|
Log-Analyse und Auswertung: Rootkit verdacht unter win7 64bit ultimateWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
13.11.2015, 13:42 | #1 |
| Rootkit verdacht unter win7 64bit ultimate Hallo habe das Gefühl das ich nicht alleine bin mit mein lapi... wäre toll wenn sich mal einer diese log-datei anschauen könnte und mich entweder beruhigen kann oder mir im fall der fälle helfen kann es wieder los zu werden Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-11-13 13:30:47 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD1600BEVT-22ZCT0 rev.11.01A11 149,05GB Running: Gmer-19357.exe; Driver: C:\Users\Leon\AppData\Local\Temp\pwtdrpow.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000125200 7 bytes [80, 65, F3, FF, 41, 73, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000125208 3 bytes [C0, 06, 02] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074ad1401 2 bytes JMP 74d8b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1076] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074ad1419 2 bytes JMP 74d8b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074ad1431 2 bytes JMP 74e08fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074ad144a 2 bytes CALL 74d6489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1076] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074ad14dd 2 bytes JMP 74e088c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074ad14f5 2 bytes JMP 74e08aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1076] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074ad150d 2 bytes JMP 74e087ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074ad1525 2 bytes JMP 74e08b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074ad153d 2 bytes JMP 74d7fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1076] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074ad1555 2 bytes JMP 74d868ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074ad156d 2 bytes JMP 74e09089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074ad1585 2 bytes JMP 74e08bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1076] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074ad159d 2 bytes JMP 74e0877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074ad15b5 2 bytes JMP 74d7fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074ad15cd 2 bytes JMP 74d8b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074ad16b2 2 bytes JMP 74e08f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074ad16bd 2 bytes JMP 74e08713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\QIP 2012\qip.exe[3356] C:\Windows\syswow64\kernel32.dll!CreateThread + 28 0000000074d634a1 4 bytes {CALL 0xffffffff8b6f0948} .text C:\Users\Leon\Downloads\Gmer-19357.exe[2728] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074ad1401 2 bytes JMP 74d8b21b C:\Windows\syswow64\kernel32.dll .text C:\Users\Leon\Downloads\Gmer-19357.exe[2728] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074ad1419 2 bytes JMP 74d8b346 C:\Windows\syswow64\kernel32.dll .text C:\Users\Leon\Downloads\Gmer-19357.exe[2728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074ad1431 2 bytes JMP 74e08fd1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Leon\Downloads\Gmer-19357.exe[2728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074ad144a 2 bytes CALL 74d6489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Leon\Downloads\Gmer-19357.exe[2728] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074ad14dd 2 bytes JMP 74e088c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Leon\Downloads\Gmer-19357.exe[2728] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074ad14f5 2 bytes JMP 74e08aa0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Leon\Downloads\Gmer-19357.exe[2728] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074ad150d 2 bytes JMP 74e087ba C:\Windows\syswow64\kernel32.dll .text C:\Users\Leon\Downloads\Gmer-19357.exe[2728] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074ad1525 2 bytes JMP 74e08b8a C:\Windows\syswow64\kernel32.dll .text C:\Users\Leon\Downloads\Gmer-19357.exe[2728] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074ad153d 2 bytes JMP 74d7fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Leon\Downloads\Gmer-19357.exe[2728] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074ad1555 2 bytes JMP 74d868ef C:\Windows\syswow64\kernel32.dll .text C:\Users\Leon\Downloads\Gmer-19357.exe[2728] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074ad156d 2 bytes JMP 74e09089 C:\Windows\syswow64\kernel32.dll .text C:\Users\Leon\Downloads\Gmer-19357.exe[2728] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074ad1585 2 bytes JMP 74e08bea C:\Windows\syswow64\kernel32.dll .text C:\Users\Leon\Downloads\Gmer-19357.exe[2728] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074ad159d 2 bytes JMP 74e0877e C:\Windows\syswow64\kernel32.dll .text C:\Users\Leon\Downloads\Gmer-19357.exe[2728] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074ad15b5 2 bytes JMP 74d7fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\Leon\Downloads\Gmer-19357.exe[2728] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074ad15cd 2 bytes JMP 74d8b2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\Leon\Downloads\Gmer-19357.exe[2728] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074ad16b2 2 bytes JMP 74e08f4c C:\Windows\syswow64\kernel32.dll .text C:\Users\Leon\Downloads\Gmer-19357.exe[2728] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074ad16bd 2 bytes JMP 74e08713 C:\Windows\syswow64\kernel32.dll ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff88001944824] \SystemRoot\system32\DRIVERS\360Box64.sys [.text] ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [960:2092] 000007fef63544d0 Thread C:\Windows\System32\svchost.exe [960:2968] 000007fef6dd89b8 Thread C:\Windows\System32\svchost.exe [960:3820] 000007fef90f3efc Thread C:\Windows\System32\svchost.exe [960:3512] 000007fef35d8a4c Thread C:\Windows\system32\svchost.exe [1016:3388] 000007fefad84164 Thread C:\Windows\system32\svchost.exe [1016:3400] 000007fef6281ab0 Thread C:\Windows\system32\svchost.exe [1132:2800] 000007fef3450098 Thread C:\Windows\system32\svchost.exe [1132:2692] 000007fef6f05170 Thread C:\Windows\System32\spoolsv.exe [1432:2192] 000007fef3b810c8 Thread C:\Windows\System32\spoolsv.exe [1432:2324] 000007fef3b46144 Thread C:\Windows\System32\spoolsv.exe [1432:2188] 000007fefab25fd0 Thread C:\Windows\System32\spoolsv.exe [1432:2524] 000007fef3b23438 Thread C:\Windows\System32\spoolsv.exe [1432:1796] 000007fefab263ec Thread C:\Windows\System32\spoolsv.exe [1432:1520] 000007fef6205e5c Thread C:\Windows\system32\taskhost.exe [1544:2100] 000007fef9442740 Thread C:\Windows\system32\taskhost.exe [1544:2116] 000007fef8e11010 Thread C:\Windows\system32\taskhost.exe [1544:3972] 000007fef6f05170 Thread C:\Windows\System32\svchost.exe [2632:804] 000007fef77e9688 Thread C:\Windows\System32\svchost.exe [3768:3528] 000007fef6f05170 ---- Processes - GMER 2.1 ---- Library C:\??\C:\Program Files (x86)\360\Total Security\safemon\SafeWrapper.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1808] 0000000071e20000 ---- Registry - GMER 2.1 ---- Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Program Files (x86)\SOFTONIC INTERNACIONAL S.A. \xa9 1997-2015\Windows_Repair_Professional\tweaking.com_windows_repair_aio_setup.exe 1 ---- EOF - GMER 2.1 ---- |
13.11.2015, 13:48 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit verdacht unter win7 64bit ultimate Hi,
__________________kannst du mal kurz erläutern warum du glaubst, dass du ein Rootkit hättest? Du hast da nen chinesischen Virenscanner drauf. Umgehend deinstallieren. Ich würde so einer China-Software niemals trauen. Es ist auch erwiesen, dass die bei AVP-Testlabors beschissen haben...
__________________ |
13.11.2015, 14:04 | #3 |
| Rootkit verdacht unter win7 64bit ultimate Ja sollte ich deiner Meinung nach für ein free av scaner benutzen?
__________________Ja bei mir war mal jemand via radmintool auf dem lapi...und diese Person wollte mir helfen was einzustellen, ein tool .so da wusste ich aber noch nicht das diese Person ein versierter haxxor ist.....und als ich ihn damit konfrontierte meinte er nur "keine angst bei dir habe ich nichts gemacht" nichts desto trotz ist der Rechner /Funktion nicht mehr so wie es war ,ich kann das nicht erklären habe einfach ein ungutes Gefühl ! |
13.11.2015, 14:06 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit verdacht unter win7 64bit ultimate Warum muss immer jede Software kostenlos sein??? Selbst bei einem Virenscanner wird geknausert was das Zeug hält, aber alles können soll er!! Und NIEMALS was durchlassen! Stimmt's oder hab ich Recht?
__________________ Logfiles bitte immer in CODE-Tags posten |
13.11.2015, 14:08 | #5 |
| Rootkit verdacht unter win7 64bit ultimate ja dann hau mal raus welches sich lohnt zu kaufen? |
13.11.2015, 14:19 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit verdacht unter win7 64bit ultimate http://www.trojaner-board.de/166031-...-produkte.html Ein guter kostenloser Scanner ohne Müll und Verarsche ist Microsoft Security Essentials, auch bekannt als Windows Defender ab Windows 8.1
__________________ --> Rootkit verdacht unter win7 64bit ultimate |
13.11.2015, 14:22 | #7 |
| Rootkit verdacht unter win7 64bit ultimate ok danke aber kommen wir wieder zum Kern der Sache... |
13.11.2015, 14:27 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit verdacht unter win7 64bit ultimate China-Müll entsorgt?
__________________ Logfiles bitte immer in CODE-Tags posten |
13.11.2015, 14:33 | #9 |
| Rootkit verdacht unter win7 64bit ultimate bin dabei Microsoft Security Essentials zu installieren und dann fliegt es in Müll |
13.11.2015, 15:09 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit verdacht unter win7 64bit ultimate Die Reihenfolge ist genau die falsche Man kloppt erst den alten runter, dann den neuen rauf.
__________________ Logfiles bitte immer in CODE-Tags posten |
14.11.2015, 16:36 | #11 |
| Rootkit verdacht unter win7 64bit ultimate ja es ist ja immer noch nicht geklärt ob oder ob nicht? |
14.11.2015, 18:45 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit verdacht unter win7 64bit ultimate Was bitte gibt es da zu klären??
__________________ Logfiles bitte immer in CODE-Tags posten |
14.11.2015, 19:22 | #13 |
| Rootkit verdacht unter win7 64bit ultimate ob bei mir ein rootkit ist oder nicht? |
14.11.2015, 19:33 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit verdacht unter win7 64bit ultimate Du machst dir Gedanken über ein rootkit, scherst dich aber nicht darum, dass zwei Virenscanner drauf sind und einer davon aus China - der nachweislich bescheißt? Klopp diesen Chinamüll runter, danach FRST: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten |
14.11.2015, 19:37 | #15 |
| Rootkit verdacht unter win7 64bit ultimateFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015 Ran by Leon (administrator) on LOCALHOST (14-11-2015 19:24:45) Running from C:\Users\----\Downloads Loaded Profiles: Leon (Available Profiles: Leon) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Englisch (USA) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe (QIP) C:\Program Files (x86)\QIP 2012\qip.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (hxxp://www.wftpserver.com) F:\ProGraMmE\ftprush\ftprush.exe (IniCom Networks, Inc.) F:\ProGraMmE\flashfxp3.4 crack\flashfxp3.4 crack\FlashFXP.v3.4.0.Build.1145.Final.Multilingual.Cracked-F4CG\crack\FlashFXP.exe (Farbar) C:\Users\Leon\Downloads\FRST64(1).exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13774040 2015-03-21] (Realtek Semiconductor) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-03-20] (Advanced Micro Devices, Inc.) HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1 HKU\S-1-5-21-4048435114-2119328198-2928899312-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd) HKU\S-1-5-21-4048435114-2119328198-2928899312-1000\...\Policies\system: [EnableLUA] 0 HKU\S-1-5-21-4048435114-2119328198-2928899312-1000\...\MountPoints2: {d20a671d-3535-11e5-9f4b-005056c00008} - H:\start.exe /auto ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{037940F5-BBFF-4E6F-9E61-A86BEE66DA2A}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{1EF963D9-8955-4E40-A1F9-BD541DFBE015}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{A5355483-D601-461A-B29E-8C1293118470}: [DhcpNameServer] 8.8.8.8 8.8.4.4 Tcpip\..\Interfaces\{B35994C6-EDA1-423C-A411-010AA7873AC2}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-4048435114-2119328198-2928899312-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com SearchScopes: HKU\S-1-5-21-4048435114-2119328198-2928899312-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-09] (Oracle Corporation) BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-09] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\Leon\AppData\Roaming\Mozilla\Firefox\Profiles\qqq22slv.default FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-14] () FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-14] () FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-09] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-09] (Oracle Corporation) FF Extension: Wörterbuch Deutsch (de-AT), Hunspell-unterstützt - C:\Users\Leon\AppData\Roaming\Mozilla\Firefox\Profiles\qqq22slv.default\Extensions\de_AT@dicts.j3e.de [2015-11-04] FF Extension: Wörterbuch Deutsch (de-CH), Hunspell-unterstützt - C:\Users\Leon\AppData\Roaming\Mozilla\Firefox\Profiles\qqq22slv.default\Extensions\de_CH@dicts.j3e.de [2015-11-04] FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\Leon\AppData\Roaming\Mozilla\Firefox\Profiles\qqq22slv.default\Extensions\de_DE@dicts.j3e.de [2015-11-04] FF Extension: Server Spy - C:\Users\Leon\AppData\Roaming\Mozilla\Firefox\Profiles\qqq22slv.default\Extensions\ServerSpy@jacquet.eu.org.xpi [2015-05-31] FF Extension: YesScript - C:\Users\Leon\AppData\Roaming\Mozilla\Firefox\Profiles\qqq22slv.default\Extensions\yesscript@userstyles.org.xpi [2015-05-31] FF Extension: NoScript - C:\Users\Leon\AppData\Roaming\Mozilla\Firefox\Profiles\qqq22slv.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-10-26] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-03-19] (Advanced Micro Devices, Inc.) [File not signed] R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd) S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) S4 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37176 2014-06-05] (The OpenVPN Project) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH) S4 VMAuthdService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [79872 2012-08-15] (VMware, Inc.) [File not signed] S4 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [15680000 2012-08-15] () [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2014-11-03] (Advanced Micro Devices Inc.) S3 bpenum; C:\Windows\System32\DRIVERS\bpenum.sys [70144 2009-07-30] (Intel Corporation) [File not signed] R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-07-28] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2015-03-21] (Qualcomm Atheros Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) S3 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-19] (Riverbed Technology, Inc.) R0 vsock; C:\Windows\System32\drivers\vsock.sys [70256 2012-07-06] (VMware, Inc.) S3 cleanhlp; \??\C:\EEK\bin\cleanhlp64.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-14 19:23 - 2015-11-14 19:24 - 02198528 _____ (Farbar) C:\Users\Leon\Downloads\FRST64(1).exe 2015-11-14 17:49 - 2015-11-14 19:25 - 00010674 _____ C:\Users\Leon\Downloads\FRST.txt 2015-11-14 17:48 - 2015-11-14 19:24 - 00000000 ____D C:\FRST 2015-11-14 17:47 - 2015-11-14 17:47 - 02198528 _____ (Farbar) C:\Users\Leon\Downloads\FRST64.exe 2015-11-14 17:45 - 2015-11-14 17:45 - 00000470 _____ C:\Users\Leon\Downloads\defogger_disable.log 2015-11-14 17:45 - 2015-11-14 17:45 - 00000000 _____ C:\Users\Leon\defogger_reenable 2015-11-14 17:44 - 2015-11-14 17:44 - 00050477 _____ C:\Users\Leon\Downloads\Defogger.exe 2015-11-14 17:13 - 2015-11-14 17:13 - 00000616 _____ C:\Users\Leon\Desktop\speed.txt 2015-11-14 16:41 - 2015-11-14 16:41 - 00003212 _____ C:\Windows\System32\Tasks\{3FF299D1-BEAE-48A3-9AD9-66F5E5BC0DE9} 2015-11-14 03:27 - 2015-11-14 03:27 - 00001228 _____ C:\Windows\IE11_main.log 2015-11-13 21:32 - 2015-10-13 05:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2015-11-13 21:30 - 2015-11-03 18:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-11-13 21:30 - 2015-10-20 02:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-11-13 21:30 - 2015-10-20 02:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-11-13 21:30 - 2015-10-20 02:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-11-13 21:30 - 2015-10-20 02:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-11-13 21:30 - 2015-10-20 02:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-11-13 21:30 - 2015-10-20 02:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-11-13 21:30 - 2015-10-20 02:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-11-13 21:30 - 2015-10-20 02:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-11-13 21:30 - 2015-10-20 02:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-11-13 21:30 - 2015-10-20 02:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-11-13 21:30 - 2015-10-20 02:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-11-13 21:30 - 2015-10-20 02:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-11-13 21:30 - 2015-10-20 02:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-11-13 21:30 - 2015-10-20 02:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-11-13 21:30 - 2015-10-20 02:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-11-13 21:30 - 2015-10-20 02:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-11-13 21:30 - 2015-10-20 02:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-11-13 21:30 - 2015-10-20 02:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-11-13 21:30 - 2015-10-20 02:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-11-13 21:30 - 2015-10-20 01:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-11-13 21:30 - 2015-10-20 01:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-11-13 21:30 - 2015-10-20 01:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-11-13 21:30 - 2015-10-20 01:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-11-13 21:30 - 2015-10-20 01:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-11-13 21:30 - 2015-10-20 01:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-11-13 21:30 - 2015-10-20 01:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-11-13 21:30 - 2015-09-23 14:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-11-13 21:30 - 2015-09-23 14:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2015-11-13 21:30 - 2015-09-23 14:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll 2015-11-13 21:29 - 2015-10-20 02:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-11-13 21:29 - 2015-10-20 02:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-11-13 21:29 - 2015-10-20 02:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-11-13 21:29 - 2015-10-20 02:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-11-13 21:29 - 2015-10-20 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-11-13 21:29 - 2015-10-20 02:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-11-13 21:29 - 2015-10-20 02:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-11-13 21:29 - 2015-10-20 02:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-11-13 21:29 - 2015-10-20 02:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-11-13 21:29 - 2015-10-20 02:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-11-13 21:29 - 2015-10-20 02:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-11-13 21:29 - 2015-10-20 02:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-11-13 21:29 - 2015-10-20 02:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-11-13 21:29 - 2015-10-20 02:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-11-13 21:29 - 2015-10-20 01:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-11-13 21:29 - 2015-10-20 01:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-11-13 21:29 - 2015-10-20 01:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-11-13 21:29 - 2015-10-20 01:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-11-13 21:29 - 2015-10-20 01:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-11-13 21:29 - 2015-10-20 01:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-11-13 21:29 - 2015-10-20 01:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-11-13 21:29 - 2015-10-20 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-11-13 21:29 - 2015-10-20 01:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-11-13 21:29 - 2015-10-20 01:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-11-13 21:29 - 2015-10-20 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-11-13 21:29 - 2015-10-20 01:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-11-13 21:29 - 2015-10-20 01:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-11-13 21:29 - 2015-10-20 01:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-11-13 21:29 - 2015-10-20 01:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-11-13 21:29 - 2015-10-20 01:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-11-13 21:29 - 2015-10-20 01:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-11-13 21:29 - 2015-10-20 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-11-13 21:29 - 2015-10-20 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-11-13 21:29 - 2015-10-20 01:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-11-13 21:29 - 2015-10-20 01:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-11-13 21:29 - 2015-10-20 01:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 00:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-11-13 21:29 - 2015-10-20 00:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-11-13 21:29 - 2015-10-20 00:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-11-13 21:29 - 2015-10-20 00:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-11-13 21:29 - 2015-10-20 00:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-11-13 21:29 - 2015-10-20 00:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 00:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 00:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-11-13 21:29 - 2015-10-20 00:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-11-13 21:28 - 2015-10-13 17:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2015-11-13 21:28 - 2015-10-13 17:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2015-11-13 21:28 - 2015-10-01 19:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-11-13 21:28 - 2015-10-01 19:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-11-13 21:28 - 2015-10-01 18:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-11-13 14:33 - 2015-11-13 14:33 - 00001945 _____ C:\Windows\epplauncher.mif 2015-11-13 14:32 - 2015-11-13 14:33 - 00000000 ____D C:\Program Files\Microsoft Security Client 2015-11-13 14:32 - 2015-11-13 14:32 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2015-11-13 14:32 - 2015-11-13 14:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2015-11-13 14:31 - 2015-11-13 14:31 - 14262464 _____ (Microsoft Corporation) C:\Users\Leon\Downloads\mseinstall.exe 2015-11-13 12:44 - 2015-11-13 12:44 - 00380416 _____ C:\Users\Leon\Downloads\Gmer-19357.exe 2015-11-11 07:52 - 2015-11-14 18:33 - 00463938 _____ C:\Windows\WindowsUpdate.log 2015-11-11 07:51 - 2015-11-14 18:22 - 00006600 _____ C:\Windows\PFRO.log 2015-11-11 07:51 - 2015-11-14 18:22 - 00000224 _____ C:\Windows\setupact.log 2015-11-11 07:51 - 2015-11-11 07:51 - 00000000 _____ C:\Windows\setuperr.log 2015-11-11 07:23 - 2015-11-11 07:23 - 00007605 _____ C:\Users\Leon\AppData\Local\Resmon.ResmonCfg 2015-11-11 07:16 - 2015-11-11 07:16 - 00000207 _____ C:\Windows\tweaking.com-regbackup-LOCALHOST-Windows-7-Ultimate-(64-bit).dat 2015-11-11 07:16 - 2015-11-11 07:16 - 00000000 ____D C:\RegBackup 2015-11-10 08:05 - 2015-11-10 08:05 - 00002163 _____ C:\Users\Leon\Desktop\Tweaking.com - Windows Repair.lnk 2015-11-10 08:04 - 2015-11-10 08:04 - 00003654 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon 2015-11-10 08:04 - 2015-11-10 08:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com 2015-11-10 08:04 - 2015-11-10 08:04 - 00000000 ____D C:\Program Files (x86)\Tweaking.com 2015-11-10 08:04 - 2015-11-10 08:04 - 00000000 ____D C:\Program Files (x86)\SOFTONIC INTERNACIONAL S.A. © 1997-2015 2015-11-10 07:58 - 2015-11-10 07:58 - 23260540 ____R C:\Users\Leon\Downloads\WINDOWS_REPAIR_PROFESSIONAL_2015.RAR 2015-11-09 10:46 - 2015-10-20 19:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-11-09 10:46 - 2015-10-20 19:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-11-09 10:46 - 2015-10-20 19:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-11-09 10:46 - 2015-10-20 19:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-11-09 10:46 - 2015-10-20 19:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-11-09 10:46 - 2015-10-20 19:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-11-09 10:46 - 2015-10-20 19:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-11-09 10:46 - 2015-10-20 19:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-11-09 10:46 - 2015-10-20 19:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-11-09 10:46 - 2015-10-20 19:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-11-09 10:46 - 2015-10-20 19:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-11-09 10:46 - 2015-10-20 18:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-11-09 10:46 - 2015-10-20 18:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-11-09 10:46 - 2015-10-20 18:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-11-09 10:46 - 2015-10-20 18:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-11-09 10:46 - 2015-10-20 18:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-11-09 10:46 - 2015-07-16 20:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2015-11-09 10:46 - 2015-07-16 20:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2015-11-09 10:46 - 2015-07-16 20:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2015-11-09 10:46 - 2015-07-16 20:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-11-09 10:46 - 2015-07-16 20:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2015-11-09 10:46 - 2015-07-16 20:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2015-11-09 10:46 - 2015-07-11 14:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2015-11-09 10:46 - 2015-06-09 19:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-11-09 10:46 - 2015-06-09 19:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2015-11-09 10:46 - 2015-06-03 21:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2015-11-09 10:46 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-11-09 10:46 - 2011-02-25 07:19 - 02871808 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2015-11-09 10:46 - 2011-02-25 06:30 - 02616320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe 2015-11-09 10:42 - 2012-02-11 07:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe 2015-11-09 10:42 - 2012-02-11 07:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe 2015-11-09 08:53 - 2015-11-09 08:53 - 00000000 ____D C:\Program Files (x86)\Driver Support 2015-11-09 08:36 - 2015-11-09 08:36 - 00002467 _____ C:\Users\Leon\Downloads\PUBCHECKER.TAR.GZ 2015-11-06 07:38 - 2015-11-06 07:38 - 00000000 __SHD C:\Users\Leon\AppData\Local\icsxml 2015-11-06 07:38 - 2015-11-06 07:38 - 00000000 __SHD C:\ProgramData\DIBsection 2015-11-06 07:35 - 2015-11-06 07:35 - 08401612 _____ C:\Users\Leon\Downloads\inssideroffice.msi 2015-11-04 06:48 - 2015-11-04 06:48 - 00000000 ____D C:\Users\Leon\AppData\Local\GWX 2015-10-28 08:59 - 2015-10-28 08:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_bpenum_01007.Wdf 2015-10-28 08:57 - 2015-10-28 09:05 - 00000000 ____D C:\Program Files\Intel 2015-10-28 08:45 - 2015-10-28 08:46 - 00000000 ____D C:\Program Files (x86)\Cisco 2015-10-28 08:45 - 2015-10-28 08:45 - 00000000 ____D C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver 2015-10-28 08:45 - 2009-10-02 12:33 - 00946688 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtl8192se.sys 2015-10-28 08:45 - 2009-04-02 09:27 - 00188416 _____ (Realtek Semiconductor Corp. ) C:\Windows\system32\RTLExtUI.dll 2015-10-28 08:45 - 2009-04-02 09:27 - 00188416 _____ (Realtek Semiconductor Corp. ) C:\Windows\RTLExtUI.dll 2015-10-28 08:45 - 2009-03-31 13:31 - 00380928 _____ (Realtek) C:\Windows\system32\RtlUI2.exe 2015-10-28 08:45 - 2009-03-31 13:31 - 00380928 _____ (Realtek) C:\Windows\RtlUI2.exe 2015-10-28 08:45 - 2009-02-05 02:49 - 00451072 _____ C:\Windows\SysWOW64\ISSRemoveSP.exe 2015-10-28 08:45 - 2008-07-01 11:31 - 00614400 _____ (Realtek Semiconductor Corp. ) C:\Windows\system32\Rtlihvs.dll 2015-10-28 08:45 - 2008-07-01 11:31 - 00614400 _____ (Realtek Semiconductor Corp. ) C:\Windows\Rtlihvs.dll 2015-10-26 21:53 - 2015-10-26 21:53 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-10-26 21:53 - 2015-10-26 21:53 - 00000000 ____D C:\Windows\system32\appraiser 2015-10-26 21:52 - 2015-10-26 21:58 - 00000000 ___SD C:\Windows\system32\GWX 2015-10-26 21:52 - 2015-10-26 21:52 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-10-26 21:38 - 2015-01-09 00:44 - 00419936 _____ C:\Windows\SysWOW64\locale.nls 2015-10-26 21:38 - 2015-01-09 00:43 - 00419936 _____ C:\Windows\system32\locale.nls 2015-10-26 21:29 - 2015-07-30 14:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-10-26 21:29 - 2015-07-30 14:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-10-26 21:14 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2015-10-26 21:14 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2015-10-26 21:14 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2015-10-26 21:14 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2015-10-26 21:14 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2015-10-26 21:14 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2015-10-26 21:14 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll 2015-10-26 21:14 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll 2015-10-26 21:14 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2015-10-26 21:14 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2015-10-26 20:25 - 2012-08-23 15:12 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\terminpt.sys 2015-10-26 20:25 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2015-10-26 20:25 - 2012-08-23 15:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys 2015-10-26 20:25 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll 2015-10-26 20:25 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll 2015-10-26 20:05 - 2014-06-27 03:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2015-10-26 20:05 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2015-10-26 20:01 - 2011-03-11 07:41 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys 2015-10-26 20:01 - 2011-03-11 07:41 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys 2015-10-26 20:01 - 2011-03-11 07:41 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys 2015-10-26 20:01 - 2011-03-11 07:41 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys 2015-10-26 20:01 - 2011-03-11 07:41 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys 2015-10-26 20:01 - 2011-03-11 07:33 - 02565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll 2015-10-26 20:01 - 2011-03-11 07:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe 2015-10-26 20:01 - 2011-03-11 06:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll 2015-10-26 20:01 - 2011-03-11 06:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe 2015-10-26 20:01 - 2011-03-11 05:37 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS 2015-10-26 20:00 - 2015-04-11 04:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys 2015-10-26 20:00 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll 2015-10-26 20:00 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2015-10-26 20:00 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll 2015-10-26 20:00 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll 2015-10-26 19:59 - 2015-07-15 19:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-10-26 19:59 - 2015-07-15 19:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll 2015-10-26 19:59 - 2015-07-15 19:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-10-26 19:59 - 2015-07-15 04:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll 2015-10-26 19:58 - 2015-07-23 01:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-10-26 19:58 - 2015-07-23 01:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-10-26 19:58 - 2015-07-23 01:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-10-26 19:58 - 2015-07-22 18:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-10-26 19:58 - 2015-07-22 18:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-10-26 19:58 - 2015-07-22 17:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-10-26 19:57 - 2015-05-25 19:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-10-26 19:57 - 2015-05-25 19:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-10-26 19:57 - 2015-05-25 19:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-10-26 19:57 - 2015-05-25 19:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-10-26 19:57 - 2015-05-25 19:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-10-26 19:57 - 2015-05-25 19:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-10-26 19:57 - 2015-05-25 19:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2015-10-26 19:57 - 2015-05-25 19:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2015-10-26 19:57 - 2015-05-25 19:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe 2015-10-26 19:57 - 2015-05-25 19:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe 2015-10-26 19:57 - 2015-05-25 19:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe 2015-10-26 19:57 - 2015-05-25 19:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe 2015-10-26 19:56 - 2015-10-01 19:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-10-26 19:56 - 2015-10-01 19:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-10-26 19:56 - 2015-10-01 19:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-10-26 19:56 - 2015-10-01 19:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-10-26 19:56 - 2015-10-01 19:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-10-26 19:56 - 2015-10-01 19:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-10-26 19:56 - 2015-10-01 19:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-10-26 19:56 - 2015-10-01 18:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-10-26 19:56 - 2015-10-01 18:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-10-26 19:56 - 2015-09-18 20:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-10-26 19:56 - 2015-09-18 20:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-10-26 19:56 - 2015-09-18 20:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-10-26 19:56 - 2015-09-18 20:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-10-26 19:56 - 2015-09-18 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-10-26 19:56 - 2015-09-18 20:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-10-26 19:56 - 2015-09-18 20:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-10-26 19:56 - 2015-08-05 18:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll 2015-10-26 19:56 - 2015-08-05 18:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2015-10-26 19:56 - 2015-06-03 21:16 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2015-10-26 19:56 - 2015-06-03 21:16 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-10-26 19:55 - 2015-08-06 19:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-10-26 19:55 - 2015-08-06 19:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2015-10-26 19:55 - 2015-08-06 18:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-10-26 19:55 - 2015-08-06 18:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll 2015-10-26 19:55 - 2015-07-30 19:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2015-10-26 19:55 - 2015-07-30 19:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-10-26 19:55 - 2015-07-30 19:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-10-26 19:55 - 2015-07-30 18:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2015-10-26 19:55 - 2015-07-30 18:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll 2015-10-26 19:55 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll 2015-10-26 19:55 - 2015-06-15 22:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2015-10-26 19:55 - 2015-06-15 22:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2015-10-26 19:55 - 2015-06-15 22:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2015-10-26 19:55 - 2015-06-15 22:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2015-10-26 19:55 - 2015-06-15 22:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2015-10-26 19:55 - 2015-06-15 22:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe 2015-10-26 19:55 - 2015-06-15 22:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll 2015-10-26 19:55 - 2015-06-15 22:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll 2015-10-26 19:55 - 2015-03-04 05:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-10-26 19:55 - 2015-03-04 05:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-10-26 19:55 - 2015-03-04 05:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-10-26 19:55 - 2015-03-04 05:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-10-26 19:55 - 2015-03-04 05:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-10-26 19:55 - 2015-03-04 05:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-10-26 19:55 - 2015-03-04 05:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-10-26 19:54 - 2015-08-27 19:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-10-26 19:54 - 2015-08-27 19:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-10-26 19:54 - 2015-08-27 19:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2015-10-26 19:54 - 2015-08-27 19:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-10-26 19:54 - 2015-08-27 18:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2015-10-26 19:54 - 2015-08-27 18:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-10-26 19:54 - 2015-08-27 18:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2015-10-26 19:54 - 2015-08-27 18:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2015-10-26 19:54 - 2015-06-17 18:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-10-26 19:54 - 2015-06-17 18:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-10-26 19:54 - 2015-04-27 20:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-10-26 19:54 - 2015-04-27 20:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-10-26 19:54 - 2015-04-27 20:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-10-26 19:54 - 2015-04-27 20:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-10-26 19:54 - 2015-04-27 20:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-10-26 19:54 - 2015-04-27 20:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-10-26 19:54 - 2015-04-27 20:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-10-26 19:54 - 2015-04-27 20:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2015-10-26 19:54 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2015-10-26 19:54 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2015-10-26 19:54 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2015-10-26 19:54 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2015-10-26 19:54 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2015-10-26 19:54 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2015-10-26 19:54 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2015-10-26 19:54 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2015-10-26 19:54 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2015-10-26 19:54 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2015-10-26 19:54 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2015-10-26 19:54 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2015-10-26 19:54 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2015-10-26 19:54 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2015-10-26 19:54 - 2014-07-09 03:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2015-10-26 19:54 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL 2015-10-26 19:54 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL 2015-10-26 19:54 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL 2015-10-26 19:54 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL 2015-10-26 19:54 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL 2015-10-26 19:53 - 2015-07-15 04:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2015-10-26 19:53 - 2015-07-15 03:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2015-10-26 19:53 - 2015-06-25 11:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2015-10-26 19:53 - 2015-06-25 11:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-10-26 19:53 - 2015-06-25 11:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2015-10-26 19:53 - 2015-06-25 10:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-10-26 19:52 - 2015-09-02 04:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-10-26 19:52 - 2015-09-02 04:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-10-26 19:52 - 2015-09-02 04:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-10-26 19:52 - 2015-09-02 04:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-10-26 19:52 - 2015-09-02 03:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-10-26 19:52 - 2015-09-02 03:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-10-26 19:52 - 2015-09-02 03:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-10-26 19:52 - 2015-09-02 03:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-10-26 19:52 - 2015-09-02 02:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-10-26 19:52 - 2015-09-02 02:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-10-26 19:52 - 2015-08-05 18:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2015-10-26 19:52 - 2015-07-09 18:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll 2015-10-26 19:52 - 2015-07-09 18:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll 2015-10-26 19:52 - 2015-07-09 18:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe 2015-10-26 19:52 - 2015-07-09 18:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe 2015-10-26 19:52 - 2015-07-09 18:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll 2015-10-26 19:52 - 2015-07-09 18:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe 2015-10-26 19:52 - 2015-07-09 18:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll 2015-10-26 19:52 - 2015-07-04 19:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2015-10-26 19:52 - 2015-07-04 18:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2015-10-26 19:52 - 2015-07-01 21:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2015-10-26 19:52 - 2015-07-01 21:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2015-10-26 19:52 - 2015-07-01 21:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2015-10-26 19:52 - 2015-07-01 21:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2015-10-26 19:52 - 2015-06-02 01:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll 2015-10-26 19:52 - 2015-06-02 00:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll 2015-10-26 19:52 - 2015-01-29 04:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-10-26 19:52 - 2015-01-29 04:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll 2015-10-26 19:52 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-10-26 19:52 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2015-10-26 19:52 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2015-10-26 19:52 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2015-10-26 19:20 - 2014-08-01 12:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2015-10-26 19:20 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2015-10-26 19:20 - 2012-12-07 14:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll 2015-10-26 19:20 - 2012-12-07 14:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll 2015-10-26 19:20 - 2012-12-07 13:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll 2015-10-26 19:20 - 2012-12-07 13:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll 2015-10-26 19:20 - 2012-12-07 12:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs 2015-10-26 19:20 - 2012-12-07 12:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs 2015-10-26 19:20 - 2012-12-07 12:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs 2015-10-26 19:20 - 2012-12-07 12:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs 2015-10-26 19:20 - 2012-12-07 12:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs 2015-10-26 19:20 - 2012-12-07 12:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs 2015-10-26 19:20 - 2012-12-07 12:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs 2015-10-26 19:20 - 2012-12-07 12:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs 2015-10-26 19:20 - 2012-12-07 12:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs 2015-10-26 19:20 - 2012-12-07 12:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs 2015-10-26 19:20 - 2012-12-07 12:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs 2015-10-26 19:20 - 2012-12-07 12:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs 2015-10-26 19:20 - 2012-12-07 12:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs 2015-10-26 19:20 - 2012-12-07 12:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs 2015-10-26 19:20 - 2012-12-07 11:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs 2015-10-26 19:20 - 2012-12-07 11:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs 2015-10-26 19:20 - 2012-12-07 11:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs 2015-10-26 19:20 - 2012-12-07 11:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs 2015-10-26 19:20 - 2012-12-07 11:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs 2015-10-26 19:20 - 2012-12-07 11:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs 2015-10-26 19:20 - 2012-12-07 11:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs 2015-10-26 19:20 - 2012-12-07 11:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs 2015-10-26 19:20 - 2012-12-07 11:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs 2015-10-26 19:20 - 2012-12-07 11:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs 2015-10-26 19:20 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs 2015-10-26 19:20 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs 2015-10-26 19:20 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs 2015-10-26 19:20 - 2012-12-07 11:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs 2015-10-26 19:19 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2015-10-26 19:19 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2015-10-26 19:19 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2015-10-26 19:19 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2015-10-26 19:19 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2015-10-26 19:19 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2015-10-26 19:19 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2015-10-26 19:19 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2015-10-26 19:19 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2015-10-26 19:19 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll 2015-10-26 19:19 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll 2015-10-26 19:19 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll 2015-10-26 19:19 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll 2015-10-26 19:19 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll 2015-10-26 19:19 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe 2015-10-26 19:19 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe 2015-10-26 19:19 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe 2015-10-26 19:19 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe 2015-10-26 19:19 - 2012-10-09 19:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll 2015-10-26 19:19 - 2012-10-09 19:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll 2015-10-26 19:19 - 2012-10-09 18:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll 2015-10-26 19:19 - 2012-10-09 18:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll 2015-10-26 19:18 - 2013-05-10 06:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll 2015-10-26 19:18 - 2013-05-10 04:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2015-10-26 19:18 - 2012-10-03 18:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll 2015-10-26 19:18 - 2012-10-03 18:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll 2015-10-26 19:18 - 2012-10-03 18:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll 2015-10-26 19:18 - 2012-10-03 17:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll 2015-10-26 19:18 - 2012-10-03 17:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll 2015-10-26 19:18 - 2012-10-03 17:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys 2015-10-26 19:16 - 2014-02-04 03:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2015-10-26 19:16 - 2014-02-04 03:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2015-10-26 19:16 - 2014-02-04 03:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2015-10-26 19:16 - 2014-02-04 03:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2015-10-26 19:16 - 2014-02-04 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2015-10-26 19:16 - 2012-08-21 22:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe 2015-10-26 19:11 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2015-10-26 19:11 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2015-10-26 19:11 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2015-10-26 19:11 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll 2015-10-26 19:07 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2015-10-26 17:49 - 2015-10-26 17:49 - 00657744 _____ (PC Drivers HeadQuarters LP) C:\Users\Leon\Downloads\DriverSupport.exe 2015-10-26 17:43 - 2015-10-26 17:43 - 00096096 _____ C:\Users\Leon\Downloads\SerialNumberDetectionTool.exe 2015-10-26 17:02 - 2015-10-26 17:02 - 07764216 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWL664.SYS 2015-10-26 17:02 - 2015-10-26 17:02 - 04401152 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv64.dll 2015-10-26 17:02 - 2015-10-26 17:02 - 03667968 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui64.dll 2015-10-26 17:02 - 2015-10-26 17:02 - 00096600 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll 2015-10-26 16:54 - 2015-10-26 16:54 - 00003212 _____ C:\Windows\System32\Tasks\Driver Booster Scan 2015-10-26 16:54 - 2015-10-26 16:54 - 00003156 _____ C:\Windows\System32\Tasks\Driver Booster Update 2015-10-26 16:54 - 2015-10-26 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2 2015-10-26 16:52 - 2015-10-26 16:52 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled 2015-10-24 09:23 - 2015-10-20 14:12 - 00615092 _____ C:\Users\Leon\Desktop\Speed-TesT.exe 2015-10-20 14:12 - 2015-10-20 14:13 - 00000615 _____ C:\Users\Leon\Downloads\speed.txt 2015-10-20 14:12 - 2015-10-20 14:12 - 00615092 _____ C:\Users\Leon\Downloads\Speed-TesT.exe 2015-10-20 13:49 - 2015-11-06 07:38 - 00000000 ____D C:\Users\Leon\AppData\Local\MetaGeek,_LLC 2015-10-20 13:48 - 2015-11-09 07:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaGeek 2015-10-20 13:48 - 2015-11-06 07:36 - 00000000 ____D C:\Program Files (x86)\MetaGeek 2015-10-20 13:48 - 2015-10-20 13:48 - 00002489 _____ C:\Users\Public\Desktop\inSSIDer Home.lnk 2015-10-20 13:42 - 2015-10-20 13:42 - 01461024 _____ C:\Users\Leon\Downloads\inSSIDer Home letzte Freeware Version - CHIP-Installer.exe 2015-10-20 09:48 - 2015-10-20 09:48 - 00001451 _____ C:\Users\Leon\Desktop\Jboss haxxorn.txt 2015-10-17 19:09 - 2015-10-17 19:09 - 00001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-10-17 18:02 - 2012-08-28 20:51 - 23337416 _____ C:\Users\Leon\Downloads\sons-the_avengers-720p-sample.mkv 2015-10-17 17:56 - 2015-10-17 17:57 - 18561938 _____ C:\Users\Leon\Downloads\marvtheaveng_720_sons.part55.rar 2015-10-17 16:25 - 2015-10-17 16:25 - 00014768 _____ C:\Users\Leon\Downloads\Marvels.The.Avengers.German.DL.720p.BluRay.x264-SONS-vz28qcnijjqv.dlc 2015-10-17 16:14 - 2015-10-17 16:14 - 00003120 _____ C:\Users\Leon\Downloads\42dshzv9u02c0gc.dlc 2015-10-17 14:52 - 2015-10-17 14:52 - 00000000 ____D C:\Users\Leon\Downloads\JDownloader ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-14 19:16 - 2014-11-05 15:02 - 00000000 ____D C:\Users\Leon\AppData\Roaming\vlc 2015-11-14 18:49 - 2015-08-18 16:12 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-11-14 18:49 - 2015-08-18 16:12 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-11-14 18:49 - 2014-11-03 14:11 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-11-14 18:49 - 2014-11-03 14:11 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-14 18:47 - 2014-11-09 15:51 - 00000000 ____D C:\Users\Leon\AppData\Local\Adobe 2015-11-14 18:38 - 2014-11-15 16:40 - 00000000 ____D C:\Program Files (x86)\QIP 2012 2015-11-14 18:31 - 2009-07-14 05:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-11-14 18:31 - 2009-07-14 05:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-11-14 18:26 - 2014-11-03 15:20 - 00687862 _____ C:\Windows\system32\perfh007.dat 2015-11-14 18:26 - 2014-11-03 15:20 - 00146224 _____ C:\Windows\system32\perfc007.dat 2015-11-14 18:26 - 2009-07-14 06:13 - 01626438 _____ C:\Windows\system32\PerfStringBackup.INI 2015-11-14 18:25 - 2014-11-03 13:55 - 00002852 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Leon) 2015-11-14 18:22 - 2014-11-12 19:26 - 00000000 ____D C:\ProgramData\VMware 2015-11-14 18:22 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-11-14 18:21 - 2014-11-04 14:24 - 00000000 ____D C:\Windows\pss 2015-11-14 18:20 - 2015-07-26 20:44 - 00000586 _____ C:\Users\Leon\Desktop\pubs.txt 2015-11-14 17:58 - 2015-07-05 07:53 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-11-14 17:57 - 2015-07-05 07:53 - 00001106 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-11-14 17:57 - 2015-07-05 07:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-11-14 17:57 - 2015-07-05 07:53 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-11-14 17:45 - 2014-11-03 13:46 - 00000000 ____D C:\Users\Leon 2015-11-14 16:41 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2015-11-14 04:43 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2015-11-14 03:53 - 2015-07-07 18:24 - 00000000 ____D C:\Program Files (x86)\360 2015-11-14 03:52 - 2009-07-14 05:45 - 00268536 _____ C:\Windows\system32\FNTCACHE.DAT 2015-11-14 03:07 - 2014-11-04 09:34 - 01568920 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2015-11-14 03:03 - 2010-11-21 08:16 - 00000000 ____D C:\Program Files\Windows Journal 2015-11-13 10:26 - 2015-07-28 18:12 - 00001817 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk 2015-11-13 10:26 - 2014-11-04 14:46 - 00000866 _____ C:\Users\Public\Desktop\CCleaner.lnk 2015-11-13 10:11 - 2015-03-21 09:29 - 00000000 ____D C:\Users\Leon\Desktop\RESA 2015-11-13 08:51 - 2015-10-04 08:09 - 00000000 ____D C:\ProgramData\elsterformular 2015-11-13 08:43 - 2015-10-04 10:27 - 00086162 _____ C:\Users\Leon\Desktop\ESt2014_Detlef_Specht_und_Sabrina_Specht.elfo 2015-11-13 07:29 - 2014-11-03 13:56 - 00058016 _____ C:\Users\Leon\AppData\Local\GDIPFONTCACHEV1.DAT 2015-11-11 07:49 - 2010-11-21 08:16 - 00000000 ____D C:\Windows\CSC 2015-11-11 07:46 - 2015-08-22 05:25 - 00000000 ____D C:\Windows\Minidump 2015-11-11 07:46 - 2014-11-03 22:38 - 00000000 ____D C:\Windows\Panther 2015-11-11 07:46 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\Msdtc 2015-11-11 07:33 - 2009-07-14 03:34 - 00000439 _____ C:\Windows\win.ini 2015-11-10 13:32 - 2015-08-20 18:28 - 00009035 _____ C:\Users\Leon\Desktop\Hoster.txt 2015-11-10 08:00 - 2015-07-26 08:49 - 00000000 __SHD C:\ProgramData\360Quarant 2015-11-10 08:00 - 2015-07-26 08:49 - 00000000 __SHD C:\$360Section 2015-11-09 07:21 - 2014-11-04 09:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-11-06 06:38 - 2014-11-12 07:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-11-05 06:58 - 2009-07-14 06:08 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-11-04 19:59 - 2015-07-28 18:12 - 00000000 ____D C:\Users\Leon\AppData\Roaming\DAEMON Tools Lite 2015-11-04 19:49 - 2014-11-12 21:46 - 00009021 _____ C:\Users\Leon\Desktop\scan.txt 2015-10-28 08:47 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat 2015-10-28 08:45 - 2014-11-05 11:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-10-26 21:58 - 2009-07-14 04:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-10-26 21:53 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing 2015-10-26 21:53 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\Dism 2015-10-26 21:53 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\Dism 2015-10-26 21:53 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers 2015-10-26 21:53 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-10-26 21:47 - 2014-11-03 15:23 - 00000000 ____D C:\Windows\system32\MRT 2015-10-26 16:48 - 2014-11-03 13:56 - 00000000 ____D C:\ProgramData\ProductData 2015-10-26 13:10 - 2014-11-29 19:19 - 00000000 ____D C:\Users\Leon\AppData\Roaming\mIRC 2015-10-17 19:35 - 2014-11-15 20:48 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2015-10-17 13:28 - 2014-12-31 10:53 - 00000000 ____D C:\Users\Leon\AppData\Roaming\SFDL.NET 2 ==================== Files in the root of some directories ======= 2015-02-13 18:35 - 2015-03-21 12:51 - 0000600 _____ () C:\Users\Leon\AppData\Roaming\winscp.rnd 2014-11-30 12:35 - 2014-11-30 12:36 - 0004608 _____ () C:\Users\Leon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-02-13 18:12 - 2015-02-14 08:14 - 0000600 _____ () C:\Users\Leon\AppData\Local\PUTTY.RND 2015-11-11 07:23 - 2015-11-11 07:23 - 0007605 _____ () C:\Users\Leon\AppData\Local\Resmon.ResmonCfg 2014-11-03 14:09 - 2014-11-03 14:09 - 0000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-11-10 09:29 ==================== End of FRST.txt ============================ [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015 Ran by Leon (2015-11-14 19:27:42) Running from C:\Users\Leon\Downloads Windows 7 Ultimate Service Pack 1 (X64) (2014-11-03 12:46:36) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4048435114-2119328198-2928899312-500 - Administrator - Disabled) Guest (S-1-5-21-4048435114-2119328198-2928899312-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4048435114-2119328198-2928899312-1002 - Limited - Enabled) Leon (S-1-5-21-4048435114-2119328198-2928899312-1000 - Administrator - Enabled) => C:\Users\Leon ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 15.06 beta (HKLM-x32\...\7-Zip) (Version: 15.06 - Igor Pavlov) ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY) ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated) Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{0C0E2B7A-4275-FC1E-63D6-B72C96162FEC}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Ashampoo Burning Studio 15 v.15.0.2 (HKLM-x32\...\{91B33C97-5B38-0A92-D04A-A0F26F3F87D4}_is1) (Version: 15.0.2 - Ashampoo GmbH & Co. KG) CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd) Dll-Files Fixer (HKLM-x32\...\Dll-Files Fixer_is1) (Version: 3.1.81 - Dll-Files.com) Driver Booster 2 (HKLM-x32\...\Driver Booster_is1) (Version: 2.0 - IObit) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.2.24.20150630 - Landesfinanzdirektion Thüringen) Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON SX420W Series Handbuch (HKLM-x32\...\EPSON SX420W Series Manual) (Version: - ) EPSON SX420W Series Netzwerk-Handbuch (HKLM-x32\...\EPSON SX420W Series Network Guide) (Version: - ) EPSON SX420W Series Printer Uninstall (HKLM\...\EPSON SX420W Series) (Version: - SEIKO EPSON Corporation) EpsonNet Setup 3.2 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.2a - SEIKO EPSON CORPORATION) Gamers.IRC 6.07 (HKLM-x32\...\Gamers.IRC) (Version: - ) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation) mIRC (HKLM-x32\...\mIRC) (Version: 7.43 - mIRC Co. Ltd.) Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla) MPC-HC 1.7.7 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.7 - MPC-HC Team) Nmap 6.47 (HKLM-x32\...\Nmap) (Version: - ) No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.1.0 - Vitalwerks Internet Solutions LLC) OpenVPN 2.3.4-I002 (HKLM\...\OpenVPN) (Version: 2.3.4-I002 - ) Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.11 - ) pidgin-otr 4.0.0-1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA) QIP 2012 4.0.9379 (HKU\S-1-5-21-4048435114-2119328198-2928899312-1000\...\QIP 2012) (Version: 4.0.9379 - ) QIP Internet Guardian (HKU\S-1-5-21-4048435114-2119328198-2928899312-1000\...\QipGuard) (Version: - ) Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - ) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0130 - REALTEK Semiconductor Corp.) TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - ) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer) Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.2.2 - Tweaking.com) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 9.0.0 - VMware, Inc) VMware Workstation (Version: 9.0.0 - VMware, Inc.) Hidden Windows_Repair_Professional 2015 (HKLM-x32\...\Windows_Repair_Professional 2015) (Version: 2015 - SOFTONIC INTERNACIONAL S.A. © 1997-2015) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies) WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) WinSCP 5.5.6 (HKLM-x32\...\winscp3_is1) (Version: 5.5.6 - Martin Prikryl) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 14-11-2015 04:41:02 Scheduled Checkpoint ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2015-11-11 07:33 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {08E8AD61-35DC-4762-9F60-41C0544DAC82} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-10-13] (IObit) Task: {0E4FF676-B512-4440-814B-86D9E8EE109B} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2014-10-08] (IObit) Task: {0EFBDD71-AB55-4E6E-80BC-3419B1552631} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-14] (Adobe Systems Incorporated) Task: {22C8BE1F-7501-4BDD-B241-AD6A243A8397} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-12] (Tweaking.com) Task: {389EBCBC-2FD3-4639-A14D-6264705F63B5} - System32\Tasks\{3FF299D1-BEAE-48A3-9AD9-66F5E5BC0DE9} => pcalua.exe -a F:\DSKTOP\bytewarezirc\bytewarezirc\nnsworkdir\nnrepair.exe -d F:\DSKTOP\bytewarezirc\bytewarezirc\nnsworkdir Task: {BBB7A0BF-560F-4149-8651-4AAB5C5F7121} - System32\Tasks\Driver Booster SkipUAC (Leon) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-10-22] (IObit) Task: {CBE40172-D50A-45C3-8855-6A7384C6E0CA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DLL-Files Fixer.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe Task: C:\Windows\Tasks\PowerDVD.exe_20141225_092850_0599.job => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe ==================== Loaded Modules (Whitelisted) ============== 2015-03-19 23:03 - 2015-03-19 23:03 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2014-11-15 16:40 - 2014-06-23 13:35 - 01072624 _____ () C:\Program Files (x86)\QIP 2012\Protos\InfICQ\InfICQ.dll 2014-11-15 16:40 - 2014-06-23 13:36 - 00519152 _____ () C:\Program Files (x86)\QIP 2012\Protos\MRA\MRA.dll 2014-11-15 16:40 - 2014-06-23 13:36 - 00883184 _____ () C:\Program Files (x86)\QIP 2012\Protos\Social\Social.dll 2014-11-15 16:40 - 2014-06-23 13:35 - 00161096 _____ () C:\Program Files (x86)\QIP 2012\Plugins\cards\cards.dll 2014-11-15 16:40 - 2014-06-23 13:35 - 00213488 _____ () C:\Program Files (x86)\QIP 2012\Plugins\qipcurrency\qipcurrency.dll 2014-11-15 16:40 - 2014-06-23 13:35 - 00334320 _____ () C:\Program Files (x86)\QIP 2012\Plugins\qipradio\qipradio.dll 2014-11-15 16:40 - 2014-06-23 13:35 - 00700400 _____ () C:\Program Files (x86)\QIP 2012\Plugins\qipweather\qipweather.dll 2014-11-15 16:40 - 2014-06-23 13:35 - 00181232 _____ () C:\Program Files (x86)\QIP 2012\Plugins\Win7Helper\Win7Helper.dll 2014-11-15 16:40 - 2014-06-23 13:35 - 04663792 _____ () C:\Program Files (x86)\QIP 2012\Core\voip.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4048435114-2119328198-2928899312-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: Media is not connected to internet. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: ABBYY.Licensing.FineReader.Sprint.9.0 => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: Ati External Event Utility => 2 MSCONFIG\Services: EPSON_EB_RPCV4_04 => 2 MSCONFIG\Services: EPSON_PM_RPCV4_04 => 2 MSCONFIG\Services: MBAMService => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: NAUpdate => 2 MSCONFIG\Services: OpenVPNService => 3 MSCONFIG\Services: PDAgent => 2 MSCONFIG\Services: PDEngine => 2 MSCONFIG\Services: TeamViewer9 => 2 MSCONFIG\Services: VMAuthdService => 2 MSCONFIG\Services: VMUSBArbService => 2 MSCONFIG\Services: VMwareHostd => 2 MSCONFIG\Services: ZhuDongFangYu => MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" MSCONFIG\startupreg: EPSON SX420W Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_SB387.tmp" /EF "HKCU" MSCONFIG\startupreg: FlashPlayerUpdate => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_189_Plugin.exe -update plugin MSCONFIG\startupreg: QIP Internet Guardian => C:\Users\Leon\AppData\Roaming\QipGuard\QipGuard.exe /p MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: vmware-tray.exe => "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{9D482FC1-0177-4375-B441-95DFF5EFEFCD}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe FirewallRules: [{9465CA5E-F508-496E-83CB-F65A78443974}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe FirewallRules: [TCP Query User{ACEE5130-36B2-4C14-837C-74FAF8043D7A}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{3BD82EBE-3820-4450-B532-0E9BA0CF7A8B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [{1AA52932-9BFC-4ECC-89C6-127656B205B0}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe FirewallRules: [{37B0CB04-C81A-4F75-B81D-641400F821D2}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe FirewallRules: [{B5E7F8FE-4659-42E1-A77F-C7A604BEBEE2}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe FirewallRules: [{80F40EEA-4013-4E61-BCF8-21071871B1F9}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe FirewallRules: [TCP Query User{0A768A3B-E469-4BCC-8EE2-D2E891F9E90D}C:\program files (x86)\qip 2012\qip.exe] => (Allow) C:\program files (x86)\qip 2012\qip.exe FirewallRules: [UDP Query User{FAAC254F-1EAC-4025-82CB-1DDE2E138D42}C:\program files (x86)\qip 2012\qip.exe] => (Allow) C:\program files (x86)\qip 2012\qip.exe FirewallRules: [{06BAB428-DBA3-47B9-8F74-80DD3A3BD04C}] => (Block) C:\program files (x86)\qip 2012\qip.exe FirewallRules: [{E83B0265-7639-4199-A34C-B66723DFA4D0}] => (Block) C:\program files (x86)\qip 2012\qip.exe FirewallRules: [TCP Query User{882593DC-0C10-4556-9671-E7827A9107C8}F:\programme\ftprush\ftprush.exe] => (Allow) F:\programme\ftprush\ftprush.exe FirewallRules: [UDP Query User{3962FC50-A46A-414C-9A7D-B2159FCE2C64}F:\programme\ftprush\ftprush.exe] => (Allow) F:\programme\ftprush\ftprush.exe FirewallRules: [{4237EB01-F380-4465-BF1A-0B2230AA416D}] => (Block) F:\programme\ftprush\ftprush.exe FirewallRules: [{7DE6030F-18A9-4E13-A3F6-D484DB5F2961}] => (Block) F:\programme\ftprush\ftprush.exe FirewallRules: [{F003B799-C777-4879-9AC2-022C53F7559C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{A898DC9D-9BF6-4E2F-8BAE-5EAA91A068B7}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [TCP Query User{B00C0DA1-962E-4015-93D8-7C8AA09899DB}F:\programme\flashfxp3.4 crack\flashfxp3.4 crack\flashfxp.v3.4.0.build.1145.final.multilingual.cracked-f4cg\crack\flashfxp.exe] => (Allow) F:\programme\flashfxp3.4 crack\flashfxp3.4 crack\flashfxp.v3.4.0.build.1145.final.multilingual.cracked-f4cg\crack\flashfxp.exe FirewallRules: [UDP Query User{4958E081-CAE4-42EC-B6EE-249E41F35EC9}F:\programme\flashfxp3.4 crack\flashfxp3.4 crack\flashfxp.v3.4.0.build.1145.final.multilingual.cracked-f4cg\crack\flashfxp.exe] => (Allow) F:\programme\flashfxp3.4 crack\flashfxp3.4 crack\flashfxp.v3.4.0.build.1145.final.multilingual.cracked-f4cg\crack\flashfxp.exe FirewallRules: [{5220AA81-B9AB-4C83-886B-AE7B3D862C3E}] => (Block) F:\programme\flashfxp3.4 crack\flashfxp3.4 crack\flashfxp.v3.4.0.build.1145.final.multilingual.cracked-f4cg\crack\flashfxp.exe FirewallRules: [{45451839-6188-495D-9913-7B86B4F2B99C}] => (Block) F:\programme\flashfxp3.4 crack\flashfxp3.4 crack\flashfxp.v3.4.0.build.1145.final.multilingual.cracked-f4cg\crack\flashfxp.exe FirewallRules: [TCP Query User{BD943E67-DBC5-48F7-877C-35E3040AC895}F:\programme\oldscool\gamers.irc\mirc.exe] => (Allow) F:\programme\oldscool\gamers.irc\mirc.exe FirewallRules: [UDP Query User{79ED963F-AA33-4A2C-9DF7-07ECB17DD620}F:\programme\oldscool\gamers.irc\mirc.exe] => (Allow) F:\programme\oldscool\gamers.irc\mirc.exe FirewallRules: [{B27562B6-2E54-456B-8DB5-C5DC7F93D457}] => (Block) F:\programme\oldscool\gamers.irc\mirc.exe FirewallRules: [{A00B6B93-A7F5-4479-B7D3-0B73295BEB1C}] => (Block) F:\programme\oldscool\gamers.irc\mirc.exe FirewallRules: [{A59D844A-25AA-4748-85E6-ECBA90893DBF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{BD125E11-BEAB-4241-B5A0-DEE37CCCDCD7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{B0A9AFA9-6E79-458A-94DC-413AF39FB2E7}F:\programme\ftplist 1.13\ftplist.exe] => (Allow) F:\programme\ftplist 1.13\ftplist.exe FirewallRules: [UDP Query User{98122EC2-FE4E-476F-8F30-32715DD7C787}F:\programme\ftplist 1.13\ftplist.exe] => (Allow) F:\programme\ftplist 1.13\ftplist.exe FirewallRules: [{9C294A17-5A48-4BC6-B72B-EF573C083EEE}] => (Block) F:\programme\ftplist 1.13\ftplist.exe FirewallRules: [{0CB84B5F-652C-4475-9FC5-98F723148514}] => (Block) F:\programme\ftplist 1.13\ftplist.exe FirewallRules: [TCP Query User{19F723F3-C7BB-432E-B14A-68668C320D96}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{3642E7E0-004D-4C56-8389-E405DBABA2BB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{8EAEBF2A-A87D-42C9-84A0-914A2DC3DD9E}F:\programme\ftp content maker 1.02\ftplist.exe] => (Allow) F:\programme\ftp content maker 1.02\ftplist.exe FirewallRules: [UDP Query User{9C53D968-BD36-4396-84D9-43736AB57ADA}F:\programme\ftp content maker 1.02\ftplist.exe] => (Allow) F:\programme\ftp content maker 1.02\ftplist.exe FirewallRules: [{D3958D16-0213-4DF5-81C2-CE0077682AF7}] => (Block) F:\programme\ftp content maker 1.02\ftplist.exe FirewallRules: [{38A7B25C-1BAE-4AE3-B355-C3344F9630EB}] => (Block) F:\programme\ftp content maker 1.02\ftplist.exe FirewallRules: [TCP Query User{11B5AFA2-6ABA-4E27-8A37-A0FCC2EB8841}F:\programme\ftplabymaker250b6d\ftplabymaker v2.5.0beta6d.exe] => (Allow) F:\programme\ftplabymaker250b6d\ftplabymaker v2.5.0beta6d.exe FirewallRules: [UDP Query User{BEBC9400-93A9-4AD7-AA6C-643560BAA12C}F:\programme\ftplabymaker250b6d\ftplabymaker v2.5.0beta6d.exe] => (Allow) F:\programme\ftplabymaker250b6d\ftplabymaker v2.5.0beta6d.exe FirewallRules: [{50BE0157-D774-443E-BDB1-87DF6F4F4E49}] => (Block) F:\programme\ftplabymaker250b6d\ftplabymaker v2.5.0beta6d.exe FirewallRules: [{F5851227-5EFD-47AF-8765-E82E96AE6BD8}] => (Block) F:\programme\ftplabymaker250b6d\ftplabymaker v2.5.0beta6d.exe FirewallRules: [TCP Query User{59770F83-FEF4-472A-A828-910F382EA394}F:\programme\bulldozer\mirc\mirc.exe] => (Allow) F:\programme\bulldozer\mirc\mirc.exe FirewallRules: [UDP Query User{67DA85F3-3B18-4995-A065-FFE7435E756A}F:\programme\bulldozer\mirc\mirc.exe] => (Allow) F:\programme\bulldozer\mirc\mirc.exe FirewallRules: [{3C8D4256-FB8B-4A37-8FED-9252B46EFE51}] => (Block) F:\programme\bulldozer\mirc\mirc.exe FirewallRules: [{2307631B-0466-48ED-AFCD-4796256CBCEE}] => (Block) F:\programme\bulldozer\mirc\mirc.exe FirewallRules: [TCP Query User{B3EF27E9-BCFA-4D19-8B30-11C391BCA0A1}F:\coldasice\mirc\mirc.exe] => (Allow) F:\coldasice\mirc\mirc.exe FirewallRules: [UDP Query User{634273F7-F26C-43C8-9115-63C03AD49FD3}F:\coldasice\mirc\mirc.exe] => (Allow) F:\coldasice\mirc\mirc.exe FirewallRules: [{2408FADE-191C-4762-992B-F6478DA9FD34}] => (Block) F:\coldasice\mirc\mirc.exe FirewallRules: [{9483E610-45ED-4B2D-9910-881EF444C39D}] => (Block) F:\coldasice\mirc\mirc.exe FirewallRules: [{DAF9A432-40BC-46C9-AE24-349E6A904EC6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{3ED8B104-DAFB-44A4-B211-DE74C4CB937C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{A80D82E6-731E-4F7F-B724-11354245C859}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{6C937C24-4B42-4913-AFBC-4F62BAA1A5D0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{B8AB8020-4556-440C-A668-D0AD0278CD4F}] => (Block) %ProgramFiles% (x86)\IObit\Driver Booster\AutoUpdate.exe FirewallRules: [{1BD2A728-EF5B-4F82-9B8C-9A161C64E12F}] => (Block) %ProgramFiles% (x86)\IObit\Driver Booster\DriverBooster.exe FirewallRules: [{B7DED45F-8DC1-46CA-B221-0DB22D44BED8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{7DAD3405-8DEA-4451-B584-39F090B53957}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Faulty Device Manager Devices ============= Name: Standard OpenHCD USB-Hostcontroller Description: Standard OpenHCD USB-Hostcontroller Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard-USB-Hostcontroller) Service: usbohci Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Standard OpenHCD USB-Hostcontroller Description: Standard OpenHCD USB-Hostcontroller Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard-USB-Hostcontroller) Service: usbohci Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Standard OpenHCD USB-Hostcontroller Description: Standard OpenHCD USB-Hostcontroller Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard-USB-Hostcontroller) Service: usbohci Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (11/14/2015 03:01:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary BAPIDRV. System Error: The system cannot find the file specified. . Error: (11/14/2015 03:01:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary 360FsFlt mini-filter driver. System Error: The system cannot find the file specified. . Error: (11/14/2015 03:01:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary 360Safe Anti Hacker Service. System Error: The system cannot find the file specified. . Error: (11/13/2015 02:35:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary BAPIDRV. System Error: The system cannot find the file specified. . Error: (11/13/2015 02:35:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary 360FsFlt mini-filter driver. System Error: The system cannot find the file specified. . Error: (11/13/2015 02:35:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary 360Safe Anti Hacker Service. System Error: The system cannot find the file specified. . Error: (11/11/2015 07:53:16 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (11/11/2015 07:53:15 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (11/11/2015 07:37:08 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: LOCALHOST) Description: Die Zeichenfolgen der Leistungsindikatoren für Dienst ".NET Data Provider for Oracle" () konnten nicht installiert werden. Der Fehlercode ist das erste DWORD im Datenbereich. Error: (11/11/2015 07:37:08 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: LOCALHOST) Description: Die Zeichenfolgen der Leistungsindikatoren für Dienst ".NET Memory Cache 4.0" () konnten nicht installiert werden. Der Fehlercode ist das erste DWORD im Datenbereich. System errors: ============= Error: (11/14/2015 06:38:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "UPnP Device Host" ist vom Dienst "SSDP Discovery" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (11/14/2015 06:38:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "UPnP Device Host" ist vom Dienst "SSDP Discovery" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (11/14/2015 06:38:50 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80070422" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist. Error: (11/14/2015 06:38:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "UPnP Device Host" ist vom Dienst "SSDP Discovery" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (11/14/2015 06:38:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "UPnP Device Host" ist vom Dienst "SSDP Discovery" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (11/14/2015 06:38:47 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80070422" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist. Error: (11/14/2015 06:38:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "UPnP Device Host" ist vom Dienst "SSDP Discovery" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (11/14/2015 06:38:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "UPnP Device Host" ist vom Dienst "SSDP Discovery" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (11/14/2015 06:38:43 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80070422" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist. Error: (11/14/2015 06:38:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "UPnP Device Host" ist vom Dienst "SSDP Discovery" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 ==================== Memory info =========================== Processor: AMD Athlon(tm) Processor TF-20 Percentage of memory in use: 52% Total physical RAM: 1790.11 MB Available physical RAM: 852.07 MB Total Virtual: 4790.11 MB Available Virtual: 3383.52 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:51.29 GB) (Free:10 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (Volume) (Fixed) (Total:32.42 GB) (Free:7.02 GB) NTFS Drive e: (Volume) (Fixed) (Total:0.01 GB) (Free:0 GB) NTFS Drive f: (Volume) (Fixed) (Total:63.49 GB) (Free:3.57 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: D810FE90) Partition 1: (Not Active) - (Size=8 MB) - (Type=07 NTFS) Partition 2: (Active) - (Size=51.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=63.5 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=34.2 GB) - (Type=05) ==================== End of Addition.txt ============================ |
Themen zu Rootkit verdacht unter win7 64bit ultimate |
appdata, bytes, c:\windows, code, driver, explorer.exe, gmer, harddisk, ide, microsoft, ntoskrnl.exe, registry, rootkit, scan, security, software, spoolsv.exe, svchost.exe, system, system32, temp, total, verdacht, win, win7 |