702b0
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                          000000007766e630 5 bytes JMP 00000001000703d0
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                             000000007766e640 5 bytes JMP 0000000100070330
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                      000000007766e6b0 5 bytes JMP 0000000100070410
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                         000000007766e6e0 5 bytes JMP 0000000100070240
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                              000000007766e9a0 5 bytes JMP 00000001000701e0
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                         000000007766ea60 5 bytes JMP 0000000100070250
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                         000000007766ea90 5 bytes JMP 0000000100070490
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                000000007766eaa0 5 bytes JMP 00000001000704a0
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                           000000007766ead0 5 bytes JMP 0000000100070300
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                        000000007766eae0 5 bytes JMP 0000000100070360
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                              000000007766eb40 5 bytes JMP 00000001000702a0
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                           000000007766eb90 5 bytes JMP 00000001000702c0
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                              000000007766ebc0 5 bytes JMP 0000000100070380
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                               000000007766ebd0 5 bytes JMP 0000000100070340
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                        000000007766eec0 5 bytes JMP 0000000100070440
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                       000000007766f0c0 5 bytes JMP 0000000100070260
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                          000000007766f0d0 5 bytes JMP 0000000100070270
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                        000000007766f0e0 5 bytes JMP 0000000100070400
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                    000000007766f2a0 5 bytes JMP 00000001000701f0
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                     000000007766f2b0 5 bytes JMP 0000000100070210
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                          000000007766f320 5 bytes JMP 0000000100070200
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                          000000007766f380 5 bytes JMP 0000000100070420
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                           000000007766f390 5 bytes JMP 0000000100070430
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                      000000007766f3a0 5 bytes JMP 0000000100070220
.text  C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                              000000007766f480 5 bytes JMP 0000000100070280
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                   000000007766dc60 5 bytes JMP 00000000777d0460
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                            000000007766dcb0 5 bytes JMP 00000000777d0450
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                            000000007766de10 5 bytes JMP 00000000777d0370
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                 000000007766de60 5 bytes JMP 00000000777d0470
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                       000000007766de70 5 bytes JMP 00000000777d03e0
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                            000000007766df20 5 bytes JMP 00000000777d0320
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                     000000007766df50 5 bytes JMP 00000000777d03b0
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                        000000007766df70 5 bytes JMP 00000000777d0390
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                              000000007766dfb0 5 bytes JMP 00000000777d02e0
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                            000000007766e030 5 bytes JMP 00000000777d02d0
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                          000000007766e050 5 bytes JMP 00000000777d0310
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                           000000007766e090 5 bytes JMP 00000000777d03c0
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                        000000007766e0e0 5 bytes JMP 00000000777d03f0
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                           000000007766e240 5 bytes JMP 00000000777d0230
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                000000007766e400 5 bytes JMP 00000000777d0480
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                               000000007766e430 5 bytes JMP 00000000777d03a0
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                        000000007766e510 5 bytes JMP 00000000777d02f0
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                     000000007766e520 5 bytes JMP 00000000777d0350
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                           000000007766e580 5 bytes JMP 00000000777d0290
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                        000000007766e610 5 bytes JMP 00000000777d02b0
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                         000000007766e630 5 bytes JMP 00000000777d03d0
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                            000000007766e640 5 bytes JMP 00000000777d0330
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                     000000007766e6b0 5 bytes JMP 00000000777d0410
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                        000000007766e6e0 5 bytes JMP 00000000777d0240
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                             000000007766e9a0 5 bytes JMP 00000000777d01e0
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                        000000007766ea60 5 bytes JMP 00000000777d0250
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                        000000007766ea90 5 bytes JMP 00000000777d0490
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                               000000007766eaa0 5 bytes JMP 00000000777d04a0
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                          000000007766ead0 5 bytes JMP 00000000777d0300
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                       000000007766eae0 5 bytes JMP 00000000777d0360
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                             000000007766eb40 5 bytes JMP 00000000777d02a0
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                          000000007766eb90 5 bytes JMP 00000000777d02c0
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                             000000007766ebc0 5 bytes JMP 00000000777d0380
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                              000000007766ebd0 5 bytes JMP 00000000777d0340
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                       000000007766eec0 5 bytes JMP 00000000777d0440
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                      000000007766f0c0 5 bytes JMP 00000000777d0260
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                         000000007766f0d0 5 bytes JMP 00000000777d0270
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                       000000007766f0e0 5 bytes JMP 00000000777d0400
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                   000000007766f2a0 5 bytes JMP 00000000777d01f0
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                    000000007766f2b0 5 bytes JMP 00000000777d0210
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                         000000007766f320 5 bytes JMP 00000000777d0200
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                         000000007766f380 5 bytes JMP 00000000777d0420
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                          000000007766f390 5 bytes JMP 00000000777d0430
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                     000000007766f3a0 5 bytes JMP 00000000777d0220
.text  C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                             000000007766f480 5 bytes JMP 00000000777d0280
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                    000000007766dc60 5 bytes JMP 00000000777d0460
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                             000000007766dcb0 5 bytes JMP 00000000777d0450
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                             000000007766de10 5 bytes JMP 00000000777d0370
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                  000000007766de60 5 bytes JMP 00000000777d0470
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                        000000007766de70 5 bytes JMP 00000000777d03e0
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                             000000007766df20 5 bytes JMP 00000000777d0320
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                      000000007766df50 5 bytes JMP 00000000777d03b0
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                         000000007766df70 5 bytes JMP 00000000777d0390
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                               000000007766dfb0 5 bytes JMP 00000000777d02e0
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                             000000007766e030 5 bytes JMP 00000000777d02d0
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                           000000007766e050 5 bytes JMP 00000000777d0310
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                            000000007766e090 5 bytes JMP 00000000777d03c0
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                         000000007766e0e0 5 bytes JMP 00000000777d03f0
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                            000000007766e240 5 bytes JMP 00000000777d0230
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                 000000007766e400 5 bytes JMP 00000000777d0480
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                000000007766e430 5 bytes JMP 00000000777d03a0
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                         000000007766e510 5 bytes JMP 00000000777d02f0
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                      000000007766e520 5 bytes JMP 00000000777d0350
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                            000000007766e580 5 bytes JMP 00000000777d0290
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                         000000007766e610 5 bytes JMP 00000000777d02b0
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                          000000007766e630 5 bytes JMP 00000000777d03d0
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                             000000007766e640 5 bytes JMP 00000000777d0330
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                      000000007766e6b0 5 bytes JMP 00000000777d0410
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                         000000007766e6e0 5 bytes JMP 00000000777d0240
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                              000000007766e9a0 5 bytes JMP 00000000777d01e0
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                         000000007766ea60 5 bytes JMP 00000000777d0250
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                         000000007766ea90 5 bytes JMP 00000000777d0490
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                000000007766eaa0 5 bytes JMP 00000000777d04a0
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                           000000007766ead0 5 bytes JMP 00000000777d0300
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                        000000007766eae0 5 bytes JMP 00000000777d0360
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                              000000007766eb40 5 bytes JMP 00000000777d02a0
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                           000000007766eb90 5 bytes JMP 00000000777d02c0
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                              000000007766ebc0 5 bytes JMP 00000000777d0380
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                               000000007766ebd0 5 bytes JMP 00000000777d0340
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                        000000007766eec0 5 bytes JMP 00000000777d0440
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                       000000007766f0c0 5 bytes JMP 00000000777d0260
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                          000000007766f0d0 5 bytes JMP 00000000777d0270
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                        000000007766f0e0 5 bytes JMP 00000000777d0400
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                    000000007766f2a0 5 bytes JMP 00000000777d01f0
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                     000000007766f2b0 5 bytes JMP 00000000777d0210
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                          000000007766f320 5 bytes JMP 00000000777d0200
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                          000000007766f380 5 bytes JMP 00000000777d0420
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                           000000007766f390 5 bytes JMP 00000000777d0430
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                      000000007766f3a0 5 bytes JMP 00000000777d0220
.text  C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                              000000007766f480 5 bytes JMP 00000000777d0280
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                   000000007766dc60 5 bytes JMP 0000000100070460
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                            000000007766dcb0 5 bytes JMP 0000000100070450
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                            000000007766de10 5 bytes JMP 0000000100070370
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                 000000007766de60 5 bytes JMP 0000000100070470
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                       000000007766de70 5 bytes JMP 00000001000703e0
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                            000000007766df20 5 bytes JMP 0000000100070320
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                     000000007766df50 5 bytes JMP 00000001000703b0
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                        000000007766df70 5 bytes JMP 0000000100070390
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                              000000007766dfb0 5 bytes JMP 00000001000702e0
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                            000000007766e030 5 bytes JMP 00000001000702d0
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                          000000007766e050 5 bytes JMP 0000000100070310
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                           000000007766e090 5 bytes JMP 00000001000703c0
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                        000000007766e0e0 5 bytes JMP 00000001000703f0
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                           000000007766e240 5 bytes JMP 0000000100070230
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                000000007766e400 5 bytes JMP 0000000100070480
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                               000000007766e430 5 bytes JMP 00000001000703a0
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                        000000007766e510 5 bytes JMP 00000001000702f0
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                     000000007766e520 5 bytes JMP 0000000100070350
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                           000000007766e580 5 bytes JMP 0000000100070290
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                        000000007766e610 5 bytes JMP 00000001000702b0
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                         000000007766e630 5 bytes JMP 00000001000703d0
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                            000000007766e640 5 bytes JMP 0000000100070330
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                     000000007766e6b0 5 bytes JMP 0000000100070410
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                        000000007766e6e0 5 bytes JMP 0000000100070240
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                             000000007766e9a0 5 bytes JMP 00000001000701e0
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                        000000007766ea60 5 bytes JMP 0000000100070250
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                        000000007766ea90 5 bytes JMP 0000000100070490
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                               000000007766eaa0 5 bytes JMP 00000001000704a0
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                          000000007766ead0 5 bytes JMP 0000000100070300
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                       000000007766eae0 5 bytes JMP 0000000100070360
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                             000000007766eb40 5 bytes JMP 00000001000702a0
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                          000000007766eb90 5 bytes JMP 00000001000702c0
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                             000000007766ebc0 5 bytes JMP 0000000100070380
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                              000000007766ebd0 5 bytes JMP 0000000100070340
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                       000000007766eec0 5 bytes JMP 0000000100070440
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                      000000007766f0c0 5 bytes JMP 0000000100070260
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                         000000007766f0d0 5 bytes JMP 0000000100070270
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                       000000007766f0e0 5 bytes JMP 0000000100070400
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                   000000007766f2a0 5 bytes JMP 00000001000701f0
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                    000000007766f2b0 5 bytes JMP 0000000100070210
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                         000000007766f320 5 bytes JMP 0000000100070200
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                         000000007766f380 5 bytes JMP 0000000100070420
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                          000000007766f390 5 bytes JMP 0000000100070430
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                     000000007766f3a0 5 bytes JMP 0000000100070220
.text  C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                             000000007766f480 5 bytes JMP 0000000100070280
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                   000000007766dc60 5 bytes JMP 00000000777d0460
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                            000000007766dcb0 5 bytes JMP 00000000777d0450
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                            000000007766de10 5 bytes JMP 00000000777d0370
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                 000000007766de60 5 bytes JMP 00000000777d0470
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                       000000007766de70 5 bytes JMP 00000000777d03e0
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                            000000007766df20 5 bytes JMP 00000000777d0320
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                     000000007766df50 5 bytes JMP 00000000777d03b0
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                        000000007766df70 5 bytes JMP 00000000777d0390
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                              000000007766dfb0 5 bytes JMP 00000000777d02e0
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                            000000007766e030 5 bytes JMP 00000000777d02d0
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                          000000007766e050 5 bytes JMP 00000000777d0310
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                           000000007766e090 5 bytes JMP 00000000777d03c0
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                        000000007766e0e0 5 bytes JMP 00000000777d03f0
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                           000000007766e240 5 bytes JMP 00000000777d0230
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                000000007766e400 5 bytes JMP 00000000777d0480
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                               000000007766e430 5 bytes JMP 00000000777d03a0
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                        000000007766e510 5 bytes JMP 00000000777d02f0
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                     000000007766e520 5 bytes JMP 00000000777d0350
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                           000000007766e580 5 bytes JMP 00000000777d0290
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                        000000007766e610 5 bytes JMP 00000000777d02b0
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                         000000007766e630 5 bytes JMP 00000000777d03d0
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                            000000007766e640 5 bytes JMP 00000000777d0330
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                     000000007766e6b0 5 bytes JMP 00000000777d0410
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                        000000007766e6e0 5 bytes JMP 00000000777d0240
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                             000000007766e9a0 5 bytes JMP 00000000777d01e0
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                        000000007766ea60 5 bytes JMP 00000000777d0250
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                        000000007766ea90 5 bytes JMP 00000000777d0490
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                               000000007766eaa0 5 bytes JMP 00000000777d04a0
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                          000000007766ead0 5 bytes JMP 00000000777d0300
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                       000000007766eae0 5 bytes JMP 00000000777d0360
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                             000000007766eb40 5 bytes JMP 00000000777d02a0
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                          000000007766eb90 5 bytes JMP 00000000777d02c0
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                             000000007766ebc0 5 bytes JMP 00000000777d0380
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                              000000007766ebd0 5 bytes JMP 00000000777d0340
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                       000000007766eec0 5 bytes JMP 00000000777d0440
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                      000000007766f0c0 5 bytes JMP 00000000777d0260
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                         000000007766f0d0 5 bytes JMP 00000000777d0270
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                       000000007766f0e0 5 bytes JMP 00000000777d0400
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                   000000007766f2a0 5 bytes JMP 00000000777d01f0
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                    000000007766f2b0 5 bytes JMP 00000000777d0210
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                         000000007766f320 5 bytes JMP 00000000777d0200
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                         000000007766f380 5 bytes JMP 00000000777d0420
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                          000000007766f390 5 bytes JMP 00000000777d0430
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                     000000007766f3a0 5 bytes JMP 00000000777d0220
.text  C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                             000000007766f480 5 bytes JMP 00000000777d0280

janzek · 06.06.2015, 16:05

Teil 2 gmer

Code:

ATTFilter

erv.exe[1576] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter         00000000753a8781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text  C:\Program Files\AVAST Software\Avast\afwServ.exe[1576] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17              0000000077041401 2 bytes JMP 753cb21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\AVAST Software\Avast\afwServ.exe[1576] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                0000000077041419 2 bytes JMP 753cb346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\AVAST Software\Avast\afwServ.exe[1576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17              0000000077041431 2 bytes JMP 75448f29 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\AVAST Software\Avast\afwServ.exe[1576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42              000000007704144a 2 bytes CALL 753a489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                          * 9
.text  C:\Program Files\AVAST Software\Avast\afwServ.exe[1576] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                 00000000770414dd 2 bytes JMP 75448822 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\AVAST Software\Avast\afwServ.exe[1576] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17          00000000770414f5 2 bytes JMP 754489f8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\AVAST Software\Avast\afwServ.exe[1576] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                 000000007704150d 2 bytes JMP 75448718 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\AVAST Software\Avast\afwServ.exe[1576] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17          0000000077041525 2 bytes JMP 75448ae2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\AVAST Software\Avast\afwServ.exe[1576] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                000000007704153d 2 bytes JMP 753bfca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\AVAST Software\Avast\afwServ.exe[1576] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                     0000000077041555 2 bytes JMP 753c68ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\AVAST Software\Avast\afwServ.exe[1576] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17              000000007704156d 2 bytes JMP 75448fe3 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\AVAST Software\Avast\afwServ.exe[1576] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                0000000077041585 2 bytes JMP 75448b42 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\AVAST Software\Avast\afwServ.exe[1576] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                   000000007704159d 2 bytes JMP 754486dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\AVAST Software\Avast\afwServ.exe[1576] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                00000000770415b5 2 bytes JMP 753bfd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\AVAST Software\Avast\afwServ.exe[1576] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17              00000000770415cd 2 bytes JMP 753cb2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\AVAST Software\Avast\afwServ.exe[1576] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20          00000000770416b2 2 bytes JMP 75448ea4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\AVAST Software\Avast\afwServ.exe[1576] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31          00000000770416bd 2 bytes JMP 75448671 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                   000000007766dc60 5 bytes JMP 00000000777d0460
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                            000000007766dcb0 5 bytes JMP 00000000777d0450
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                            000000007766de10 5 bytes JMP 00000000777d0370
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                 000000007766de60 5 bytes JMP 00000000777d0470
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                       000000007766de70 5 bytes JMP 00000000777d03e0
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                            000000007766df20 5 bytes JMP 00000000777d0320
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                     000000007766df50 5 bytes JMP 00000000777d03b0
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                        000000007766df70 5 bytes JMP 00000000777d0390
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                              000000007766dfb0 5 bytes JMP 00000000777d02e0
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                            000000007766e030 5 bytes JMP 00000000777d02d0
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                          000000007766e050 5 bytes JMP 00000000777d0310
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                           000000007766e090 5 bytes JMP 00000000777d03c0
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                        000000007766e0e0 5 bytes JMP 00000000777d03f0
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                           000000007766e240 5 bytes JMP 00000000777d0230
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                000000007766e400 5 bytes JMP 00000000777d0480
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                               000000007766e430 5 bytes JMP 00000000777d03a0
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                        000000007766e510 5 bytes JMP 00000000777d02f0
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                     000000007766e520 5 bytes JMP 00000000777d0350
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                           000000007766e580 5 bytes JMP 00000000777d0290
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                        000000007766e610 5 bytes JMP 00000000777d02b0
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                         000000007766e630 5 bytes JMP 00000000777d03d0
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                            000000007766e640 5 bytes JMP 00000000777d0330
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                     000000007766e6b0 5 bytes JMP 00000000777d0410
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                        000000007766e6e0 5 bytes JMP 00000000777d0240
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                             000000007766e9a0 5 bytes JMP 00000000777d01e0
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                        000000007766ea60 5 bytes JMP 00000000777d0250
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                        000000007766ea90 5 bytes JMP 00000000777d0490
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                               000000007766eaa0 5 bytes JMP 00000000777d04a0
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                          000000007766ead0 5 bytes JMP 00000000777d0300
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                       000000007766eae0 5 bytes JMP 00000000777d0360
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                             000000007766eb40 5 bytes JMP 00000000777d02a0
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                          000000007766eb90 5 bytes JMP 00000000777d02c0
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                             000000007766ebc0 5 bytes JMP 00000000777d0380
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                              000000007766ebd0 5 bytes JMP 00000000777d0340
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                       000000007766eec0 5 bytes JMP 00000000777d0440
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                      000000007766f0c0 5 bytes JMP 00000000777d0260
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                         000000007766f0d0 5 bytes JMP 00000000777d0270
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                       000000007766f0e0 5 bytes JMP 00000000777d0400
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                   000000007766f2a0 5 bytes JMP 00000000777d01f0
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                    000000007766f2b0 5 bytes JMP 00000000777d0210
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                         000000007766f320 5 bytes JMP 00000000777d0200
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                         000000007766f380 5 bytes JMP 00000000777d0420
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                          000000007766f390 5 bytes JMP 00000000777d0430
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                     000000007766f3a0 5 bytes JMP 00000000777d0220
.text  C:\Windows\System32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                             000000007766f480 5 bytes JMP 00000000777d0280
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                           000000007766dc60 5 bytes JMP 00000000777d0460
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                    000000007766dcb0 5 bytes JMP 00000000777d0450
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                    000000007766de10 5 bytes JMP 00000000777d0370
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                         000000007766de60 5 bytes JMP 00000000777d0470
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                               000000007766de70 5 bytes JMP 00000000777d03e0
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                    000000007766df20 5 bytes JMP 00000000777d0320
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                             000000007766df50 5 bytes JMP 00000000777d03b0
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                000000007766df70 5 bytes JMP 00000000777d0390
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                      000000007766dfb0 5 bytes JMP 00000000777d02e0
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                    000000007766e030 5 bytes JMP 00000000777d02d0
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                  000000007766e050 5 bytes JMP 00000000777d0310
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                   000000007766e090 5 bytes JMP 00000000777d03c0
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                000000007766e0e0 5 bytes JMP 00000000777d03f0
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                   000000007766e240 5 bytes JMP 00000000777d0230
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                        000000007766e400 5 bytes JMP 00000000777d0480
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                       000000007766e430 5 bytes JMP 00000000777d03a0
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                000000007766e510 5 bytes JMP 00000000777d02f0
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                             000000007766e520 5 bytes JMP 00000000777d0350
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                   000000007766e580 5 bytes JMP 00000000777d0290
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                000000007766e610 5 bytes JMP 00000000777d02b0
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                 000000007766e630 5 bytes JMP 00000000777d03d0
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                    000000007766e640 5 bytes JMP 00000000777d0330
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                             000000007766e6b0 5 bytes JMP 00000000777d0410
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                000000007766e6e0 5 bytes JMP 00000000777d0240
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                     000000007766e9a0 5 bytes JMP 00000000777d01e0
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                000000007766ea60 5 bytes JMP 00000000777d0250
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                000000007766ea90 5 bytes JMP 00000000777d0490
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                       000000007766eaa0 5 bytes JMP 00000000777d04a0
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                  000000007766ead0 5 bytes JMP 00000000777d0300
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                               000000007766eae0 5 bytes JMP 00000000777d0360
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                     000000007766eb40 5 bytes JMP 00000000777d02a0
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                  000000007766eb90 5 bytes JMP 00000000777d02c0
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                     000000007766ebc0 5 bytes JMP 00000000777d0380
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                      000000007766ebd0 5 bytes JMP 00000000777d0340
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                               000000007766eec0 5 bytes JMP 00000000777d0440
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                              000000007766f0c0 5 bytes JMP 00000000777d0260
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                 000000007766f0d0 5 bytes JMP 00000000777d0270
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                               000000007766f0e0 5 bytes JMP 00000000777d0400
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                           000000007766f2a0 5 bytes JMP 00000000777d01f0
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                            000000007766f2b0 5 bytes JMP 00000000777d0210
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                 000000007766f320 5 bytes JMP 00000000777d0200
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                 000000007766f380 5 bytes JMP 00000000777d0420
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                  000000007766f390 5 bytes JMP 00000000777d0430
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                             000000007766f3a0 5 bytes JMP 00000000777d0220
.text  C:\Windows\Explorer.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                     000000007766f480 5 bytes JMP 00000000777d0280
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                   000000007766dc60 5 bytes JMP 00000000777d0460
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                            000000007766dcb0 5 bytes JMP 00000000777d0450
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                            000000007766de10 5 bytes JMP 00000000777d0370
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                 000000007766de60 5 bytes JMP 00000000777d0470
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                       000000007766de70 5 bytes JMP 00000000777d03e0
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                            000000007766df20 5 bytes JMP 00000000777d0320
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                     000000007766df50 5 bytes JMP 00000000777d03b0
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                        000000007766df70 5 bytes JMP 00000000777d0390
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                              000000007766dfb0 5 bytes JMP 00000000777d02e0
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                            000000007766e030 5 bytes JMP 00000000777d02d0
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                          000000007766e050 5 bytes JMP 00000000777d0310
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                           000000007766e090 5 bytes JMP 00000000777d03c0
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                        000000007766e0e0 5 bytes JMP 00000000777d03f0
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                           000000007766e240 5 bytes JMP 00000000777d0230
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                000000007766e400 5 bytes JMP 00000000777d0480
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                               000000007766e430 5 bytes JMP 00000000777d03a0
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                        000000007766e510 5 bytes JMP 00000000777d02f0
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                     000000007766e520 5 bytes JMP 00000000777d0350
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                           000000007766e580 5 bytes JMP 00000000777d0290
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                        000000007766e610 5 bytes JMP 00000000777d02b0
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                         000000007766e630 5 bytes JMP 00000000777d03d0
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                            000000007766e640 5 bytes JMP 00000000777d0330
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                     000000007766e6b0 5 bytes JMP 00000000777d0410
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                        000000007766e6e0 5 bytes JMP 00000000777d0240
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                             000000007766e9a0 5 bytes JMP 00000000777d01e0
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                        000000007766ea60 5 bytes JMP 00000000777d0250
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                        000000007766ea90 5 bytes JMP 00000000777d0490
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                               000000007766eaa0 5 bytes JMP 00000000777d04a0
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                          000000007766ead0 5 bytes JMP 00000000777d0300
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                       000000007766eae0 5 bytes JMP 00000000777d0360
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                             000000007766eb40 5 bytes JMP 00000000777d02a0
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                          000000007766eb90 5 bytes JMP 00000000777d02c0
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                             000000007766ebc0 5 bytes JMP 00000000777d0380
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                              000000007766ebd0 5 bytes JMP 00000000777d0340
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                       000000007766eec0 5 bytes JMP 00000000777d0440
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                      000000007766f0c0 5 bytes JMP 00000000777d0260
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                         000000007766f0d0 5 bytes JMP 00000000777d0270
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                       000000007766f0e0 5 bytes JMP 00000000777d0400
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                   000000007766f2a0 5 bytes JMP 00000000777d01f0
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                    000000007766f2b0 5 bytes JMP 00000000777d0210
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                         000000007766f320 5 bytes JMP 00000000777d0200
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                         000000007766f380 5 bytes JMP 00000000777d0420
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                          000000007766f390 5 bytes JMP 00000000777d0430
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                     000000007766f3a0 5 bytes JMP 00000000777d0220
.text  C:\Windows\system32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                             000000007766f480 5 bytes JMP 00000000777d0280
.text  C:\Program Files\AVAST Software\Avast\avastui.exe[3188] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter         00000000753a8781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text  C:\Program Files (x86)\System Explorer\SystemExplorer.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000077041401 2 bytes JMP 753cb21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\System Explorer\SystemExplorer.exe[2776] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000077041419 2 bytes JMP 753cb346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\System Explorer\SystemExplorer.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000077041431 2 bytes JMP 75448f29 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\System Explorer\SystemExplorer.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      000000007704144a 2 bytes CALL 753a489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                          * 9
.text  C:\Program Files (x86)\System Explorer\SystemExplorer.exe[2776] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         00000000770414dd 2 bytes JMP 75448822 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\System Explorer\SystemExplorer.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  00000000770414f5 2 bytes JMP 754489f8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\System Explorer\SystemExplorer.exe[2776] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         000000007704150d 2 bytes JMP 75448718 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\System Explorer\SystemExplorer.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000077041525 2 bytes JMP 75448ae2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\System Explorer\SystemExplorer.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        000000007704153d 2 bytes JMP 753bfca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\System Explorer\SystemExplorer.exe[2776] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17             0000000077041555 2 bytes JMP 753c68ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\System Explorer\SystemExplorer.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      000000007704156d 2 bytes JMP 75448fe3 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\System Explorer\SystemExplorer.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000077041585 2 bytes JMP 75448b42 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\System Explorer\SystemExplorer.exe[2776] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           000000007704159d 2 bytes JMP 754486dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\System Explorer\SystemExplorer.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        00000000770415b5 2 bytes JMP 753bfd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\System Explorer\SystemExplorer.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      00000000770415cd 2 bytes JMP 753cb2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\System Explorer\SystemExplorer.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  00000000770416b2 2 bytes JMP 75448ea4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\System Explorer\SystemExplorer.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  00000000770416bd 2 bytes JMP 75448671 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                             000000007766dc60 5 bytes JMP 00000000777d0460
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                      000000007766dcb0 5 bytes JMP 00000000777d0450
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                      000000007766de10 5 bytes JMP 00000000777d0370
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                           000000007766de60 5 bytes JMP 00000000777d0470
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                 000000007766de70 5 bytes JMP 00000000777d03e0
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                      000000007766df20 5 bytes JMP 00000000777d0320
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                               000000007766df50 5 bytes JMP 00000000777d03b0
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                  000000007766df70 5 bytes JMP 00000000777d0390
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                        000000007766dfb0 5 bytes JMP 00000000777d02e0
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                      000000007766e030 5 bytes JMP 00000000777d02d0
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                    000000007766e050 5 bytes JMP 00000000777d0310
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                     000000007766e090 5 bytes JMP 00000000777d03c0
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                  000000007766e0e0 5 bytes JMP 00000000777d03f0
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                     000000007766e240 5 bytes JMP 00000000777d0230
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                          000000007766e400 5 bytes JMP 00000000777d0480
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                         000000007766e430 5 bytes JMP 00000000777d03a0
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                  000000007766e510 5 bytes JMP 00000000777d02f0
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                               000000007766e520 5 bytes JMP 00000000777d0350
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                     000000007766e580 5 bytes JMP 00000000777d0290
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                  000000007766e610 5 bytes JMP 00000000777d02b0
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                   000000007766e630 5 bytes JMP 00000000777d03d0
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                      000000007766e640 5 bytes JMP 00000000777d0330
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                               000000007766e6b0 5 bytes JMP 00000000777d0410
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                  000000007766e6e0 5 bytes JMP 00000000777d0240
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                       000000007766e9a0 5 bytes JMP 00000000777d01e0
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                  000000007766ea60 5 bytes JMP 00000000777d0250
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                  000000007766ea90 5 bytes JMP 00000000777d0490
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                         000000007766eaa0 5 bytes JMP 00000000777d04a0
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                    000000007766ead0 5 bytes JMP 00000000777d0300
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                 000000007766eae0 5 bytes JMP 00000000777d0360
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                       000000007766eb40 5 bytes JMP 00000000777d02a0
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                    000000007766eb90 5 bytes JMP 00000000777d02c0
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                       000000007766ebc0 5 bytes JMP 00000000777d0380
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                        000000007766ebd0 5 bytes JMP 00000000777d0340
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                 000000007766eec0 5 bytes JMP 00000000777d0440
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                000000007766f0c0 5 bytes JMP 00000000777d0260
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                   000000007766f0d0 5 bytes JMP 00000000777d0270
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                 000000007766f0e0 5 bytes JMP 00000000777d0400
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                             000000007766f2a0 5 bytes JMP 00000000777d01f0
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                              000000007766f2b0 5 bytes JMP 00000000777d0210
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                   000000007766f320 5 bytes JMP 00000000777d0200
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                   000000007766f380 5 bytes JMP 00000000777d0420
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                    000000007766f390 5 bytes JMP 00000000777d0430
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                               000000007766f3a0 5 bytes JMP 00000000777d0220
.text  C:\Windows\system32\SearchIndexer.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                       000000007766f480 5 bytes JMP 00000000777d0280
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                   000000007766dc60 5 bytes JMP 00000000777d0460
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                            000000007766dcb0 5 bytes JMP 00000000777d0450
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                            000000007766de10 5 bytes JMP 00000000777d0370
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                 000000007766de60 5 bytes JMP 00000000777d0470
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                       000000007766de70 5 bytes JMP 00000000777d03e0
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                            000000007766df20 5 bytes JMP 00000000777d0320
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                     000000007766df50 5 bytes JMP 00000000777d03b0
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                        000000007766df70 5 bytes JMP 00000000777d0390
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                              000000007766dfb0 5 bytes JMP 00000000777d02e0
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                            000000007766e030 5 bytes JMP 00000000777d02d0
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                          000000007766e050 5 bytes JMP 00000000777d0310
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                           000000007766e090 5 bytes JMP 00000000777d03c0
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                        000000007766e0e0 5 bytes JMP 00000000777d03f0
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                           000000007766e240 5 bytes JMP 00000000777d0230
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                000000007766e400 5 bytes JMP 00000000777d0480
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                               000000007766e430 5 bytes JMP 00000000777d03a0
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                        000000007766e510 5 bytes JMP 00000000777d02f0
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                     000000007766e520 5 bytes JMP 00000000777d0350
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                           000000007766e580 5 bytes JMP 00000000777d0290
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                        000000007766e610 5 bytes JMP 00000000777d02b0
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                         000000007766e630 5 bytes JMP 00000000777d03d0
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                            000000007766e640 5 bytes JMP 00000000777d0330
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                     000000007766e6b0 5 bytes JMP 00000000777d0410
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                        000000007766e6e0 5 bytes JMP 00000000777d0240
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                             000000007766e9a0 5 bytes JMP 00000000777d01e0
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                        000000007766ea60 5 bytes JMP 00000000777d0250
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                        000000007766ea90 5 bytes JMP 00000000777d0490
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                               000000007766eaa0 5 bytes JMP 00000000777d04a0
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                          000000007766ead0 5 bytes JMP 00000000777d0300
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                       000000007766eae0 5 bytes JMP 00000000777d0360
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                             000000007766eb40 5 bytes JMP 00000000777d02a0
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                          000000007766eb90 5 bytes JMP 00000000777d02c0
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                             000000007766ebc0 5 bytes JMP 00000000777d0380
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                              000000007766ebd0 5 bytes JMP 00000000777d0340
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                       000000007766eec0 5 bytes JMP 00000000777d0440
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                      000000007766f0c0 5 bytes JMP 00000000777d0260
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                         000000007766f0d0 5 bytes JMP 00000000777d0270
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                       000000007766f0e0 5 bytes JMP 00000000777d0400
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                   000000007766f2a0 5 bytes JMP 00000000777d01f0
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                    000000007766f2b0 5 bytes JMP 00000000777d0210
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                         000000007766f320 5 bytes JMP 00000000777d0200
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                         000000007766f380 5 bytes JMP 00000000777d0420
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                          000000007766f390 5 bytes JMP 00000000777d0430
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                     000000007766f3a0 5 bytes JMP 00000000777d0220
.text  C:\Windows\system32\AUDIODG.EXE[4628] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                             000000007766f480 5 bytes JMP 00000000777d0280

---- EOF - GMER 2.1 ----

schrauber · 07.06.2015, 09:48

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

janzek · 07.06.2015, 15:51

Hallo Schrauber,
anbei die Combofix.txt

Code:

ATTFilter

ComboFix 15-05-31.01 - Gaby 07.06.2015  11:55:45.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3838.2495 [GMT 2:00]
ausgeführt von:: C:\Users\Gaby\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


(((((((((((((((((((((((   Dateien erstellt von 2015-05-07 bis 2015-06-07  ))))))))))))))))))))))))))))))


2015-06-07 10:05:00 . 2015-06-07 10:05:01	75888	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FAA8FE38-31DA-4AF4-850A-A350D2C8777E}\offreg.4852.dll
2015-06-07 10:03:20 . 2015-06-07 10:03:20	--------	d-----w-	C:\Users\Default\AppData\Local\temp
2015-06-06 12:15:46 . 2015-06-06 12:17:09	--------	d-----w-	C:\FRST
2015-06-06 08:08:35 . 2015-05-03 03:16:35	12214312	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FAA8FE38-31DA-4AF4-850A-A350D2C8777E}\mpengine.dll
2015-06-01 15:57:09 . 2015-06-01 15:57:09	--------	d-----w-	C:\Users\Gaby\AppData\Roaming\ParetoLogic
2015-06-01 15:57:09 . 2015-06-01 15:57:09	--------	d-----w-	C:\Users\Gaby\AppData\Roaming\DriverCure
2015-06-01 15:56:52 . 2015-06-01 15:56:52	--------	d-----w-	C:\Program Files (x86)\Common Files\ParetoLogic
2015-06-01 15:56:50 . 2015-06-02 11:29:32	--------	d-----w-	C:\ProgramData\ParetoLogic
2015-05-28 13:50:53 . 2015-05-28 13:52:06	--------	d-----w-	C:\ProgramData\SystemExplorer
2015-05-28 13:50:52 . 2015-05-28 13:50:52	--------	d-----w-	C:\Program Files (x86)\System Explorer
2015-05-27 10:56:28 . 2015-05-27 10:56:28	--------	d-----w-	C:\Users\Gaby\AppData\Local\ElevatedDiagnostics
2015-05-27 06:48:59 . 2015-05-27 06:48:59	--------	d-----w-	C:\Users\Gaby\AppData\Local\TempTaskUpdateDetection1134F557-1C0C-41B3-B1F2-A39BA126BB19
2015-05-15 14:29:03 . 2015-05-06 17:40:48	364472	----a-w-	C:\Windows\system32\aswBoot.exe
2015-05-15 13:51:48 . 2015-05-15 13:51:48	--------	d-sh--w-	C:\Users\Gaby\AppData\Local\EmieUserList
2015-05-15 13:51:48 . 2015-05-15 13:51:48	--------	d-sh--w-	C:\Users\Gaby\AppData\Local\EmieBrowserModeList
2015-05-15 13:51:47 . 2015-05-15 13:51:48	--------	d-sh--w-	C:\Users\Gaby\AppData\Local\EmieSiteList
2015-05-13 17:01:09 . 2015-05-01 13:17:03	124112	----a-w-	C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 17:01:09 . 2015-05-01 13:16:41	102608	----a-w-	C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 15:52:49 . 2015-05-12 15:52:49	--------	d-----w-	C:\Users\Gaby\AppData\Roaming\DivX
2015-05-12 15:52:43 . 2015-05-12 15:52:43	--------	d-----w-	C:\Program Files\DivX
2015-05-12 15:52:18 . 2015-05-12 15:52:50	--------	d-----w-	C:\Program Files (x86)\Common Files\DivX Shared
2015-05-11 13:36:17 . 2015-06-04 08:53:21	--------	d-----w-	C:\Users\Gaby\AppData\Roaming\Coronic
2015-05-11 09:30:38 . 2015-06-07 09:12:23	136408	----a-w-	C:\Windows\system32\drivers\MBAMSwissArmy.sys
2015-05-11 09:30:15 . 2015-05-26 06:00:38	--------	d-----w-	C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-11 09:30:15 . 2015-05-11 09:30:15	--------	d-----w-	C:\ProgramData\Malwarebytes
2015-05-11 09:30:15 . 2015-04-14 07:37:56	63704	----a-w-	C:\Windows\system32\drivers\mwac.sys
2015-05-11 09:30:15 . 2015-04-14 07:37:46	107736	----a-w-	C:\Windows\system32\drivers\mbamchameleon.sys
2015-05-11 09:30:15 . 2015-04-14 07:37:42	25816	----a-w-	C:\Windows\system32\drivers\mbam.sys
2015-05-11 09:27:21 . 2015-05-11 09:27:21	--------	d-----w-	C:\Users\Gaby\AppData\Local\Macromedia
2015-05-11 09:26:43 . 2015-05-11 09:26:43	--------	d-----w-	C:\Windows\system32\appmgmt
2015-05-11 09:22:53 . 2015-05-11 09:22:53	--------	d-----w-	C:\ProgramData\McAfee
2015-05-11 09:22:50 . 2015-05-26 12:00:33	778416	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2015-05-11 09:22:50 . 2015-05-26 12:00:33	142512	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-11 09:22:49 . 2015-05-11 09:22:49	--------	d-----w-	C:\Windows\SysWow64\Macromed
2015-05-11 09:22:48 . 2015-05-11 09:22:48	--------	d-----w-	C:\Windows\system32\Macromed
2015-05-11 09:22:28 . 2015-05-26 12:00:38	--------	d-----w-	C:\Users\Gaby\AppData\Local\Adobe
2015-05-11 09:16:46 . 2015-05-12 15:53:03	--------	d-----w-	C:\Program Files (x86)\DivX
2015-05-11 09:13:05 . 2015-05-13 08:06:55	--------	d-----w-	C:\Users\Gaby\AppData\Roaming\PDF Architect 3
2015-05-11 09:10:41 . 2015-05-11 09:13:02	--------	d-----w-	C:\Program Files (x86)\PDF Architect 3
2015-05-11 09:10:09 . 2015-05-11 09:10:09	--------	d-----w-	C:\ProgramData\PDF Architect 3
2015-05-11 09:09:58 . 2015-05-11 09:09:58	--------	d-----w-	C:\Users\Gaby\AppData\Roaming\pdfforge
2015-05-11 09:09:56 . 2015-05-11 09:10:05	115592	----a-w-	C:\Windows\system32\pdfcmon.dll
2015-05-11 09:09:55 . 2015-05-11 09:13:16	--------	d-----w-	C:\Program Files\PDFCreator
2015-05-11 09:03:10 . 2015-05-12 15:53:03	--------	d-----w-	C:\ProgramData\DivX
2015-05-08 14:53:34 . 2015-06-06 16:03:42	--------	d-----w-	C:\auswert
2015-05-08 10:15:12 . 2011-02-25 06:19:30	2871808	----a-w-	C:\Windows\explorer.exe
2015-05-08 10:15:12 . 2011-02-25 05:30:54	2616320	----a-w-	C:\Windows\SysWow64\explorer.exe
2015-05-08 10:15:11 . 2012-02-11 06:36:02	559104	----a-w-	C:\Windows\system32\spoolsv.exe
2015-05-08 10:15:11 . 2012-02-11 06:36:01	67072	----a-w-	C:\Windows\splwow64.exe
.


((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

2015-05-13 17:02:43 . 2015-05-07 10:07:01	140425016	----a-w-	C:\Windows\system32\MRT.exe
2015-05-07 15:19:57 . 2015-05-07 15:20:40	627920	----a-w-	C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-05-07 10:38:50 . 2015-05-07 10:38:50	940032	----a-w-	C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-07 10:38:50 . 2015-05-07 10:38:50	194048	----a-w-	C:\Windows\SysWow64\elshyph.dll
2015-05-07 10:38:47 . 2015-05-07 10:38:47	71680	----a-w-	C:\Windows\SysWow64\RegisterIEPKEYs.exe
2015-05-07 10:38:47 . 2015-05-07 10:38:47	645120	----a-w-	C:\Windows\SysWow64\jsIntl.dll
2015-05-07 10:38:47 . 2015-05-07 10:38:47	62464	----a-w-	C:\Windows\SysWow64\tdc.ocx
2015-05-07 10:38:47 . 2015-05-07 10:38:47	60416	----a-w-	C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-05-07 10:38:47 . 2015-05-07 10:38:47	337408	----a-w-	C:\Windows\SysWow64\html.iec
2015-05-07 10:38:47 . 2015-05-07 10:38:47	235008	----a-w-	C:\Windows\system32\elshyph.dll
2015-05-07 10:38:47 . 2015-05-07 10:38:47	1888256	----a-w-	C:\Windows\SysWow64\wininet.dll
2015-05-07 10:38:47 . 2015-05-07 10:38:47	182272	----a-w-	C:\Windows\SysWow64\msls31.dll
2015-05-07 10:38:46 . 2015-05-07 10:38:46	74240	----a-w-	C:\Windows\SysWow64\SetIEInstalledDate.exe
2015-05-07 10:38:46 . 2015-05-07 10:38:46	64000	----a-w-	C:\Windows\SysWow64\MshtmlDac.dll
2015-05-07 10:38:46 . 2015-05-07 10:38:46	62464	----a-w-	C:\Windows\SysWow64\iesetup.dll
2015-05-07 10:38:46 . 2015-05-07 10:38:46	620032	----a-w-	C:\Windows\SysWow64\jscript9diag.dll
2015-05-07 10:38:46 . 2015-05-07 10:38:46	503296	----a-w-	C:\Windows\SysWow64\vbscript.dll
2015-05-07 10:38:46 . 2015-05-07 10:38:46	48640	----a-w-	C:\Windows\SysWow64\mshtmler.dll
2015-05-07 10:38:46 . 2015-05-07 10:38:46	47616	----a-w-	C:\Windows\SysWow64\ieetwproxystub.dll
2015-05-07 10:38:46 . 2015-05-07 10:38:46	4300288	----a-w-	C:\Windows\SysWow64\jscript9.dll
2015-05-07 10:38:46 . 2015-05-07 10:38:46	36352	----a-w-	C:\Windows\SysWow64\imgutil.dll
2015-05-07 10:38:46 . 2015-05-07 10:38:46	2724864	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2015-05-07 10:38:46 . 2015-05-07 10:38:46	24576	----a-w-	C:\Windows\SysWow64\licmgr10.dll
2015-05-07 10:38:46 . 2015-05-07 10:38:46	2052608	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2015-05-07 10:38:46 . 2015-05-07 10:38:46	151552	----a-w-	C:\Windows\SysWow64\iexpress.exe
2015-05-07 10:38:46 . 2015-05-07 10:38:46	139264	----a-w-	C:\Windows\SysWow64\wextract.exe
2015-05-07 10:38:46 . 2015-05-07 10:38:46	13312	----a-w-	C:\Windows\SysWow64\mshta.exe
2015-05-07 10:38:46 . 2015-05-07 10:38:46	115712	----a-w-	C:\Windows\SysWow64\ieUnatt.exe
2015-05-07 10:38:46 . 2015-05-07 10:38:46	1155072	----a-w-	C:\Windows\SysWow64\mshtmlmedia.dll
2015-05-07 10:38:46 . 2015-05-07 10:38:46	111616	----a-w-	C:\Windows\SysWow64\IEAdvpack.dll
2015-05-07 10:38:45 . 2015-05-07 10:38:45	942592	----a-w-	C:\Windows\system32\jsIntl.dll
2015-05-07 10:38:45 . 2015-05-07 10:38:45	86016	----a-w-	C:\Windows\SysWow64\iesysprep.dll
2015-05-07 10:38:45 . 2015-05-07 10:38:45	86016	----a-w-	C:\Windows\system32\RegisterIEPKEYs.exe
2015-05-07 10:38:45 . 2015-05-07 10:38:45	54784	----a-w-	C:\Windows\system32\jsproxy.dll
2015-05-07 10:38:45 . 2015-05-07 10:38:45	52224	----a-w-	C:\Windows\system32\msfeedsbs.dll
2015-05-07 10:38:45 . 2015-05-07 10:38:45	2886144	----a-w-	C:\Windows\system32\iertutil.dll
2015-05-07 10:38:45 . 2015-05-07 10:38:45	247808	----a-w-	C:\Windows\system32\msls31.dll
2015-05-07 10:38:45 . 2015-05-07 10:38:45	2358784	----a-w-	C:\Windows\system32\wininet.dll
2015-05-07 10:38:45 . 2015-05-07 10:38:45	199680	----a-w-	C:\Windows\system32\msrating.dll
2015-05-07 10:38:45 . 2015-05-07 10:38:45	1548288	----a-w-	C:\Windows\system32\urlmon.dll
2015-05-07 10:38:45 . 2015-05-07 10:38:45	13312	----a-w-	C:\Windows\system32\msfeedssync.exe
2015-05-07 10:38:45 . 2015-05-07 10:38:45	131072	----a-w-	C:\Windows\system32\IEAdvpack.dll
2015-05-07 10:38:44 . 2015-05-07 10:38:44	92160	----a-w-	C:\Windows\system32\mshtmled.dll
2015-05-07 10:38:44 . 2015-05-07 10:38:44	90112	----a-w-	C:\Windows\system32\SetIEInstalledDate.exe
2015-05-07 10:38:44 . 2015-05-07 10:38:44	814080	----a-w-	C:\Windows\system32\jscript9diag.dll
2015-05-07 10:38:44 . 2015-05-07 10:38:44	81408	----a-w-	C:\Windows\system32\icardie.dll
2015-05-07 10:38:44 . 2015-05-07 10:38:44	801280	----a-w-	C:\Windows\system32\msfeeds.dll
2015-05-07 10:38:44 . 2015-05-07 10:38:44	800768	----a-w-	C:\Windows\system32\ieapfltr.dll
2015-05-07 10:38:44 . 2015-05-07 10:38:44	77824	----a-w-	C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-07 10:38:44 . 2015-05-07 10:38:44	77312	----a-w-	C:\Windows\system32\tdc.ocx
2015-05-07 10:38:44 . 2015-05-07 10:38:44	718848	----a-w-	C:\Windows\system32\ie4uinit.exe
2015-05-07 10:38:44 . 2015-05-07 10:38:44	66560	----a-w-	C:\Windows\system32\iesetup.dll
2015-05-07 10:38:44 . 2015-05-07 10:38:44	633856	----a-w-	C:\Windows\system32\ieui.dll
2015-05-07 10:38:44 . 2015-05-07 10:38:44	616104	----a-w-	C:\Windows\system32\ieapfltr.dat
2015-05-07 10:38:44 . 2015-05-07 10:38:44	6035456	----a-w-	C:\Windows\system32\jscript9.dll
2015-05-07 10:38:44 . 2015-05-07 10:38:44	584192	----a-w-	C:\Windows\system32\vbscript.dll
2015-05-07 10:38:44 . 2015-05-07 10:38:44	490496	----a-w-	C:\Windows\system32\dxtmsft.dll
2015-05-07 10:38:44 . 2015-05-07 10:38:44	48640	----a-w-	C:\Windows\system32\mshtmler.dll
2015-05-07 10:38:44 . 2015-05-07 10:38:44	413696	----a-w-	C:\Windows\system32\html.iec
2015-05-07 10:38:44 . 2015-05-07 10:38:44	389800	----a-w-	C:\Windows\system32\iedkcs32.dll
2015-05-07 10:38:44 . 2015-05-07 10:38:44	34304	----a-w-	C:\Windows\system32\iernonce.dll
2015-05-07 10:38:44 . 2015-05-07 10:38:44	316928	----a-w-	C:\Windows\system32\dxtrans.dll
2015-05-07 10:38:44 . 2015-05-07 10:38:44	30208	----a-w-	C:\Windows\system32\licmgr10.dll
2015-05-07 10:38:44 . 2015-05-07 10:38:44	243200	----a-w-	C:\Windows\system32\webcheck.dll
2015-05-07 10:38:44 . 2015-05-07 10:38:44	235520	----a-w-	C:\Windows\system32\url.dll
2015-05-07 10:38:44 . 2015-05-07 10:38:44	2125824	----a-w-	C:\Windows\system32\inetcpl.cpl
2015-05-07 10:38:44 . 2015-05-07 10:38:44	167424	----a-w-	C:\Windows\system32\iexpress.exe
2015-05-07 10:38:44 . 2015-05-07 10:38:44	14398976	----a-w-	C:\Windows\system32\ieframe.dll
2015-05-07 10:38:44 . 2015-05-07 10:38:44	143872	----a-w-	C:\Windows\system32\wextract.exe
2015-05-07 10:38:44 . 2015-05-07 10:38:44	1359360	----a-w-	C:\Windows\system32\mshtmlmedia.dll
2015-05-07 10:38:44 . 2015-05-07 10:38:44	105984	----a-w-	C:\Windows\system32\iesysprep.dll
2015-05-07 10:38:44 . 2015-05-07 10:38:44	101376	----a-w-	C:\Windows\system32\inseng.dll
2015-05-07 10:38:43 . 2015-05-07 10:38:43	88064	----a-w-	C:\Windows\system32\MshtmlDac.dll
2015-05-07 10:38:43 . 2015-05-07 10:38:43	774144	----a-w-	C:\Windows\system32\jscript.dll
2015-05-07 10:38:43 . 2015-05-07 10:38:43	62464	----a-w-	C:\Windows\system32\pngfilt.dll
2015-05-07 10:38:43 . 2015-05-07 10:38:43	48640	----a-w-	C:\Windows\system32\ieetwproxystub.dll
2015-05-07 10:38:43 . 2015-05-07 10:38:43	48128	----a-w-	C:\Windows\system32\imgutil.dll
2015-05-07 10:38:43 . 2015-05-07 10:38:43	4096	----a-w-	C:\Windows\system32\ieetwcollectorres.dll
2015-05-07 10:38:43 . 2015-05-07 10:38:43	2724864	----a-w-	C:\Windows\system32\mshtml.tlb
2015-05-07 10:38:43 . 2015-05-07 10:38:43	25021440	----a-w-	C:\Windows\system32\mshtml.dll
2015-05-07 10:38:43 . 2015-05-07 10:38:43	147968	----a-w-	C:\Windows\system32\occache.dll
2015-05-07 10:38:43 . 2015-05-07 10:38:43	144384	----a-w-	C:\Windows\system32\ieUnatt.exe
2015-05-07 10:38:43 . 2015-05-07 10:38:43	13824	----a-w-	C:\Windows\system32\mshta.exe
2015-05-07 10:38:43 . 2015-05-07 10:38:43	135680	----a-w-	C:\Windows\system32\iepeers.dll
2015-05-07 10:38:43 . 2015-05-07 10:38:43	114688	----a-w-	C:\Windows\system32\ieetwcollector.exe
2015-05-07 10:36:50 . 2015-05-07 10:36:50	9728	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-05-07 10:36:50 . 2015-05-07 10:36:50	9728	---ha-w-	C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-05-07 10:36:50 . 2015-05-07 10:36:50	604160	----a-w-	C:\Windows\SysWow64\d3d10level9.dll
2015-05-07 10:36:50 . 2015-05-07 10:36:50	5632	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-05-07 10:36:50 . 2015-05-07 10:36:50	5632	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-05-07 10:36:50 . 2015-05-07 10:36:50	5632	---ha-w-	C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-05-07 10:36:50 . 2015-05-07 10:36:50	5632	---ha-w-	C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-05-07 10:36:50 . 2015-05-07 10:36:50	522752	----a-w-	C:\Windows\system32\XpsGdiConverter.dll
2015-05-07 10:36:50 . 2015-05-07 10:36:50	465920	----a-w-	C:\Windows\system32\WMPhoto.dll
2015-05-07 10:36:50 . 2015-05-07 10:36:50	417792	----a-w-	C:\Windows\SysWow64\WMPhoto.dll
2015-05-07 10:36:50 . 2015-05-07 10:36:50	4096	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2015-05-07 10:36:50 . 2015-05-07 10:36:50	4096	---ha-w-	C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-05-07 10:36:50 . 2015-05-07 10:36:50	3928064	----a-w-	C:\Windows\system32\d2d1.dll
2015-05-07 10:36:50 . 2015-05-07 10:36:50	364544	----a-w-	C:\Windows\SysWow64\XpsGdiConverter.dll
2015-05-07 10:36:50 . 2015-05-07 10:36:50	363008	----a-w-	C:\Windows\system32\dxgi.dll

Hallo Schrauber, anscheinend ist mein Rechner abgeschmiert beim Scan mit Combofix, ich hatte nur gesehen, dass er neu gebootet hat als ich ins Zimmer gekommen bin und das gepostete Logfile kam mir unvollständig vor. Ich habe Combofix nochmal durchlaufen lassen und poste nun das vollständige Logfile. Sorry, Gruss janzek

Code:

ATTFilter

ComboFix 15-05-31.01 - Gaby 07.06.2015  16:25:10.2.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3838.2741 [GMT 2:00]
ausgeführt von:: c:\users\Gaby\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-05-07 bis 2015-06-07  ))))))))))))))))))))))))))))))
.
.
2015-06-07 14:33 . 2015-06-07 14:33	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-06-06 12:15 . 2015-06-06 12:17	--------	d-----w-	C:\FRST
2015-06-06 08:08 . 2015-05-03 03:16	12214312	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FAA8FE38-31DA-4AF4-850A-A350D2C8777E}\mpengine.dll
2015-06-01 15:57 . 2015-06-01 15:57	--------	d-----w-	c:\users\Gaby\AppData\Roaming\ParetoLogic
2015-06-01 15:57 . 2015-06-01 15:57	--------	d-----w-	c:\users\Gaby\AppData\Roaming\DriverCure
2015-06-01 15:56 . 2015-06-01 15:56	--------	d-----w-	c:\program files (x86)\Common Files\ParetoLogic
2015-06-01 15:56 . 2015-06-02 11:29	--------	d-----w-	c:\programdata\ParetoLogic
2015-05-28 13:50 . 2015-05-28 13:52	--------	d-----w-	c:\programdata\SystemExplorer
2015-05-28 13:50 . 2015-05-28 13:50	--------	d-----w-	c:\program files (x86)\System Explorer
2015-05-27 10:56 . 2015-05-27 10:56	--------	d-----w-	c:\users\Gaby\AppData\Local\ElevatedDiagnostics
2015-05-27 06:48 . 2015-05-27 06:48	--------	d-----w-	c:\users\Gaby\AppData\Local\TempTaskUpdateDetection1134F557-1C0C-41B3-B1F2-A39BA126BB19
2015-05-15 14:29 . 2015-05-06 17:40	364472	----a-w-	c:\windows\system32\aswBoot.exe
2015-05-15 13:51 . 2015-05-15 13:51	--------	d-sh--w-	c:\users\Gaby\AppData\Local\EmieUserList
2015-05-15 13:51 . 2015-05-15 13:51	--------	d-sh--w-	c:\users\Gaby\AppData\Local\EmieBrowserModeList
2015-05-15 13:51 . 2015-05-15 13:51	--------	d-sh--w-	c:\users\Gaby\AppData\Local\EmieSiteList
2015-05-13 17:01 . 2015-05-01 13:17	124112	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 17:01 . 2015-05-01 13:16	102608	----a-w-	c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 15:52 . 2015-05-12 15:52	--------	d-----w-	c:\users\Gaby\AppData\Roaming\DivX
2015-05-12 15:52 . 2015-05-12 15:52	--------	d-----w-	c:\program files\DivX
2015-05-12 15:52 . 2015-05-12 15:52	--------	d-----w-	c:\program files (x86)\Common Files\DivX Shared
2015-05-11 13:36 . 2015-06-04 08:53	--------	d-----w-	c:\users\Gaby\AppData\Roaming\Coronic
2015-05-11 09:30 . 2015-06-07 12:34	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-11 09:30 . 2015-05-26 06:00	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2015-05-11 09:30 . 2015-05-11 09:30	--------	d-----w-	c:\programdata\Malwarebytes
2015-05-11 09:30 . 2015-04-14 07:37	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-05-11 09:30 . 2015-04-14 07:37	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-05-11 09:30 . 2015-04-14 07:37	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-05-11 09:27 . 2015-05-11 09:27	--------	d-----w-	c:\users\Gaby\AppData\Local\Macromedia
2015-05-11 09:26 . 2015-05-11 09:26	--------	d-----w-	c:\windows\system32\appmgmt
2015-05-11 09:22 . 2015-05-11 09:22	--------	d-----w-	c:\programdata\McAfee
2015-05-11 09:22 . 2015-05-26 12:00	778416	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-05-11 09:22 . 2015-05-26 12:00	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-11 09:22 . 2015-05-11 09:22	--------	d-----w-	c:\windows\SysWow64\Macromed
2015-05-11 09:22 . 2015-05-11 09:22	--------	d-----w-	c:\windows\system32\Macromed
2015-05-11 09:22 . 2015-05-26 12:00	--------	d-----w-	c:\users\Gaby\AppData\Local\Adobe
2015-05-11 09:16 . 2015-05-12 15:53	--------	d-----w-	c:\program files (x86)\DivX
2015-05-11 09:13 . 2015-05-13 08:06	--------	d-----w-	c:\users\Gaby\AppData\Roaming\PDF Architect 3
2015-05-11 09:10 . 2015-05-11 09:13	--------	d-----w-	c:\program files (x86)\PDF Architect 3
2015-05-11 09:10 . 2015-05-11 09:10	--------	d-----w-	c:\programdata\PDF Architect 3
2015-05-11 09:09 . 2015-05-11 09:09	--------	d-----w-	c:\users\Gaby\AppData\Roaming\pdfforge
2015-05-11 09:09 . 2015-05-11 09:10	115592	----a-w-	c:\windows\system32\pdfcmon.dll
2015-05-11 09:09 . 2015-05-11 09:13	--------	d-----w-	c:\program files\PDFCreator
2015-05-11 09:03 . 2015-05-12 15:53	--------	d-----w-	c:\programdata\DivX
2015-05-08 14:53 . 2015-06-06 16:03	--------	d-----w-	C:\auswert
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-13 17:02 . 2015-05-07 10:07	140425016	----a-w-	c:\windows\system32\MRT.exe
2015-05-07 15:19 . 2015-05-07 15:20	627920	----a-w-	c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-05-07 10:38 . 2015-05-07 10:38	940032	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2015-05-07 10:38 . 2015-05-07 10:38	194048	----a-w-	c:\windows\SysWow64\elshyph.dll
2015-05-07 10:38 . 2015-05-07 10:38	71680	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2015-05-07 10:38 . 2015-05-07 10:38	645120	----a-w-	c:\windows\SysWow64\jsIntl.dll
2015-05-07 10:38 . 2015-05-07 10:38	62464	----a-w-	c:\windows\SysWow64\tdc.ocx
2015-05-07 10:38 . 2015-05-07 10:38	60416	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-05-07 10:38 . 2015-05-07 10:38	337408	----a-w-	c:\windows\SysWow64\html.iec
2015-05-07 10:38 . 2015-05-07 10:38	235008	----a-w-	c:\windows\system32\elshyph.dll
2015-05-07 10:38 . 2015-05-07 10:38	1888256	----a-w-	c:\windows\SysWow64\wininet.dll
2015-05-07 10:38 . 2015-05-07 10:38	182272	----a-w-	c:\windows\SysWow64\msls31.dll
2015-05-07 10:38 . 2015-05-07 10:38	74240	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2015-05-07 10:38 . 2015-05-07 10:38	64000	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2015-05-07 10:38 . 2015-05-07 10:38	62464	----a-w-	c:\windows\SysWow64\iesetup.dll
2015-05-07 10:38 . 2015-05-07 10:38	620032	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2015-05-07 10:38 . 2015-05-07 10:38	503296	----a-w-	c:\windows\SysWow64\vbscript.dll
2015-05-07 10:38 . 2015-05-07 10:38	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2015-05-07 10:38 . 2015-05-07 10:38	47616	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2015-05-07 10:38 . 2015-05-07 10:38	4300288	----a-w-	c:\windows\SysWow64\jscript9.dll
2015-05-07 10:38 . 2015-05-07 10:38	36352	----a-w-	c:\windows\SysWow64\imgutil.dll
2015-05-07 10:38 . 2015-05-07 10:38	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2015-05-07 10:38 . 2015-05-07 10:38	24576	----a-w-	c:\windows\SysWow64\licmgr10.dll
2015-05-07 10:38 . 2015-05-07 10:38	2052608	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2015-05-07 10:38 . 2015-05-07 10:38	151552	----a-w-	c:\windows\SysWow64\iexpress.exe
2015-05-07 10:38 . 2015-05-07 10:38	139264	----a-w-	c:\windows\SysWow64\wextract.exe
2015-05-07 10:38 . 2015-05-07 10:38	13312	----a-w-	c:\windows\SysWow64\mshta.exe
2015-05-07 10:38 . 2015-05-07 10:38	115712	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2015-05-07 10:38 . 2015-05-07 10:38	1155072	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2015-05-07 10:38 . 2015-05-07 10:38	111616	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2015-05-07 10:38 . 2015-05-07 10:38	942592	----a-w-	c:\windows\system32\jsIntl.dll
2015-05-07 10:38 . 2015-05-07 10:38	86016	----a-w-	c:\windows\SysWow64\iesysprep.dll
2015-05-07 10:38 . 2015-05-07 10:38	86016	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2015-05-07 10:38 . 2015-05-07 10:38	54784	----a-w-	c:\windows\system32\jsproxy.dll
2015-05-07 10:38 . 2015-05-07 10:38	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2015-05-07 10:38 . 2015-05-07 10:38	2886144	----a-w-	c:\windows\system32\iertutil.dll
2015-05-07 10:38 . 2015-05-07 10:38	247808	----a-w-	c:\windows\system32\msls31.dll
2015-05-07 10:38 . 2015-05-07 10:38	2358784	----a-w-	c:\windows\system32\wininet.dll
2015-05-07 10:38 . 2015-05-07 10:38	199680	----a-w-	c:\windows\system32\msrating.dll
2015-05-07 10:38 . 2015-05-07 10:38	1548288	----a-w-	c:\windows\system32\urlmon.dll
2015-05-07 10:38 . 2015-05-07 10:38	13312	----a-w-	c:\windows\system32\msfeedssync.exe
2015-05-07 10:38 . 2015-05-07 10:38	131072	----a-w-	c:\windows\system32\IEAdvpack.dll
2015-05-07 10:38 . 2015-05-07 10:38	92160	----a-w-	c:\windows\system32\mshtmled.dll
2015-05-07 10:38 . 2015-05-07 10:38	90112	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2015-05-07 10:38 . 2015-05-07 10:38	814080	----a-w-	c:\windows\system32\jscript9diag.dll
2015-05-07 10:38 . 2015-05-07 10:38	81408	----a-w-	c:\windows\system32\icardie.dll
2015-05-07 10:38 . 2015-05-07 10:38	801280	----a-w-	c:\windows\system32\msfeeds.dll
2015-05-07 10:38 . 2015-05-07 10:38	800768	----a-w-	c:\windows\system32\ieapfltr.dll
2015-05-07 10:38 . 2015-05-07 10:38	77824	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2015-05-07 10:38 . 2015-05-07 10:38	77312	----a-w-	c:\windows\system32\tdc.ocx
2015-05-07 10:38 . 2015-05-07 10:38	718848	----a-w-	c:\windows\system32\ie4uinit.exe
2015-05-07 10:38 . 2015-05-07 10:38	66560	----a-w-	c:\windows\system32\iesetup.dll
2015-05-07 10:38 . 2015-05-07 10:38	633856	----a-w-	c:\windows\system32\ieui.dll
2015-05-07 10:38 . 2015-05-07 10:38	616104	----a-w-	c:\windows\system32\ieapfltr.dat
2015-05-07 10:38 . 2015-05-07 10:38	6035456	----a-w-	c:\windows\system32\jscript9.dll
2015-05-07 10:38 . 2015-05-07 10:38	584192	----a-w-	c:\windows\system32\vbscript.dll
2015-05-07 10:38 . 2015-05-07 10:38	490496	----a-w-	c:\windows\system32\dxtmsft.dll
2015-05-07 10:38 . 2015-05-07 10:38	48640	----a-w-	c:\windows\system32\mshtmler.dll
2015-05-07 10:38 . 2015-05-07 10:38	413696	----a-w-	c:\windows\system32\html.iec
2015-05-07 10:38 . 2015-05-07 10:38	389800	----a-w-	c:\windows\system32\iedkcs32.dll
2015-05-07 10:38 . 2015-05-07 10:38	34304	----a-w-	c:\windows\system32\iernonce.dll
2015-05-07 10:38 . 2015-05-07 10:38	316928	----a-w-	c:\windows\system32\dxtrans.dll
2015-05-07 10:38 . 2015-05-07 10:38	30208	----a-w-	c:\windows\system32\licmgr10.dll
2015-05-07 10:38 . 2015-05-07 10:38	243200	----a-w-	c:\windows\system32\webcheck.dll
2015-05-07 10:38 . 2015-05-07 10:38	235520	----a-w-	c:\windows\system32\url.dll
2015-05-07 10:38 . 2015-05-07 10:38	2125824	----a-w-	c:\windows\system32\inetcpl.cpl
2015-05-07 10:38 . 2015-05-07 10:38	167424	----a-w-	c:\windows\system32\iexpress.exe
2015-05-07 10:38 . 2015-05-07 10:38	14398976	----a-w-	c:\windows\system32\ieframe.dll
2015-05-07 10:38 . 2015-05-07 10:38	143872	----a-w-	c:\windows\system32\wextract.exe
2015-05-07 10:38 . 2015-05-07 10:38	1359360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2015-05-07 10:38 . 2015-05-07 10:38	105984	----a-w-	c:\windows\system32\iesysprep.dll
2015-05-07 10:38 . 2015-05-07 10:38	101376	----a-w-	c:\windows\system32\inseng.dll
2015-05-07 10:38 . 2015-05-07 10:38	88064	----a-w-	c:\windows\system32\MshtmlDac.dll
2015-05-07 10:38 . 2015-05-07 10:38	774144	----a-w-	c:\windows\system32\jscript.dll
2015-05-07 10:38 . 2015-05-07 10:38	62464	----a-w-	c:\windows\system32\pngfilt.dll
2015-05-07 10:38 . 2015-05-07 10:38	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2015-05-07 10:38 . 2015-05-07 10:38	48128	----a-w-	c:\windows\system32\imgutil.dll
2015-05-07 10:38 . 2015-05-07 10:38	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2015-05-07 10:38 . 2015-05-07 10:38	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2015-05-07 10:38 . 2015-05-07 10:38	25021440	----a-w-	c:\windows\system32\mshtml.dll
2015-05-07 10:38 . 2015-05-07 10:38	147968	----a-w-	c:\windows\system32\occache.dll
2015-05-07 10:38 . 2015-05-07 10:38	144384	----a-w-	c:\windows\system32\ieUnatt.exe
2015-05-07 10:38 . 2015-05-07 10:38	13824	----a-w-	c:\windows\system32\mshta.exe
2015-05-07 10:38 . 2015-05-07 10:38	135680	----a-w-	c:\windows\system32\iepeers.dll
2015-05-07 10:38 . 2015-05-07 10:38	114688	----a-w-	c:\windows\system32\ieetwcollector.exe
2015-05-07 10:36 . 2015-05-07 10:36	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-05-07 10:36 . 2015-05-07 10:36	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-05-07 10:36 . 2015-05-07 10:36	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2015-05-07 10:36 . 2015-05-07 10:36	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-05-07 10:36 . 2015-05-07 10:36	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-05-07 10:36 . 2015-05-07 10:36	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-05-07 10:36 . 2015-05-07 10:36	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-05-07 10:36 . 2015-05-07 10:36	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2015-05-07 10:36 . 2015-05-07 10:36	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2015-05-07 10:36 . 2015-05-07 10:36	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2015-05-07 10:36 . 2015-05-07 10:36	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2015-05-07 10:36 . 2015-05-07 10:36	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-05-07 10:36 . 2015-05-07 10:36	3928064	----a-w-	c:\windows\system32\d2d1.dll
2015-05-07 10:36 . 2015-05-07 10:36	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2015-05-07 10:36 . 2015-05-07 10:36	363008	----a-w-	c:\windows\system32\dxgi.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-05-07 16:34	1605832	----a-w-	c:\users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2015-05-07 16:34	1605832	----a-w-	c:\users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2015-05-07 16:34	1605832	----a-w-	c:\users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-05-07 16:34	1605832	----a-w-	c:\users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-05-07 16:34	1605832	----a-w-	c:\users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Photosmart 5520 series (NET)"="c:\program files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-11 5515496]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2015-04-08 448520]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"SystemExplorerAutoStart"="c:\program files (x86)\System Explorer\SystemExplorer.exe" [2015-05-21 3391720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SageDB 5.0;SageDB 5.0;c:\program files (x86)\Sage\SageDB 5.0\bin\mysqld-nt.exe;c:\program files (x86)\Sage\SageDB 5.0\bin\mysqld-nt.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 PDF Architect 3 CrashHandler;PDF Architect 3 CrashHandler;c:\program files (x86)\PDF Architect 3\crash-handler-ws.exe;c:\program files (x86)\PDF Architect 3\crash-handler-ws.exe [x]
R3 PDF Architect 3;PDF Architect 3;c:\program files (x86)\PDF Architect 3\ws.exe;c:\program files (x86)\PDF Architect 3\ws.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;Avast Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
S2 PDF Architect 3 Creator;PDF Architect 3 Creator;c:\program files (x86)\PDF Architect 3\creator-ws.exe;c:\program files (x86)\PDF Architect 3\creator-ws.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 SystemExplorerHelpService;System Explorer Service;c:\program files (x86)\System Explorer\service\SystemExplorerService64.exe;c:\program files (x86)\System Explorer\service\SystemExplorerService64.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2015-06-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-11 12:00]
.
2015-06-06 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2015-06-07 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-12-08 18:55]
.
2015-06-02 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-12-08 18:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-05-07 16:34	1645256	----a-w-	c:\users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2015-05-07 16:34	1645256	----a-w-	c:\users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2015-05-07 16:34	1645256	----a-w-	c:\users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-05-07 16:34	1645256	----a-w-	c:\users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-05-07 16:34	1645256	----a-w-	c:\users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-04-14 14:30	2334936	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-04-14 14:30	2334936	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-04-14 14:30	2334936	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-05-06 17:40	722400	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/?trackid=sp-006
mStart Page = https://www.google.com/?trackid=sp-006
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
mSearch Bar = https://www.google.com/?trackid=sp-006
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office15\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Gaby\AppData\Roaming\Mozilla\Firefox\Profiles\2afqvvv9.default\
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search/?trackid=sp-006
FF - prefs.js: browser.search.selectedEngine - Google (avast)
FF - prefs.js: browser.startup.homepage - www.web.de
FF - prefs.js: keyword.URL - hxxps://www.google.com/search/?trackid=sp-006
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{06E08260-0695-4EC1-A74B-1310D8899D93} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-06-07  16:43:17
ComboFix-quarantined-files.txt  2015-06-07 14:43
.
Vor Suchlauf: 14 Verzeichnis(se), 48.769.425.408 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 48.337.637.376 Bytes frei
.
- - End Of File - - 00A472B3FADA4D3427561AABA5CC1028
72B8CE41AF0DE751C946802B3ED844B4

schrauber · 08.06.2015, 06:31

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

janzek · 08.06.2015, 18:05

Hallo Schrauber,
mbam habe ich eh auf dem Rechner und lasse täglich scannen. Hatte ich bisher nicht gepostet, da es ohne Ergenbis war. Anbei nun das Logfile vom letzten Scan heute morgen.

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 08.06.2015
Suchlauf-Zeit: 07:21:26
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.06.07.05
Rootkit Datenbank: v2015.06.02.01
Lizenz: Premium
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Gaby

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 351972
Verstrichene Zeit: 10 Min, 27 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

Nun AdwCleaner

Code:

ATTFilter

# AdwCleaner v4.206 - Bericht erstellt 08/06/2015 um 18:12:08
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-06-05.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Gaby - GABY-PC
# Gestarted von : C:\Users\Gaby\Desktop\AdwCleaner_4.206.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\ParetoLogic
Ordner Gelöscht : C:\ProgramData\abde72000000091d
Ordner Gelöscht : C:\Program Files (x86)\Common Files\ParetoLogic
Ordner Gelöscht : C:\Users\Gaby\AppData\Roaming\DriverCure
Ordner Gelöscht : C:\Users\Gaby\AppData\Roaming\ParetoLogic
Ordner Gelöscht : C:\Users\Gaby\AppData\Roaming\pdfforge
Datei Gelöscht : C:\Users\Gaby\AppData\Roaming\Mozilla\Firefox\Profiles\2afqvvv9.default\user.js

***** [ Geplante Tasks ] *****

Task Gelöscht : paretologic registration3
Task Gelöscht : paretologic update version3
Task Gelöscht : ParetoLogic Update Version3 Startup Task

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\uus3url-pl
Schlüssel Gelöscht : HKLM\SOFTWARE\ef378d3b-ceb6-1f92-f12c-528648da1eb6
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\ParetoLogic
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\Linkey
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\ParetoLogic
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\SpeedBit
Schlüssel Gelöscht : HKLM\SOFTWARE\AIM Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v38.0.5 (x86 de)

[2afqvvv9.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.alias", "istartsurf");
[2afqvvv9.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://www.istartsurf.com/web/favicon.ico");
[2afqvvv9.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.name", "istartsurf");
[2afqvvv9.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://www.istartsurf.com/web/?type=dspp&ts=1430933507&from=air&uid=ExcelStorXTechnologyXJ680_VNR21EG2074CEA074CEAX&q={searchTerms}");

*************************

AdwCleaner[R0].txt - [3427 Bytes] - [08/06/2015 18:10:49]
AdwCleaner[S0].txt - [3173 Bytes] - [08/06/2015 18:12:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3232  Bytes] ##########

und JRT.txt

Code:

ATTFilter

# AdwCleaner v4.206 - Bericht erstellt 08/06/2015 um 18:12:08
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-06-05.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Gaby - GABY-PC
# Gestarted von : C:\Users\Gaby\Desktop\AdwCleaner_4.206.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\ParetoLogic
Ordner Gelöscht : C:\ProgramData\abde72000000091d
Ordner Gelöscht : C:\Program Files (x86)\Common Files\ParetoLogic
Ordner Gelöscht : C:\Users\Gaby\AppData\Roaming\DriverCure
Ordner Gelöscht : C:\Users\Gaby\AppData\Roaming\ParetoLogic
Ordner Gelöscht : C:\Users\Gaby\AppData\Roaming\pdfforge
Datei Gelöscht : C:\Users\Gaby\AppData\Roaming\Mozilla\Firefox\Profiles\2afqvvv9.default\user.js

***** [ Geplante Tasks ] *****

Task Gelöscht : paretologic registration3
Task Gelöscht : paretologic update version3
Task Gelöscht : ParetoLogic Update Version3 Startup Task

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\uus3url-pl
Schlüssel Gelöscht : HKLM\SOFTWARE\ef378d3b-ceb6-1f92-f12c-528648da1eb6
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\ParetoLogic
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\Linkey
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\ParetoLogic
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\SpeedBit
Schlüssel Gelöscht : HKLM\SOFTWARE\AIM Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v38.0.5 (x86 de)

[2afqvvv9.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.alias", "istartsurf");
[2afqvvv9.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://www.istartsurf.com/web/favicon.ico");
[2afqvvv9.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.name", "istartsurf");
[2afqvvv9.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://www.istartsurf.com/web/?type=dspp&ts=1430933507&from=air&uid=ExcelStorXTechnologyXJ680_VNR21EG2074CEA074CEAX&q={searchTerms}");

*************************

AdwCleaner[R0].txt - [3427 Bytes] - [08/06/2015 18:10:49]
AdwCleaner[S0].txt - [3173 Bytes] - [08/06/2015 18:12:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3232  Bytes] ##########

und das frische FRST

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-06-2015
Ran by Gaby (administrator) on GABY-PC on 08-06-2015 19:02:51
Running from C:\Users\Gaby\Desktop
Loaded Profiles: Gaby (Available Profiles: Gaby)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Mister Group) C:\Program Files (x86)\System Explorer\SystemExplorer.exe
(Mister Group) C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-04-08] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [SystemExplorerAutoStart] => C:\Program Files (x86)\System Explorer\SystemExplorer.exe [3391720 2015-05-21] (Mister Group)
HKU\S-1-5-21-3507930614-119480243-4004697037-1000\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64\FileSyncShell64.dll [2015-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64\FileSyncShell64.dll [2015-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64\FileSyncShell64.dll [2015-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64\FileSyncShell64.dll [2015-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64\FileSyncShell64.dll [2015-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-06] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll [2015-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll [2015-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll [2015-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll [2015-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll [2015-05-07] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3507930614-119480243-4004697037-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3507930614-119480243-4004697037-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3507930614-119480243-4004697037-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3507930614-119480243-4004697037-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = 
SearchScopes: HKU\S-1-5-21-3507930614-119480243-4004697037-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-07] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-06] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-06] (Avast Software s.r.o.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-07] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Gaby\AppData\Roaming\Mozilla\Firefox\Profiles\2afqvvv9.default
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: www.web.de
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-26] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-26] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-07] (Microsoft Corporation)
FF Plugin-x32: PDF Architect 3 -> C:\Program Files (x86)\PDF Architect 3\np-previewer.dll [2015-04-24] (pdfforge GmbH)
FF SearchPlugin: C:\Users\Gaby\AppData\Roaming\Mozilla\Firefox\Profiles\2afqvvv9.default\searchplugins\google-avast.xml [2015-05-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-06]
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-06] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-05-06] (Avast Software s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2244312 2015-04-24] (pdfforge GmbH)
S3 PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [901336 2015-04-24] (pdfforge GmbH)
S2 PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [740568 2015-04-24] (pdfforge GmbH)
S2 SageDB 5.0; C:\Program Files (x86)\Sage\SageDB 5.0\bin\mysqld-nt.exe [5685248 2011-07-18] () [File not signed]
R3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-06] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-05-06] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-06] (Avast Software s.r.o.)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449896 2015-05-06] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-06] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-06] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-06] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-06] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-06] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-08 19:02 - 2015-06-08 19:02 - 00013329 _____ C:\Users\Gaby\Desktop\FRST.txt
2015-06-08 18:27 - 2015-06-08 18:27 - 00001635 _____ C:\Users\Gaby\Desktop\JRT.txt
2015-06-08 18:23 - 2015-06-08 18:23 - 02943232 _____ (Thisisu) C:\Users\Gaby\Desktop\JRT.exe
2015-06-08 18:23 - 2015-06-08 18:23 - 00000207 _____ C:\Windows\tweaking.com-regbackup-GABY-PC-Windows-7-Professional-(64-bit).dat
2015-06-08 18:23 - 2015-06-08 18:23 - 00000000 ____D C:\RegBackup
2015-06-08 18:20 - 2015-06-08 18:20 - 00003316 _____ C:\Users\Gaby\Desktop\AdwCleaner[S0].txt
2015-06-08 18:10 - 2015-06-08 18:12 - 00000000 ____D C:\AdwCleaner
2015-06-08 18:09 - 2015-06-08 18:09 - 02231296 _____ C:\Users\Gaby\Desktop\AdwCleaner_4.206.exe
2015-06-08 18:06 - 2015-06-08 18:06 - 00001204 _____ C:\Users\Gaby\Desktop\mbam.txt
2015-06-08 10:16 - 2015-06-08 12:38 - 00624615 _____ C:\Users\Gaby\Desktop\EK uwe und sabine.ESt2013
2015-06-08 10:16 - 2014-05-21 11:41 - 00624663 _____ C:\Users\Gaby\Desktop\EK uwe und sabine.ESt2013_Backup
2015-06-08 10:16 - 2014-05-21 10:06 - 00170352 _____ C:\Users\Gaby\Desktop\Festellung Sabine u. Uwe..GesondFest2013
2015-06-08 07:21 - 2015-06-08 07:21 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\658810F1.sys
2015-06-07 16:43 - 2015-06-07 16:43 - 00026929 _____ C:\ComboFix.txt
2015-06-07 16:22 - 2015-06-07 12:09 - 00015163 _____ C:\Users\Gaby\Desktop\ComboFix.txt
2015-06-07 12:12 - 2015-06-07 12:12 - 00275104 _____ C:\Windows\Minidump\060715-22136-01.dmp
2015-06-07 11:54 - 2015-06-07 16:43 - 00000000 ____D C:\Qoobox
2015-06-07 11:54 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-07 11:54 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-07 11:54 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-07 11:54 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-07 11:54 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-07 11:54 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-07 11:54 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-07 11:54 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-07 11:53 - 2015-06-07 12:10 - 00000000 ____D C:\Windows\erdnt
2015-06-07 11:50 - 2015-06-07 11:51 - 05628238 ____R (Swearware) C:\Users\Gaby\Desktop\ComboFix.exe
2015-06-06 16:27 - 2015-06-06 16:27 - 00538856 _____ C:\Windows\Minidump\060615-15397-01.dmp
2015-06-06 14:35 - 2015-06-06 14:35 - 00128770 _____ C:\Users\Gaby\Desktop\gmer.txt
2015-06-06 14:20 - 2015-06-06 14:20 - 00380416 _____ C:\Users\Gaby\Desktop\Gmer-19357.exe
2015-06-06 14:16 - 2015-06-06 14:17 - 00023500 _____ C:\Users\Gaby\Desktop\Addition.txt
2015-06-06 14:15 - 2015-06-08 19:02 - 00000000 ____D C:\FRST
2015-06-06 14:15 - 2015-06-06 14:17 - 00127661 _____ C:\Users\Gaby\Desktop\FRSTalt.txt
2015-06-06 14:14 - 2015-06-06 14:14 - 02108928 _____ (Farbar) C:\Users\Gaby\Desktop\FRST64.exe
2015-06-06 14:12 - 2015-06-06 14:12 - 00000470 _____ C:\Users\Gaby\Desktop\defogger_disable.log
2015-06-06 14:12 - 2015-06-06 14:12 - 00000000 _____ C:\Users\Gaby\defogger_reenable
2015-06-06 14:09 - 2015-06-06 14:09 - 00050477 _____ C:\Users\Gaby\Desktop\Defogger.exe
2015-06-03 08:03 - 2015-06-04 07:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-02 10:12 - 2015-06-02 10:12 - 00275160 _____ C:\Windows\Minidump\060215-19874-01.dmp
2015-06-01 17:55 - 2015-06-01 17:55 - 05813872 _____ (ParetoLogic Inc.) C:\Users\Gaby\Downloads\ParetoLogic PC Health Advisor_de.exe
2015-06-01 08:46 - 2015-06-01 08:46 - 00275160 _____ C:\Windows\Minidump\060115-20389-01.dmp
2015-05-29 18:49 - 2015-05-29 18:49 - 00275160 _____ C:\Windows\Minidump\052915-17643-01.dmp
2015-05-29 08:06 - 2015-05-29 08:06 - 00275160 _____ C:\Windows\Minidump\052915-19858-01.dmp
2015-05-28 15:50 - 2015-05-28 15:52 - 00000000 ____D C:\ProgramData\SystemExplorer
2015-05-28 15:50 - 2015-05-28 15:50 - 01918512 _____ (Mister Group ) C:\Users\Gaby\Downloads\SystemExplorerSetup_642.exe
2015-05-28 15:50 - 2015-05-28 15:50 - 00001086 _____ C:\Users\Public\Desktop\System Explorer.lnk
2015-05-28 15:50 - 2015-05-28 15:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer
2015-05-28 15:50 - 2015-05-28 15:50 - 00000000 ____D C:\Program Files (x86)\System Explorer
2015-05-27 08:48 - 2015-05-27 08:48 - 00000000 ____D C:\Users\Gaby\AppData\Local\TempTaskUpdateDetection1134F557-1C0C-41B3-B1F2-A39BA126BB19
2015-05-27 08:18 - 2015-05-27 08:18 - 06381872 _____ C:\Users\Gaby\Downloads\VR_PROTECT.exe.rar
2015-05-27 08:18 - 2015-05-27 08:18 - 00000000 ____D C:\Users\Gaby\AppData\Roaming\WinRAR
2015-05-26 07:59 - 2015-05-26 07:59 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Gaby\Downloads\mbam-setup-2.1.6.1022(1).exe
2015-05-23 12:29 - 2015-06-01 07:41 - 00196630 _____ C:\211.sal
2015-05-23 12:15 - 2015-05-23 12:15 - 00002335 _____ C:\meldearchiv265159952369.mla
2015-05-23 12:14 - 2015-05-23 12:14 - 00003154 _____ C:\Windows\System32\Tasks\{B312B1ED-D02E-4A10-8247-6C954C8232DE}
2015-05-15 16:29 - 2015-05-06 19:40 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-15 15:51 - 2015-05-15 15:51 - 00000000 __SHD C:\Users\Gaby\AppData\Local\EmieUserList
2015-05-15 15:51 - 2015-05-15 15:51 - 00000000 __SHD C:\Users\Gaby\AppData\Local\EmieSiteList
2015-05-15 15:51 - 2015-05-15 15:51 - 00000000 __SHD C:\Users\Gaby\AppData\Local\EmieBrowserModeList
2015-05-13 19:01 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 19:01 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 09:26 - 2015-06-07 12:12 - 00000000 ____D C:\Windows\Minidump
2015-05-13 09:26 - 2015-05-13 09:26 - 00275160 _____ C:\Windows\Minidump\051315-26707-01.dmp
2015-05-13 09:25 - 2015-06-07 12:11 - 470432800 _____ C:\Windows\MEMORY.DMP
2015-05-13 07:53 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 07:53 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 07:53 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 07:53 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 07:53 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 07:53 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 07:53 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 07:53 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 07:53 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 07:53 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 07:53 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 07:53 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 07:53 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 07:53 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 07:53 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 07:53 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 07:53 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 07:53 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 07:53 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 07:53 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 07:53 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 07:53 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 07:53 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 07:53 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 07:53 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 07:53 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 07:53 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 07:53 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 07:53 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 07:53 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 07:53 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 07:53 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 07:53 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 07:53 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 07:53 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 07:53 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 07:53 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 07:53 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 07:53 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 07:53 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 07:53 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 07:53 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 07:53 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 07:53 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 07:53 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 07:53 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 07:53 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 07:53 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 07:53 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 07:53 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 07:53 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 07:53 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 07:53 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 07:53 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 07:53 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 07:53 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 07:53 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 07:53 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 07:53 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 07:53 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 07:53 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 07:53 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 07:53 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 07:53 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 07:53 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 07:53 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-12 17:53 - 2015-05-12 17:53 - 00001570 _____ C:\Users\Gaby\Desktop\DivX Movies.lnk
2015-05-12 17:52 - 2015-05-12 17:52 - 00001062 _____ C:\Users\Public\Desktop\DivX Player.lnk
2015-05-12 17:52 - 2015-05-12 17:52 - 00000000 ____D C:\Users\Gaby\AppData\Roaming\DivX
2015-05-12 17:52 - 2015-05-12 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2015-05-12 17:52 - 2015-05-12 17:52 - 00000000 ____D C:\Program Files\DivX
2015-05-11 15:36 - 2015-06-04 10:53 - 00000000 ____D C:\Users\Gaby\AppData\Roaming\Coronic
2015-05-11 11:30 - 2015-06-08 18:14 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-11 11:30 - 2015-05-26 08:00 - 00001102 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-11 11:30 - 2015-05-26 08:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-11 11:30 - 2015-05-26 08:00 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-11 11:30 - 2015-05-11 11:32 - 01010672 _____ (DivX, LLC) C:\Users\Gaby\Downloads\DivXInstaller.exe
2015-05-11 11:30 - 2015-05-11 11:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-05-11 11:30 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-11 11:30 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-11 11:30 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-11 11:28 - 2015-05-11 11:28 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Gaby\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-11 11:27 - 2015-05-11 11:27 - 00000000 ____D C:\Users\Gaby\AppData\Roaming\Macromedia
2015-05-11 11:27 - 2015-05-11 11:27 - 00000000 ____D C:\Users\Gaby\AppData\Local\Macromedia
2015-05-11 11:26 - 2015-05-11 11:26 - 00000000 ____D C:\Windows\system32\appmgmt
2015-05-11 11:22 - 2015-06-08 18:30 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-11 11:22 - 2015-05-26 14:00 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-11 11:22 - 2015-05-26 14:00 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-11 11:22 - 2015-05-26 14:00 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-11 11:22 - 2015-05-26 14:00 - 00000000 ____D C:\Users\Gaby\AppData\Local\Adobe
2015-05-11 11:22 - 2015-05-11 11:22 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-05-11 11:22 - 2015-05-11 11:22 - 00000000 ____D C:\Windows\system32\Macromed
2015-05-11 11:22 - 2015-05-11 11:22 - 00000000 ____D C:\ProgramData\McAfee
2015-05-11 11:16 - 2015-05-12 17:53 - 00000000 ____D C:\Program Files (x86)\DivX
2015-05-11 11:13 - 2015-05-13 10:06 - 00000000 ____D C:\Users\Gaby\AppData\Roaming\PDF Architect 3
2015-05-11 11:13 - 2015-05-11 11:13 - 00000983 _____ C:\Users\Public\Desktop\PDF Architect 3.lnk
2015-05-11 11:10 - 2015-05-11 11:13 - 00000000 ____D C:\Program Files (x86)\PDF Architect 3
2015-05-11 11:10 - 2015-05-11 11:10 - 00000000 ____D C:\Users\Gaby\Documents\PDF Architect
2015-05-11 11:10 - 2015-05-11 11:10 - 00000000 ____D C:\ProgramData\PDF Architect 3
2015-05-11 11:10 - 2015-05-11 11:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 3
2015-05-11 11:09 - 2015-05-11 11:13 - 00000000 ____D C:\Program Files\PDFCreator
2015-05-11 11:09 - 2015-05-11 11:10 - 00115592 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2015-05-11 11:09 - 2015-05-11 11:09 - 00000836 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2015-05-11 11:09 - 2015-05-11 11:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-05-11 11:06 - 2015-05-11 11:06 - 27837984 _____ (pdfforge ) C:\Users\Gaby\Downloads\PDFCreator-2_1_1-setup.exe
2015-05-11 11:03 - 2015-05-12 17:53 - 00000000 ____D C:\ProgramData\DivX

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-08 19:00 - 2015-05-07 12:34 - 00073860 _____ C:\Windows\IE11_main.log
2015-06-08 19:00 - 2015-05-06 18:07 - 01222794 _____ C:\Windows\WindowsUpdate.log
2015-06-08 18:25 - 2015-05-07 12:40 - 00005128 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Gaby-PC-Gaby Gaby-PC
2015-06-08 18:21 - 2009-07-14 06:45 - 00025680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-08 18:21 - 2009-07-14 06:45 - 00025680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-08 18:13 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-08 18:13 - 2009-07-14 06:51 - 00027628 _____ C:\Windows\setupact.log
2015-06-08 16:34 - 2015-05-06 20:21 - 00000000 ____D C:\Users\Gaby\Documents\Outlook-Dateien
2015-06-08 13:39 - 2015-05-07 10:40 - 00000000 ____D C:\Users\Gaby\Documents\Steuerfälle
2015-06-07 16:57 - 2010-11-21 05:47 - 00052306 _____ C:\Windows\PFRO.log
2015-06-07 16:33 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-06-07 11:02 - 2015-05-06 19:41 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-06-06 18:03 - 2015-05-08 16:53 - 00000000 ____D C:\auswert
2015-06-06 14:12 - 2015-05-06 19:05 - 00000000 ____D C:\Users\Gaby
2015-06-05 07:47 - 2015-05-07 04:02 - 00653928 _____ C:\Windows\system32\perfh007.dat
2015-06-05 07:47 - 2015-05-07 04:02 - 00129800 _____ C:\Windows\system32\perfc007.dat
2015-06-05 07:47 - 2009-07-14 07:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-04 07:21 - 2015-05-06 19:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-28 16:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-05-27 17:56 - 2015-05-07 11:01 - 00000000 ____D C:\Users\Gaby\Desktop\Nebenkosten Donnerschwee
2015-05-27 12:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-05-27 08:05 - 2015-03-12 11:49 - 21197880 _____ (GAD eG, Münster) C:\Users\Gaby\Desktop\VR_PROTECT.exe
2015-05-23 12:28 - 2015-05-06 19:57 - 00000000 ____D C:\Program Files (x86)\microlobu
2015-05-22 14:36 - 2015-05-07 17:17 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-05-15 16:29 - 2015-05-06 19:54 - 00001982 _____ C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-05-15 16:29 - 2015-05-06 19:54 - 00001922 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2015-05-15 16:25 - 2015-05-07 16:35 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-15 16:25 - 2010-11-21 09:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-05-15 16:25 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-05-15 16:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2015-05-14 15:09 - 2015-05-07 11:01 - 00000000 ____D C:\Users\Gaby\Desktop\Gaby Diät
2015-05-14 10:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-05-13 19:29 - 2009-07-14 06:45 - 00433144 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-13 19:27 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-13 19:27 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-13 19:04 - 2015-05-07 12:07 - 00000000 ____D C:\Windows\system32\MRT
2015-05-13 19:02 - 2015-05-07 12:07 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-11 15:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Cursors
2015-05-11 11:26 - 2015-05-06 21:36 - 00000000 ____D C:\Program Files (x86)\Akademische Arbeitsgemeinschaft
2015-05-11 11:26 - 2015-05-06 21:35 - 00000000 ____D C:\ProgramData\AAV
2015-05-11 11:26 - 2015-05-06 19:31 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-11 11:26 - 2015-05-06 19:31 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-11 11:26 - 2015-05-06 19:06 - 00001433 _____ C:\Users\Gaby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-11 11:02 - 2015-05-06 19:56 - 00000000 ____D C:\Users\Gaby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-11 11:02 - 2015-05-06 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-11 11:02 - 2015-05-06 19:56 - 00000000 ____D C:\Program Files\WinRAR
2015-05-09 18:37 - 2015-05-06 20:14 - 00000000 ____D C:\Users\Gaby\AppData\Local\Microsoft Help
2015-05-09 11:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-05-09 11:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Dism

==================== Files in the root of some directories =======

2015-05-06 20:04 - 2015-05-06 20:04 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Gaby\AppData\Local\Temp\Quarantine.exe
C:\Users\Gaby\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-03 10:47

==================== End of log ============================

schrauber · 09.06.2015, 10:08

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

janzek · 09.06.2015, 17:29

Hallo Schrauber,
seit gestern ist der Rechner mehrfach aus dem Standby gekommen und hat keine Blockierung mehr gehabt. Eset hat 2 Bedrohungen gefunden, anbei die Log's

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=7653584ad68ba24aab8c18e324da575a
# end=init
# utc_time=2015-06-09 03:27:11
# local_time=2015-06-09 05:27:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24248
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=7653584ad68ba24aab8c18e324da575a
# end=updated
# utc_time=2015-06-09 03:31:27
# local_time=2015-06-09 05:31:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=7653584ad68ba24aab8c18e324da575a
# engine=24248
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-09 03:50:36
# local_time=2015-06-09 05:50:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 84374 185494886 0 0
# scanned=67845
# found=2
# cleaned=0
# scan_time=1149
sh=415DCA03897BCE097CA0FC4863185AF04B3A240F ft=1 fh=fb81950441638593 vn="Variante von Win32/DownloadAssistant.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\Gaby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LMGC7DQ2\setup[1].exe"
sh=F218CB4810038F0B9E1DAA6A8E73FA258D620A8C ft=1 fh=719afe2b4494447f vn="Win32/InstallMonetizer.AQ evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\Gaby\Downloads\PDFCreator-2_1_1-setup.exe"

SecurityCheck:

Code:

ATTFilter

  Results of screen317's Security Check version 1.002  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 17.0.0.188  
 Mozilla Firefox (38.0.5) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast afwServ.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

und noch mal FRST

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-06-2015
Ran by Gaby (administrator) on GABY-PC on 09-06-2015 18:12:15
Running from C:\Users\Gaby\Desktop
Loaded Profiles: Gaby (Available Profiles: Gaby)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Mister Group) C:\Program Files (x86)\System Explorer\SystemExplorer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 3\creator-ws.exe
() C:\Program Files (x86)\Sage\SageDB 5.0\bin\mysqld-nt.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
(Mister Group) C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 3\ws.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-04-08] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [SystemExplorerAutoStart] => C:\Program Files (x86)\System Explorer\SystemExplorer.exe [3391720 2015-05-21] (Mister Group)
HKU\S-1-5-21-3507930614-119480243-4004697037-1000\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64\FileSyncShell64.dll [2015-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64\FileSyncShell64.dll [2015-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64\FileSyncShell64.dll [2015-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64\FileSyncShell64.dll [2015-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64\FileSyncShell64.dll [2015-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-06] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll [2015-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll [2015-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll [2015-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll [2015-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Gaby\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll [2015-05-07] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3507930614-119480243-4004697037-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3507930614-119480243-4004697037-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3507930614-119480243-4004697037-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3507930614-119480243-4004697037-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = 
SearchScopes: HKU\S-1-5-21-3507930614-119480243-4004697037-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-07] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-06] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-06] (Avast Software s.r.o.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-07] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Gaby\AppData\Roaming\Mozilla\Firefox\Profiles\2afqvvv9.default
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: www.web.de
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-26] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-26] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-07] (Microsoft Corporation)
FF Plugin-x32: PDF Architect 3 -> C:\Program Files (x86)\PDF Architect 3\np-previewer.dll [2015-04-24] (pdfforge GmbH)
FF SearchPlugin: C:\Users\Gaby\AppData\Roaming\Mozilla\Firefox\Profiles\2afqvvv9.default\searchplugins\google-avast.xml [2015-05-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-06]
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-06] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-05-06] (Avast Software s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R3 PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2244312 2015-04-24] (pdfforge GmbH)
S3 PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [901336 2015-04-24] (pdfforge GmbH)
R2 PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [740568 2015-04-24] (pdfforge GmbH)
R2 SageDB 5.0; C:\Program Files (x86)\Sage\SageDB 5.0\bin\mysqld-nt.exe [5685248 2011-07-18] () [File not signed]
R3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-06] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-05-06] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-06] (Avast Software s.r.o.)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449896 2015-05-06] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-06] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-06] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-06] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-06] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-06] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-09 18:11 - 2015-06-09 18:11 - 00000900 _____ C:\Users\Gaby\Desktop\checkup.txt
2015-06-09 17:56 - 2015-06-09 17:56 - 00852639 _____ C:\Users\Gaby\Desktop\SecurityCheck.exe
2015-06-09 17:24 - 2015-06-09 17:24 - 02870984 _____ (ESET) C:\Users\Gaby\Desktop\esetsmartinstaller_deu.exe
2015-06-08 19:02 - 2015-06-09 18:12 - 00014004 _____ C:\Users\Gaby\Desktop\FRST.txt
2015-06-08 18:27 - 2015-06-08 18:27 - 00001635 _____ C:\Users\Gaby\Desktop\JRT.txt
2015-06-08 18:23 - 2015-06-08 18:23 - 02943232 _____ (Thisisu) C:\Users\Gaby\Desktop\JRT.exe
2015-06-08 18:23 - 2015-06-08 18:23 - 00000207 _____ C:\Windows\tweaking.com-regbackup-GABY-PC-Windows-7-Professional-(64-bit).dat
2015-06-08 18:23 - 2015-06-08 18:23 - 00000000 ____D C:\RegBackup
2015-06-08 18:20 - 2015-06-08 18:20 - 00003316 _____ C:\Users\Gaby\Desktop\AdwCleaner[S0].txt
2015-06-08 18:10 - 2015-06-08 18:12 - 00000000 ____D C:\AdwCleaner
2015-06-08 18:09 - 2015-06-08 18:09 - 02231296 _____ C:\Users\Gaby\Desktop\AdwCleaner_4.206.exe
2015-06-08 18:06 - 2015-06-08 18:06 - 00001204 _____ C:\Users\Gaby\Desktop\mbam.txt
2015-06-08 10:16 - 2015-06-08 12:38 - 00624615 _____ C:\Users\Gaby\Desktop\EK uwe und sabine.ESt2013
2015-06-08 10:16 - 2014-05-21 11:41 - 00624663 _____ C:\Users\Gaby\Desktop\EK uwe und sabine.ESt2013_Backup
2015-06-08 10:16 - 2014-05-21 10:06 - 00170352 _____ C:\Users\Gaby\Desktop\Festellung Sabine u. Uwe..GesondFest2013
2015-06-08 07:21 - 2015-06-08 07:21 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\658810F1.sys
2015-06-07 16:43 - 2015-06-07 16:43 - 00026929 _____ C:\ComboFix.txt
2015-06-07 16:22 - 2015-06-07 12:09 - 00015163 _____ C:\Users\Gaby\Desktop\ComboFix.txt
2015-06-07 12:12 - 2015-06-07 12:12 - 00275104 _____ C:\Windows\Minidump\060715-22136-01.dmp
2015-06-07 11:54 - 2015-06-07 16:43 - 00000000 ____D C:\Qoobox
2015-06-07 11:54 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-07 11:54 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-07 11:54 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-07 11:54 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-07 11:54 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-07 11:54 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-07 11:54 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-07 11:54 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-07 11:53 - 2015-06-07 12:10 - 00000000 ____D C:\Windows\erdnt
2015-06-07 11:50 - 2015-06-07 11:51 - 05628238 ____R (Swearware) C:\Users\Gaby\Desktop\ComboFix.exe
2015-06-06 16:27 - 2015-06-06 16:27 - 00538856 _____ C:\Windows\Minidump\060615-15397-01.dmp
2015-06-06 14:35 - 2015-06-06 14:35 - 00128770 _____ C:\Users\Gaby\Desktop\gmer.txt
2015-06-06 14:20 - 2015-06-06 14:20 - 00380416 _____ C:\Users\Gaby\Desktop\Gmer-19357.exe
2015-06-06 14:16 - 2015-06-06 14:17 - 00023500 _____ C:\Users\Gaby\Desktop\Addition.txt
2015-06-06 14:15 - 2015-06-09 18:12 - 00000000 ____D C:\FRST
2015-06-06 14:15 - 2015-06-06 14:17 - 00127661 _____ C:\Users\Gaby\Desktop\FRSTalt.txt
2015-06-06 14:14 - 2015-06-06 14:14 - 02108928 _____ (Farbar) C:\Users\Gaby\Desktop\FRST64.exe
2015-06-06 14:12 - 2015-06-06 14:12 - 00000470 _____ C:\Users\Gaby\Desktop\defogger_disable.log
2015-06-06 14:12 - 2015-06-06 14:12 - 00000000 _____ C:\Users\Gaby\defogger_reenable
2015-06-06 14:09 - 2015-06-06 14:09 - 00050477 _____ C:\Users\Gaby\Desktop\Defogger.exe
2015-06-03 08:03 - 2015-06-04 07:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-02 10:12 - 2015-06-02 10:12 - 00275160 _____ C:\Windows\Minidump\060215-19874-01.dmp
2015-06-01 17:55 - 2015-06-01 17:55 - 05813872 _____ (ParetoLogic Inc.) C:\Users\Gaby\Downloads\ParetoLogic PC Health Advisor_de.exe
2015-06-01 08:46 - 2015-06-01 08:46 - 00275160 _____ C:\Windows\Minidump\060115-20389-01.dmp
2015-05-29 18:49 - 2015-05-29 18:49 - 00275160 _____ C:\Windows\Minidump\052915-17643-01.dmp
2015-05-29 08:06 - 2015-05-29 08:06 - 00275160 _____ C:\Windows\Minidump\052915-19858-01.dmp
2015-05-28 15:50 - 2015-05-28 15:52 - 00000000 ____D C:\ProgramData\SystemExplorer
2015-05-28 15:50 - 2015-05-28 15:50 - 01918512 _____ (Mister Group ) C:\Users\Gaby\Downloads\SystemExplorerSetup_642.exe
2015-05-28 15:50 - 2015-05-28 15:50 - 00001086 _____ C:\Users\Public\Desktop\System Explorer.lnk
2015-05-28 15:50 - 2015-05-28 15:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer
2015-05-28 15:50 - 2015-05-28 15:50 - 00000000 ____D C:\Program Files (x86)\System Explorer
2015-05-27 08:48 - 2015-05-27 08:48 - 00000000 ____D C:\Users\Gaby\AppData\Local\TempTaskUpdateDetection1134F557-1C0C-41B3-B1F2-A39BA126BB19
2015-05-27 08:18 - 2015-05-27 08:18 - 06381872 _____ C:\Users\Gaby\Downloads\VR_PROTECT.exe.rar
2015-05-27 08:18 - 2015-05-27 08:18 - 00000000 ____D C:\Users\Gaby\AppData\Roaming\WinRAR
2015-05-26 07:59 - 2015-05-26 07:59 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Gaby\Downloads\mbam-setup-2.1.6.1022(1).exe
2015-05-23 12:29 - 2015-06-01 07:41 - 00196630 _____ C:\211.sal
2015-05-23 12:15 - 2015-05-23 12:15 - 00002335 _____ C:\meldearchiv265159952369.mla
2015-05-23 12:14 - 2015-05-23 12:14 - 00003154 _____ C:\Windows\System32\Tasks\{B312B1ED-D02E-4A10-8247-6C954C8232DE}
2015-05-15 16:29 - 2015-05-06 19:40 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-15 15:51 - 2015-05-15 15:51 - 00000000 __SHD C:\Users\Gaby\AppData\Local\EmieUserList
2015-05-15 15:51 - 2015-05-15 15:51 - 00000000 __SHD C:\Users\Gaby\AppData\Local\EmieSiteList
2015-05-15 15:51 - 2015-05-15 15:51 - 00000000 __SHD C:\Users\Gaby\AppData\Local\EmieBrowserModeList
2015-05-13 19:01 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 19:01 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 09:26 - 2015-06-07 12:12 - 00000000 ____D C:\Windows\Minidump
2015-05-13 09:26 - 2015-05-13 09:26 - 00275160 _____ C:\Windows\Minidump\051315-26707-01.dmp
2015-05-13 09:25 - 2015-06-07 12:11 - 470432800 _____ C:\Windows\MEMORY.DMP
2015-05-13 07:53 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 07:53 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 07:53 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 07:53 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 07:53 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 07:53 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 07:53 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 07:53 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 07:53 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 07:53 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 07:53 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 07:53 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 07:53 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 07:53 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 07:53 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 07:53 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 07:53 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 07:53 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 07:53 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 07:53 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 07:53 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 07:53 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 07:53 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 07:53 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 07:53 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 07:53 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 07:53 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 07:53 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 07:53 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 07:53 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 07:53 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 07:53 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 07:53 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 07:53 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 07:53 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 07:53 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 07:53 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 07:53 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 07:53 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 07:53 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 07:53 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 07:53 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 07:53 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 07:53 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 07:53 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 07:53 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 07:53 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 07:53 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 07:53 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 07:53 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 07:53 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 07:53 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 07:53 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 07:53 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 07:53 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 07:53 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 07:53 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 07:53 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 07:53 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 07:53 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 07:53 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 07:53 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 07:53 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 07:53 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 07:53 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 07:53 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 07:53 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 07:53 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-12 17:53 - 2015-05-12 17:53 - 00001570 _____ C:\Users\Gaby\Desktop\DivX Movies.lnk
2015-05-12 17:52 - 2015-05-12 17:52 - 00001062 _____ C:\Users\Public\Desktop\DivX Player.lnk
2015-05-12 17:52 - 2015-05-12 17:52 - 00000000 ____D C:\Users\Gaby\AppData\Roaming\DivX
2015-05-12 17:52 - 2015-05-12 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2015-05-12 17:52 - 2015-05-12 17:52 - 00000000 ____D C:\Program Files\DivX
2015-05-11 15:36 - 2015-06-04 10:53 - 00000000 ____D C:\Users\Gaby\AppData\Roaming\Coronic
2015-05-11 11:30 - 2015-06-09 15:00 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-11 11:30 - 2015-05-26 08:00 - 00001102 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-11 11:30 - 2015-05-26 08:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-11 11:30 - 2015-05-26 08:00 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-11 11:30 - 2015-05-11 11:32 - 01010672 _____ (DivX, LLC) C:\Users\Gaby\Downloads\DivXInstaller.exe
2015-05-11 11:30 - 2015-05-11 11:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-05-11 11:30 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-11 11:30 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-11 11:30 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-11 11:28 - 2015-05-11 11:28 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Gaby\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-11 11:27 - 2015-05-11 11:27 - 00000000 ____D C:\Users\Gaby\AppData\Roaming\Macromedia
2015-05-11 11:27 - 2015-05-11 11:27 - 00000000 ____D C:\Users\Gaby\AppData\Local\Macromedia
2015-05-11 11:26 - 2015-05-11 11:26 - 00000000 ____D C:\Windows\system32\appmgmt
2015-05-11 11:22 - 2015-06-09 17:30 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-11 11:22 - 2015-05-26 14:00 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-11 11:22 - 2015-05-26 14:00 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-11 11:22 - 2015-05-26 14:00 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-11 11:22 - 2015-05-26 14:00 - 00000000 ____D C:\Users\Gaby\AppData\Local\Adobe
2015-05-11 11:22 - 2015-05-11 11:22 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-05-11 11:22 - 2015-05-11 11:22 - 00000000 ____D C:\Windows\system32\Macromed
2015-05-11 11:22 - 2015-05-11 11:22 - 00000000 ____D C:\ProgramData\McAfee
2015-05-11 11:16 - 2015-05-12 17:53 - 00000000 ____D C:\Program Files (x86)\DivX
2015-05-11 11:13 - 2015-05-13 10:06 - 00000000 ____D C:\Users\Gaby\AppData\Roaming\PDF Architect 3
2015-05-11 11:13 - 2015-05-11 11:13 - 00000983 _____ C:\Users\Public\Desktop\PDF Architect 3.lnk
2015-05-11 11:10 - 2015-05-11 11:13 - 00000000 ____D C:\Program Files (x86)\PDF Architect 3
2015-05-11 11:10 - 2015-05-11 11:10 - 00000000 ____D C:\Users\Gaby\Documents\PDF Architect
2015-05-11 11:10 - 2015-05-11 11:10 - 00000000 ____D C:\ProgramData\PDF Architect 3
2015-05-11 11:10 - 2015-05-11 11:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 3
2015-05-11 11:09 - 2015-05-11 11:13 - 00000000 ____D C:\Program Files\PDFCreator
2015-05-11 11:09 - 2015-05-11 11:10 - 00115592 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2015-05-11 11:09 - 2015-05-11 11:09 - 00000836 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2015-05-11 11:09 - 2015-05-11 11:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-05-11 11:06 - 2015-05-11 11:06 - 27837984 _____ (pdfforge ) C:\Users\Gaby\Downloads\PDFCreator-2_1_1-setup.exe
2015-05-11 11:03 - 2015-05-12 17:53 - 00000000 ____D C:\ProgramData\DivX

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-09 17:19 - 2015-05-06 18:07 - 01328278 _____ C:\Windows\WindowsUpdate.log
2015-06-09 16:32 - 2015-05-07 12:40 - 00005128 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Gaby-PC-Gaby Gaby-PC
2015-06-09 16:06 - 2015-05-07 11:01 - 00000000 ____D C:\Users\Gaby\Desktop\Nebenkosten Donnerschwee
2015-06-09 14:49 - 2015-05-06 20:21 - 00000000 ____D C:\Users\Gaby\Documents\Outlook-Dateien
2015-06-09 13:22 - 2015-05-07 12:34 - 00076612 _____ C:\Windows\IE11_main.log
2015-06-09 07:39 - 2009-07-14 06:45 - 00025680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-09 07:39 - 2009-07-14 06:45 - 00025680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-09 07:31 - 2015-05-06 19:41 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-06-09 07:30 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-09 07:30 - 2009-07-14 06:51 - 00027684 _____ C:\Windows\setupact.log
2015-06-08 13:39 - 2015-05-07 10:40 - 00000000 ____D C:\Users\Gaby\Documents\Steuerfälle
2015-06-07 16:57 - 2010-11-21 05:47 - 00052306 _____ C:\Windows\PFRO.log
2015-06-07 16:33 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-06-06 18:03 - 2015-05-08 16:53 - 00000000 ____D C:\auswert
2015-06-06 14:12 - 2015-05-06 19:05 - 00000000 ____D C:\Users\Gaby
2015-06-05 07:47 - 2015-05-07 04:02 - 00653928 _____ C:\Windows\system32\perfh007.dat
2015-06-05 07:47 - 2015-05-07 04:02 - 00129800 _____ C:\Windows\system32\perfc007.dat
2015-06-05 07:47 - 2009-07-14 07:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-04 07:21 - 2015-05-06 19:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-28 16:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-05-27 12:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-05-27 08:05 - 2015-03-12 11:49 - 21197880 _____ (GAD eG, Münster) C:\Users\Gaby\Desktop\VR_PROTECT.exe
2015-05-23 12:28 - 2015-05-06 19:57 - 00000000 ____D C:\Program Files (x86)\microlobu
2015-05-22 14:36 - 2015-05-07 17:17 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-05-15 16:29 - 2015-05-06 19:54 - 00001982 _____ C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-05-15 16:29 - 2015-05-06 19:54 - 00001922 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2015-05-15 16:25 - 2015-05-07 16:35 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-15 16:25 - 2010-11-21 09:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-05-15 16:25 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-05-15 16:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2015-05-14 15:09 - 2015-05-07 11:01 - 00000000 ____D C:\Users\Gaby\Desktop\Gaby Diät
2015-05-14 10:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-05-13 19:29 - 2009-07-14 06:45 - 00433144 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-13 19:27 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-13 19:27 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-13 19:04 - 2015-05-07 12:07 - 00000000 ____D C:\Windows\system32\MRT
2015-05-13 19:02 - 2015-05-07 12:07 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-11 15:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Cursors
2015-05-11 11:26 - 2015-05-06 21:36 - 00000000 ____D C:\Program Files (x86)\Akademische Arbeitsgemeinschaft
2015-05-11 11:26 - 2015-05-06 21:35 - 00000000 ____D C:\ProgramData\AAV
2015-05-11 11:26 - 2015-05-06 19:31 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-11 11:26 - 2015-05-06 19:31 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-11 11:26 - 2015-05-06 19:06 - 00001433 _____ C:\Users\Gaby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-11 11:02 - 2015-05-06 19:56 - 00000000 ____D C:\Users\Gaby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-11 11:02 - 2015-05-06 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-11 11:02 - 2015-05-06 19:56 - 00000000 ____D C:\Program Files\WinRAR

==================== Files in the root of some directories =======

2015-05-06 20:04 - 2015-05-06 20:04 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Gaby\AppData\Local\Temp\Quarantine.exe
C:\Users\Gaby\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-03 10:47

==================== End of log ============================

Gruss
janzek

schrauber · 10.06.2015, 11:38

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Users\Gaby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LMGC7DQ2\setup[1].exe

C:\Users\Gaby\Downloads\PDFCreator-2_1_1-setup.exe
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren .

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

janzek · 10.06.2015, 13:03

Hallo Schrauber,
anbei die Fixlog.txt

Code:

ATTFilter

Fix result of Farbar Recovery Scan Tool (x64) Version:06-06-2015
Ran by Gaby at 2015-06-10 13:36:45 Run:1
Running from C:\Users\Gaby\Desktop
Loaded Profiles: Gaby (Available Profiles: Gaby)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Users\Gaby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LMGC7DQ2\setup[1].exe

C:\Users\Gaby\Downloads\PDFCreator-2_1_1-setup.exe
Emptytemp:
*****************

C:\Users\Gaby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LMGC7DQ2\setup[1].exe => moved successfully.
C:\Users\Gaby\Downloads\PDFCreator-2_1_1-setup.exe => moved successfully.
EmptyTemp: => 491.9 MB temporary data Removed.


The system needed a reboot.. 

==== End of Fixlog 13:37:17 ====

So, abschließend noch die DelFix.txt und vielen Dank für deine Unterstützung. Wie schon gesagt habe ich seit zwei Tagen keine Blockierungen mehr und geh davon aus, dass der Rechner nu sauber ist. Dankeschön ist selbstverständlich und Spende auch. :-)

Code:

ATTFilter

# DelFix v1.010 - Datei am 10/06/2015 um 13:53:05 erstellt
# Aktualisiert am 26/04/2015 von Xplode
# Benutzer : Gaby - GABY-PC
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)

~ Aktiviere die Benutzerkontensteuerung ... OK

~ Entferne die Bereinigungsprogramme ...

Gelöscht : C:\Combofix
Gelöscht : C:\FRST
Gelöscht : C:\AdwCleaner
Gelöscht : C:\RegBackup
Gelöscht : C:\ComboFix.txt
Gelöscht : C:\Users\Gaby\Desktop\Addition.txt
Gelöscht : C:\Users\Gaby\Desktop\AdwCleaner[S0].txt
Gelöscht : C:\Users\Gaby\Desktop\AdwCleaner_4.206.exe
Gelöscht : C:\Users\Gaby\Desktop\ComboFix.txt
Gelöscht : C:\Users\Gaby\Desktop\Defogger.exe
Gelöscht : C:\Users\Gaby\Desktop\defogger_disable.log
Gelöscht : C:\Users\Gaby\Desktop\defogger_enable.log
Gelöscht : C:\Users\Gaby\Desktop\esetsmartinstaller_deu.exe
Gelöscht : C:\Users\Gaby\Desktop\Fixlog.txt
Gelöscht : C:\Users\Gaby\Desktop\FRST.txt
Gelöscht : C:\Users\Gaby\Desktop\FRST64.exe
Gelöscht : C:\Users\Gaby\Desktop\FRSTalt.txt
Gelöscht : C:\Users\Gaby\Desktop\JRT.exe
Gelöscht : C:\Users\Gaby\Desktop\JRT.txt
Gelöscht : C:\Users\Gaby\Desktop\log.txt
Gelöscht : C:\Users\Gaby\Desktop\SecurityCheck.exe
Gelöscht : HKLM\SOFTWARE\AdwCleaner
Gelöscht : HKLM\SOFTWARE\Swearware

~ Erstelle ein Backup der Registrierungsdatenbank ... OK

~ Lösche die Wiederherstellungspunkte ...

Gelöscht : RP #79 [ComboFix created restore point | 06/10/2015 11:50:47]

Ein neuer Wiederherstellungspunkt wurde erstellt !

~ Stelle die Systemeinstellungen wieder her ... OK

########## - EOF - ##########

schrauber · 11.06.2015, 14:43

Gern Geschehen

11.06.2015, 14:43	#15
schrauber /// the machine /// TB-Ausbilder	Windows 7: Avast blockt ständig Webseiten, svchost.exe Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Windows 7: Avast blockt ständig Webseiten, svchost.exe

Log-Analyse und Auswertung: Windows 7: Avast blockt ständig Webseiten, svchost.exe