Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Verdächtige Aktivitäten

Verdächtige Aktivitäten


Plagegeister aller Art und deren Bekämpfung: Verdächtige Aktivitäten

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.09.2016, 21:37   #1
josy1982
 
Verdächtige Aktivitäten - Standard

Verdächtige Aktivitäten


Hallo,

nach langer Zeit unter Linux mal wieder bei Windows 8.1 Pro 64 Bit angelangt.

Ich hatte heute Windows 8.1 Pro komplett neu installiert und alle SSD's formatiert.

Nun ich benutze auch hier nur die Open Source Programme die ich unter Linux kenne und die Programme die ich mal gekauft habe. Selten das bei mir etwas ist.

Nun ich hatte mir den DVDStyler heruntergeladen. Unter Linux ist da nichts, jedoch hier bei Windows wurde etwas unerwünschtes mitinstalliert ( hätte ich nun gar nicht gedacht). Anbei alle meine LOG Dateien. Bitte um Anweisung Danke!

Ich bin immer noch auf 360 Security Lite heute nennt sich das glaube ich Essentials. Mehr brauch ich nicht und zum manuellen scannen nach wie vor MBAM Free.


Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 03.09.2016
Suchlaufzeit: 16:50
Protokolldatei: scan.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.09.03.04
Rootkit-Datenbank: v2016.08.15.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: xxxxxx

Suchlauftyp: Benutzerdefinierter Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 553088
Abgelaufene Zeit: 36 Min., 39 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 1
PUP.Optional.InstallCore, HKU\S-1-5-21-870488476-3347437722-3144900748-1001\SOFTWARE\csastats, In Quarantäne, [427e2d401189f343168638c211f2a060], 

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)
Code:
ATTFilter
360 Total Security-Scanprotokoll

Scanzeit:2016-09-03 16:22:10
Benötigte Zeit:00:17:21
Objekt(e) gescannt:529257
Gefundene Bedrohung(en):9
Behobene Bedrohung(en):2

Scaneinstellungen
----------------------
Scan für komprimierte Dateien:Ja
Scan-Engine:Bitdefender-Engine, Avira AntiVir-Engine

Scanumfang
----------------------
Vollständiger Scan

Scanergebnis
======================
Elemente mit Risiko
----------------------
C:\Windows\SysWOW64\Codecs\TrayMenu.exe	Anwendungen, deren automatische Ausführung beim Windows-Systemstart verboten werden sollte 	Vertrauenswürdig
C:\Users\xxxxx\AppData\Local\Viber\D3Dcompiler_47.dll	Verhalten mit Trojanern vergleichbar	Vertrauenswürdig

Systemabweichungen
----------------------
Rdof-Malware		Nicht behoben
Verdächtige Verknüpfungen:Google Chrome.lnk		Nicht behoben
Verdächtige Verknüpfungen:Google Chrome.lnk		Nicht behoben
Verdächtige Verknüpfungen:Launch Internet Explorer Browser.lnk		Nicht behoben
Verdächtige Verknüpfungen:Google Chrome.lnk		Nicht behoben
Verdächtige Verknüpfungen:Internet Explorer.lnk		Nicht behoben
Verdächtige Verknüpfungen:Google Chrome.lnk		Nicht behoben

2016-09-03 04:52:17	C:\Users\xxxxx\AppData\Local\Temp\is-LFKIR.tmp\Browser Security.exe Die Datei wurde gelöscht. Sie können sie bei Bedarf aus der Quarantäne wiederherstellen.	HEUR/QVM41.2.0000.Malware.Gen
2016-09-03 04:51:59	C:\Users\xxxxx\AppData\Local\Temp\is-LFKIR.tmp\Browser Security.exe Der Zugriff auf diese Datei wurde verhindert. Sie kann nicht ausgeführt oder verschoben werden.	HEUR/QVM41.2.0000.Malware.Gen
Miniaturansicht angehängter Grafiken
-unbenannt.gif  
Geändert von josy1982 (03.09.2016 um 21:44 Uhr)

Alt 04.09.2016, 09:44   #2
M-K-D-B
/// TB-Ausbilder
 
Verdächtige Aktivitäten - Standard

Verdächtige Aktivitäten





Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort als Administrator zu starten!
  • Einige Programme, die wir hier verwenden, können unter Umständen von deinem Antiviren- oder Anti-Malwareprogramm fälschlicherweise als Bedrohung eingestuft werden. Die Sicherheitsprogramme können aufgrund eines bestimmten Programmverhaltens nicht zwischen "gut" oder "böse" unterscheiden und schlagen Alarm. Dabei handelt es sich um Fehlalarme, welche du getrost ignorieren kannst. Gegebenenfalls musst du deine Sicherheitssoftware vor der Ausführung eines Programms deaktivieren, damit unsere Bereinigungsvorgänge nicht beeinträchtigt werden.



Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!




Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:


Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)






Schritt 2
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von TDSS-Killer,
  • die beiden neuen Logdateien von FRST.
__________________
Alt 04.09.2016, 17:12   #3
josy1982
 
Verdächtige Aktivitäten - Standard

Verdächtige Aktivitäten


FRST Danke!

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
durchgeführt von xxxxxxxxxxxxxxxxxxxxxxxxxxxx (Administrator) auf SONOR_45-45 (04-09-2016 17:55:49)
Gestartet von C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Downloads
Geladene Profile: xxxxxxxxxxxxxxxxxxxxxxxxxxxx (Verfügbare Profile: xxxxxxxxxxxxxxxxxxxxxxxxxxxx)
Platform: Windows 8.1 Pro (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
() C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Video DSP\DriverMFTService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lavasoft) C:\Program Files (x86)\AdAware\hms\healthmon.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Innovative Solutions GRUP SRL) C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamuseragent.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(eM Client s.r.o.) C:\Program Files (x86)\eM Client\MailClient.exe
(eM Client s.r.o.) C:\Program Files (x86)\eM Client\MailClient.exe
(FreeDownloadManager.org) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
() C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\ICQ\bin\icq.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Viber Media S.Ã* r.l.) C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Viber\Viber.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIMBE.EXE
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
() C:\Program Files (x86)\WebcamMax\wcmmon.exe
() C:\Program Files (x86)\qBittorrent\qbittorrent.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIMBE.EXE
() C:\Windows\SysWOW64\Codecs\TrayMenu.exe
() C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\EpmNews.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7825720 2014-03-26] (Motorola Solutions, Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [MouseDriver] => c:\windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4879776 2016-06-23] (Intel(R) Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1842744 2016-09-01] (NVIDIA Corporation)
HKLM-x32\...\Run: [Codec Settings UAC Manager] => C:\Windows\SysWOW64\Codecs\CodecUACManager.exe [61720 2015-11-05] ()
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe [345000 2016-08-10] (QIHU 360 SOFTWARE CO. LIMITED)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\EpmNews.exe [2090176 2016-08-26] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUS Cleanup] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\CleanUpUI.exe [1242816 2016-08-26] (CHENGDU Yiwo Tech Development Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [650496 2016-01-19] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863488 2016-01-19] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-870488476-3347437722-3144900748-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-870488476-3347437722-3144900748-1001\...\Run: [eM Client] => C:\Program Files (x86)\eM Client\MailClient.exe [24513384 2016-07-27] (eM Client s.r.o.)
HKU\S-1-5-21-870488476-3347437722-3144900748-1001\...\Run: [Free Download Manager] => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe [9647104 2016-08-23] (FreeDownloadManager.org)
HKU\S-1-5-21-870488476-3347437722-3144900748-1001\...\Run: [icq.desktop] => C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\ICQ\bin\icq.exe [26540168 2016-09-03] ()
HKU\S-1-5-21-870488476-3347437722-3144900748-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2858272 2016-09-01] (Valve Corporation)
HKU\S-1-5-21-870488476-3347437722-3144900748-1001\...\Run: [Viber] => C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Viber\Viber.exe [72586832 2016-08-10] (Viber Media S.Ã* r.l.)
HKU\S-1-5-21-870488476-3347437722-3144900748-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIMBE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-870488476-3347437722-3144900748-1001\...\Run: [WebcamMaxAutoRun] => C:\Program Files (x86)\WebcamMax\wcmmon.exe [1038848 2011-07-17] ()
HKU\S-1-5-21-870488476-3347437722-3144900748-1001\...\Run: [qBittorrent] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe [15855104 2016-07-20] ()
HKU\S-1-5-21-870488476-3347437722-3144900748-1001\...\Run: [FreeFirewall] => C:\Program Files\Evorim\Free Firewall\freefirewall.exe /autostart
HKU\S-1-5-21-870488476-3347437722-3144900748-1001\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIMBE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-870488476-3347437722-3144900748-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk [2016-09-02]
ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\SysWOW64\Codecs\TrayMenu.exe ()

==================== Internet (Nicht auf der Ausnahmeliste) ====================
Code:
ATTFilter
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{F30796A3-81F6-4B99-B3F1-A5C4B5A50033}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-870488476-3347437722-3144900748-1001 -> DefaultScope {CD350708-321B-447B-9362-207B68690A5F} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-870488476-3347437722-3144900748-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-870488476-3347437722-3144900748-1001 -> {CD350708-321B-447B-9362-207B68690A5F} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Free Download Manager -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\iebho.dll [2016-08-23] ()
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_102\bin\ssv.dll [2016-09-03] (Oracle Corporation)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2016-08-10] (Qihu 360 Software Co., Ltd.)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2015-06-09] ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-09-03] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Free Download Manager -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\x86\iebho.dll [2016-08-23] ()
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\ssv.dll [2016-09-03] (Oracle Corporation)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2016-08-10] (Qihu 360 Software Co., Ltd.)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2015-06-09] ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-09-03] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2015-06-09] ()
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2015-06-09] ()
Toolbar: HKU\S-1-5-21-870488476-3347437722-3144900748-1001 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2015-06-09] ()
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2015-06-09] ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2015-06-09] ()

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-09-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-09-03] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-09-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-09-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxps://www.google.de/"
CHR DefaultSearchKeyword: Default -> google.de___
CHR Profile: C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2016-09-02]
CHR Extension: (Google Präsentationen) - C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-02]
CHR Extension: (Free Download Manager Chrome extension) - C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2016-09-03]
CHR Extension: (Google Docs) - C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-02]
CHR Extension: (Google Drive) - C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-02]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-09-02]
CHR Extension: (YouTube) - C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-02]
CHR Extension: (Google Tabellen) - C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-02]
CHR Extension: (Chrome Remote Desktop) - C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-09-02]
CHR Extension: (Weather Avenue) - C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdjjeekgglojebicfpgmiaeaadnhfaol [2016-09-02]
CHR Extension: (Google Docs Offline) - C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-02]
CHR Extension: (AdBlock) - C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-09-02]
CHR Extension: (360 Internet Protection) - C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\glcimepnljoholdmjchkloafkggfoijh [2016-09-02]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-02]
CHR Extension: (TeamViewer) - C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\oooiobdokpcfdlahlmcddobejikcmkfo [2016-09-02]
CHR Extension: (Google Mail) - C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-02]
CHR Extension: (Chrome Media Router) - C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-02]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================
Code:
ATTFilter
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe [76616 2016-06-20] (Google Inc.)
R2 DriverMFTService; C:\Program Files (x86)\Asus\ASUS Video DSP\DriverMFTService.exe [9728 2014-01-09] (ASUSTek Computer Inc.) [Datei ist nicht signiert]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 healthmon; C:\Program Files (x86)\AdAware\hms\healthmon.exe [137560 2016-09-03] (Lavasoft)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2016-05-12] (Intel Corporation)
S3 InnovativeSolutions_monitor; C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [1065496 2016-08-12] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-06-23] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5703752 2016-07-12] (INCA Internet Co., Ltd.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458808 2016-09-01] (NVIDIA Corporation)
R3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458808 2016-09-01] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-09-01] (NVIDIA Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [914344 2016-08-10] (QIHU 360 SOFTWARE CO. LIMITED)
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7534864 2016-08-25] (TeamViewer GmbH)
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-06-23] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [151784 2016-08-10] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [86248 2016-08-10] (360.cn)
R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [86248 2016-08-10] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [330472 2016-08-10] (360.cn)
R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2016-08-10] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [391392 2016-08-10] (360.cn)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [190696 2016-08-10] (360.cn)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1424184 2014-04-22] (Motorola Solutions, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [24056 2016-01-14] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [21496 2016-01-14] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] ()
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2016-09-03] (REALiX(tm))
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [371472 2016-05-26] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3520264 2016-05-03] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-09-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47672 2016-09-01] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [827096 2015-03-12] (Realsil Semiconductor Corporation)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [121248 2016-08-16] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [195936 2016-08-16] (Oracle Corporation)
R2 WCMVCAM; C:\Windows\system32\DRIVERS\wcmvcam64.sys [1071032 2012-04-15] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
Code:
ATTFilter
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-09-04 17:55 - 2016-09-04 17:55 - 00027824 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Downloads\FRST.txt
2016-09-04 17:55 - 2016-09-04 17:55 - 00000000 ____D C:\FRST
2016-09-04 17:29 - 2016-09-04 17:29 - 04747704 _____ (AO Kaspersky Lab) C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Downloads\tdsskiller.exe
2016-09-04 17:22 - 2016-09-04 17:22 - 02397696 _____ (Farbar) C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Downloads\FRST64.exe
2016-09-04 17:02 - 2016-09-04 17:11 - 00000943 _____ C:\Windows\Tasks\EPSON WF-2650 Series Update {47D110FB-9C9C-4366-9ADB-FF6FFC7DF1B6}.job
2016-09-04 17:02 - 2016-09-04 17:02 - 00003974 _____ C:\Windows\System32\Tasks\EPSON WF-2650 Series Update {47D110FB-9C9C-4366-9ADB-FF6FFC7DF1B6}
2016-09-04 16:58 - 2016-09-04 16:58 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evorim
2016-09-04 16:58 - 2016-09-04 16:58 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evorim
2016-09-04 15:50 - 2016-09-04 15:50 - 00000000 ____D C:\Windows\LastGood
2016-09-04 14:43 - 2016-09-04 14:43 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Apps\2.0
2016-09-04 14:40 - 2016-09-04 16:43 - 00000000 ____D C:\Program Files (x86)\TweakNow PowerPack
2016-09-04 14:40 - 2016-09-04 14:40 - 00001102 _____ C:\Users\Public\Desktop\TweakNow PowerPack.lnk
2016-09-04 14:40 - 2016-09-04 14:40 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\TweakNow PowerPack 2012
2016-09-04 14:40 - 2016-09-04 14:40 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\TweakNow PowerPack
2016-09-04 14:40 - 2016-09-04 14:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakNow PowerPack
2016-09-04 14:39 - 2016-09-04 14:39 - 10849256 _____ (TweakNow.com ) C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Downloads\PowerPack460.exe
2016-09-04 05:22 - 2016-09-04 05:22 - 00001094 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\regedit.exe.lnk
2016-09-04 04:46 - 2016-09-04 04:46 - 00402432 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-04 04:41 - 2016-09-04 04:41 - 00000889 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\gpedit.msc.lnk
2016-09-04 04:23 - 2016-09-04 04:23 - 00003838 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-09-04 04:23 - 2016-09-04 04:23 - 00003838 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-09-04 04:23 - 2016-09-04 04:23 - 00003788 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-09-04 04:23 - 2016-09-04 04:23 - 00003776 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-09-04 04:23 - 2016-09-04 04:23 - 00003540 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-09-04 04:23 - 2016-09-04 04:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-09-04 04:23 - 2016-09-01 09:15 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2016-09-04 04:19 - 2016-09-04 04:23 - 00001436 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-09-04 04:19 - 2016-09-04 04:23 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Documents\eM Client
2016-09-04 04:19 - 2016-09-04 04:23 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\NVIDIA
2016-09-04 04:19 - 2016-09-04 04:19 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-09-04 04:19 - 2016-09-01 10:29 - 01842744 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-09-04 04:19 - 2016-09-01 10:29 - 01756728 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-09-04 04:19 - 2016-09-01 10:29 - 01450040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-09-04 04:19 - 2016-09-01 10:29 - 01318968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-09-04 04:19 - 2016-09-01 10:29 - 00121912 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-09-04 04:19 - 2016-08-25 23:10 - 06385720 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-09-04 04:19 - 2016-08-25 23:10 - 02475064 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-09-04 04:19 - 2016-08-25 23:10 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-09-04 04:19 - 2016-08-25 23:10 - 01362368 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-09-04 04:19 - 2016-08-25 23:10 - 00548408 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-09-04 04:19 - 2016-08-25 23:10 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-09-04 04:19 - 2016-08-25 23:10 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-09-04 04:19 - 2016-08-25 23:10 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-09-04 04:19 - 2016-08-22 17:18 - 07320235 _____ C:\Windows\system32\nvcoproc.bin
2016-09-04 04:19 - 2016-05-04 04:23 - 00129824 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-09-04 04:19 - 2016-05-04 04:22 - 00130848 _____ C:\Windows\system32\vulkan-1.dll
2016-09-04 04:19 - 2016-05-04 04:22 - 00045344 _____ C:\Windows\system32\vulkaninfo.exe
2016-09-04 04:19 - 2016-05-04 04:22 - 00040224 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-09-04 04:18 - 2016-08-26 01:28 - 40070200 _____ C:\Windows\system32\nvcompiler.dll
2016-09-04 04:18 - 2016-08-26 01:28 - 35182648 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-09-04 04:18 - 2016-08-26 01:28 - 34801088 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-09-04 04:18 - 2016-08-26 01:28 - 28207672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-09-04 04:18 - 2016-08-26 01:28 - 19848080 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-09-04 04:18 - 2016-08-26 01:28 - 17463088 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-09-04 04:18 - 2016-08-26 01:28 - 17263792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-09-04 04:18 - 2016-08-26 01:28 - 14352816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-09-04 04:18 - 2016-08-26 01:28 - 14093368 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-09-04 04:18 - 2016-08-26 01:28 - 10865704 _____ C:\Windows\system32\nvptxJitCompiler.dll
2016-09-04 04:18 - 2016-08-26 01:28 - 10737632 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-09-04 04:18 - 2016-08-26 01:28 - 10278080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-09-04 04:18 - 2016-08-26 01:28 - 09086856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-09-04 04:18 - 2016-08-26 01:28 - 08875408 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-09-04 04:18 - 2016-08-26 01:28 - 08680696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-09-04 04:18 - 2016-08-26 01:28 - 03917512 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-09-04 04:18 - 2016-08-26 01:28 - 03594808 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-09-04 04:18 - 2016-08-26 01:28 - 03456888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-09-04 04:18 - 2016-08-26 01:28 - 03160512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-09-04 04:18 - 2016-08-26 01:28 - 01920960 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437270.dll
2016-09-04 04:18 - 2016-08-26 01:28 - 01586744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437270.dll
2016-09-04 04:18 - 2016-08-26 01:28 - 01019960 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-09-04 04:18 - 2016-08-26 01:28 - 00956352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-09-04 04:18 - 2016-08-26 01:28 - 00941504 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-09-04 04:18 - 2016-08-26 01:28 - 00892864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-09-04 04:18 - 2016-08-26 01:28 - 00686896 _____ C:\Windows\system32\nvfatbinaryLoader.dll
2016-09-04 04:18 - 2016-08-26 01:28 - 00575984 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-09-04 04:18 - 2016-08-26 01:28 - 00520912 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-09-04 04:18 - 2016-08-26 01:28 - 00437696 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-09-04 04:18 - 2016-08-26 01:28 - 00436088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-09-04 04:18 - 2016-08-26 01:28 - 00390200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-09-04 04:18 - 2016-08-26 01:28 - 00181488 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-09-04 04:18 - 2016-08-26 01:28 - 00159352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-09-04 04:18 - 2016-08-26 01:28 - 00039731 _____ C:\Windows\system32\nvinfo.pb
2016-09-04 04:18 - 2016-08-26 01:28 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-09-04 04:18 - 2016-08-26 01:28 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2016-09-04 03:58 - 2016-09-04 03:59 - 00003548 _____ C:\Windows\System32\Tasks\eM Client Database Backup
2016-09-04 03:57 - 2016-09-04 03:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2016-09-04 03:56 - 2016-09-04 03:56 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-09-04 03:56 - 2016-09-04 03:56 - 00000000 ____D C:\Program Files (x86)\Cisco
2016-09-04 03:54 - 2016-09-04 04:02 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-09-04 03:53 - 2016-09-04 03:53 - 00000000 ____D C:\ProgramData\IntelDLM
2016-09-04 03:52 - 2016-09-04 03:52 - 00003036 _____ C:\Windows\System32\Tasks\USER_ESRV_SVC_WILLAMETTE
2016-09-04 03:52 - 2016-09-04 03:52 - 00001190 _____ C:\Users\Public\Desktop\Intel(R) Driver Update Utility 2.6.lnk
2016-09-04 03:52 - 2016-09-04 03:52 - 00000000 ____D C:\Windows\System32\Tasks\Intel
2016-09-04 03:52 - 2016-09-04 03:52 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Intel
2016-09-04 03:52 - 2016-09-04 03:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2016-09-04 03:52 - 2016-09-04 03:52 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2016-09-04 03:52 - 2015-06-04 13:33 - 00021984 _____ C:\Windows\system32\Drivers\semav6msr64.sys
2016-09-04 03:29 - 2016-09-04 03:30 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\LocalLow\Adblock Plus for IE
2016-09-04 03:29 - 2016-09-04 03:29 - 00000000 ____D C:\Program Files\WOT
2016-09-04 03:29 - 2016-09-04 03:29 - 00000000 ____D C:\Program Files\Adblock Plus for IE
2016-09-04 03:29 - 2016-09-04 03:29 - 00000000 ____D C:\Program Files (x86)\WOT
2016-09-04 03:27 - 2016-09-04 03:27 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Downloads\ICQ
2016-09-04 02:51 - 2016-09-04 03:20 - 00000028 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\Neues Textdokument.txt
2016-09-03 23:08 - 2016-09-03 23:08 - 26155754 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Downloads\WebcamMax-8.0.1.2.MultiLanguage.Setup.exe
2016-09-03 18:36 - 2016-09-03 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
Code:
ATTFilter
2016-09-03 18:35 - 2016-09-03 18:35 - 00001015 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\Meine empfangenen Dateien.lnk
2016-09-03 18:31 - 2016-09-03 18:31 - 00000000 ____D C:\ProgramData\Google
2016-09-03 17:01 - 2016-09-04 17:54 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\qBittorrent
2016-09-03 17:01 - 2016-09-03 17:01 - 00001063 _____ C:\Users\Public\Desktop\qBittorrent.lnk
2016-09-03 17:01 - 2016-09-03 17:01 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\qBittorrent
2016-09-03 17:01 - 2016-09-03 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2016-09-03 17:01 - 2016-09-03 17:01 - 00000000 ____D C:\Program Files (x86)\qBittorrent
2016-09-03 16:54 - 2016-09-03 16:54 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\ESET
2016-09-03 16:47 - 2016-09-03 16:47 - 00000938 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\DVDStyler.lnk
2016-09-03 16:47 - 2016-09-03 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDStyler
2016-09-03 16:47 - 2016-09-03 16:47 - 00000000 ____D C:\Program Files\DVDStyler
2016-09-03 08:48 - 2016-09-03 08:48 - 00001034 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\MyVideo - WebcamMax.lnk
2016-09-03 08:48 - 2016-09-03 08:48 - 00001034 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\MyPhoto - WebcamMax.lnk
2016-09-03 08:29 - 2016-09-03 08:29 - 00001334 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioWizard.lnk
2016-09-03 08:29 - 2016-09-03 08:29 - 00001322 _____ C:\Users\Public\Desktop\AudioWizard.lnk
2016-09-03 08:29 - 2016-09-03 08:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2016-09-03 08:29 - 2016-09-03 08:29 - 00000000 ____D C:\Program Files\Realtek
2016-09-03 08:28 - 2014-08-26 18:58 - 04267480 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2016-09-03 08:28 - 2014-08-26 16:08 - 01321639 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2016-09-03 08:28 - 2014-08-22 16:19 - 67726848 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2016-09-03 08:28 - 2014-08-21 14:01 - 02855640 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2016-09-03 08:28 - 2014-08-18 14:29 - 00956120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2016-09-03 08:28 - 2014-08-18 11:40 - 03186544 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2016-09-03 08:28 - 2014-08-06 13:43 - 02860760 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2016-09-03 08:28 - 2014-06-17 19:17 - 00856992 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2016-09-03 08:28 - 2014-06-17 13:32 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2016-09-03 08:28 - 2014-06-09 10:59 - 00560328 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2016-09-03 08:28 - 2014-05-09 11:17 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2016-09-03 08:28 - 2014-04-17 17:42 - 01136728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2016-09-03 08:28 - 2014-04-10 12:20 - 01934424 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2016-09-03 08:28 - 2014-04-10 12:19 - 28343384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2016-09-03 08:28 - 2014-04-10 12:19 - 14863448 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2016-09-03 08:28 - 2014-04-10 12:19 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2016-09-03 08:28 - 2014-04-10 12:19 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2016-09-03 08:28 - 2014-04-10 12:19 - 01063512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2016-09-03 08:28 - 2014-04-07 16:03 - 06218072 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2016-09-03 08:28 - 2014-04-07 16:03 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2016-09-03 08:28 - 2014-04-07 16:03 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2016-09-03 08:28 - 2014-04-07 16:03 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2016-09-03 08:28 - 2014-03-06 16:35 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2016-09-03 08:28 - 2014-02-18 17:04 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2016-09-03 08:28 - 2013-10-11 12:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2016-09-03 08:28 - 2013-10-11 11:31 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2016-09-03 08:28 - 2013-10-07 00:26 - 00501184 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2016-09-03 08:28 - 2013-10-07 00:26 - 00487360 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2016-09-03 08:28 - 2013-10-07 00:26 - 00415680 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2016-09-03 08:28 - 2013-08-14 15:36 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2016-09-03 08:28 - 2013-08-14 15:35 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2016-09-03 08:28 - 2012-08-31 19:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2016-09-03 08:28 - 2012-08-31 19:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2016-09-03 08:28 - 2012-08-31 19:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2016-09-03 08:28 - 2012-08-31 19:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2016-09-03 08:28 - 2012-08-31 19:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2016-09-03 08:28 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2016-09-03 08:28 - 2012-01-10 10:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2016-09-03 08:28 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2016-09-03 08:28 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2016-09-03 08:28 - 2011-09-02 14:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2016-09-03 08:28 - 2011-09-02 14:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2016-09-03 08:28 - 2011-09-02 14:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2016-09-03 08:28 - 2011-08-23 17:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2016-09-03 08:28 - 2011-05-31 09:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2016-09-03 08:28 - 2011-05-31 09:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2016-09-03 08:28 - 2011-05-31 09:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2016-09-03 08:28 - 2011-05-31 09:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2016-09-03 08:28 - 2011-05-31 09:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2016-09-03 08:28 - 2011-05-31 09:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2016-09-03 08:28 - 2011-05-31 09:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2016-09-03 08:28 - 2011-05-31 09:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2016-09-03 08:28 - 2011-05-31 09:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2016-09-03 08:28 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2016-09-03 08:28 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2016-09-03 08:28 - 2011-05-31 09:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2016-09-03 08:28 - 2011-03-17 12:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2016-09-03 08:28 - 2011-03-07 17:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2016-09-03 08:28 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2016-09-03 08:28 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2016-09-03 08:28 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2016-09-03 08:28 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2016-09-03 08:28 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2016-09-03 08:28 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2016-09-03 08:28 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2016-09-03 08:28 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2016-09-03 08:28 - 2010-07-22 16:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2016-09-03 08:28 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2016-09-03 08:28 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2016-09-03 08:28 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2016-09-03 08:28 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2016-09-03 08:11 - 2016-09-03 08:29 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
Code:
ATTFilter
2016-09-03 08:11 - 2014-05-19 10:47 - 02080472 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2016-09-03 07:57 - 2016-09-04 04:18 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\NVIDIA
2016-09-03 07:51 - 2016-09-03 07:51 - 00027552 _____ (REALiX(tm)) C:\Windows\system32\Drivers\HWiNFO64A.SYS
2016-09-03 07:41 - 2016-09-04 04:39 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\NVIDIA Corporation
2016-09-03 07:41 - 2016-09-04 04:23 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-09-03 07:40 - 2016-09-04 17:54 - 00000000 ____D C:\ProgramData\NVIDIA
2016-09-03 07:40 - 2016-09-04 04:23 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-09-03 07:40 - 2016-09-01 10:29 - 00106040 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-09-03 07:40 - 2016-09-01 10:29 - 00095800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-09-03 07:40 - 2016-09-01 10:29 - 00047672 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-09-03 07:39 - 2016-09-04 04:23 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-09-03 07:35 - 2016-09-04 04:02 - 00000724 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) HD Graphics Control Panel.lnk
2016-09-03 07:35 - 2016-09-04 04:02 - 00000712 _____ C:\Users\Public\Desktop\Intel(R) HD Graphics Control Panel.lnk
2016-09-03 07:35 - 2016-05-12 22:06 - 00086528 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2016-09-03 07:35 - 2016-05-12 22:06 - 00082432 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2016-09-03 07:28 - 2016-09-03 08:46 - 00000000 ____D C:\ProgramData\WebcamMax
2016-09-03 07:28 - 2016-09-03 07:28 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\WebcamMax
2016-09-03 07:26 - 2016-09-03 07:26 - 00001039 _____ C:\Users\Public\Desktop\WebcamMax.lnk
2016-09-03 07:26 - 2016-09-03 07:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebcamMax
2016-09-03 07:26 - 2016-09-03 07:26 - 00000000 ____D C:\Program Files (x86)\WebcamMax
2016-09-03 07:10 - 2016-09-03 07:10 - 00000000 ____D C:\Program Files\Common Files\INCA Shared
2016-09-03 07:10 - 2016-07-12 12:52 - 05703752 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des
2016-09-03 07:10 - 2004-12-30 14:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys
2016-09-03 07:10 - 2003-07-15 23:17 - 00005174 _____ C:\Windows\SysWOW64\nppt9x.vxd
2016-09-03 07:08 - 2016-09-03 07:08 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\LibreOffice
2016-09-03 07:01 - 2016-09-03 07:01 - 00000000 ____D C:\ProgramData\C__Program Files (x86)_WebcamMax_wcmmon.exe
2016-09-03 06:35 - 2016-01-08 01:42 - 00993632 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2016-09-03 06:35 - 2016-01-08 01:42 - 00987848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2016-09-03 06:35 - 2016-01-08 01:42 - 00690016 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2016-09-03 06:35 - 2016-01-08 01:42 - 00484552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2016-09-03 06:27 - 2016-09-03 06:27 - 00000483 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\WIN81PRO2 (D).lnk
2016-09-03 06:25 - 2016-09-03 06:25 - 00000709 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\Downloads.lnk
2016-09-03 06:25 - 2016-09-03 06:25 - 00000709 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\Dokumente.lnk
2016-09-03 06:25 - 2016-09-03 06:25 - 00000698 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\Bilder.lnk
2016-09-03 06:25 - 2016-09-03 06:25 - 00000688 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\Videos.lnk
2016-09-03 06:25 - 2016-09-03 06:25 - 00000681 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\Musik.lnk
2016-09-03 06:25 - 2016-09-03 06:25 - 00000496 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\WIN81PRO (C).lnk
2016-09-03 06:24 - 2016-09-03 06:24 - 00000409 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\Run.lnk
2016-09-03 06:23 - 2016-09-03 06:23 - 00002236 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\Windows PowerShell.lnk
2016-09-03 06:23 - 2016-09-03 06:23 - 00001251 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\Default Programs.lnk
2016-09-03 06:23 - 2016-09-03 06:23 - 00001193 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\Sticky Notes.lnk
2016-09-03 06:23 - 2016-09-03 06:23 - 00001190 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\Sound Recorder.lnk
2016-09-03 06:23 - 2016-09-03 06:23 - 00001158 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\Notepad.lnk
2016-09-03 06:23 - 2016-09-03 06:23 - 00001142 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\Command Prompt.lnk
2016-09-03 06:23 - 2016-09-03 06:23 - 00001120 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\Task Manager.lnk
2016-09-03 06:23 - 2016-09-03 06:23 - 00001114 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\Paint.lnk
2016-09-03 06:23 - 2016-09-03 06:23 - 00001108 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\Calculator.lnk
2016-09-03 06:22 - 2016-09-03 06:22 - 00001134 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\Snipping Tool.lnk
2016-09-03 06:18 - 2016-09-03 06:18 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\CrystalDiskMark5
2016-09-03 06:16 - 2016-09-03 06:16 - 00001480 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\LibreOffice Impress.lnk
2016-09-03 06:16 - 2016-09-03 06:16 - 00001412 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\LibreOffice Calc.lnk
2016-09-03 06:16 - 2016-09-03 06:16 - 00001350 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\LibreOffice Base.lnk
2016-09-03 06:15 - 2016-09-03 06:15 - 00001498 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\LibreOffice Writer.lnk
2016-09-03 06:12 - 2016-09-03 06:13 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Freemake Music Box
2016-09-03 06:07 - 2016-09-04 17:08 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\CrashDumps
2016-09-03 06:04 - 2016-09-03 06:04 - 00002070 _____ C:\Users\Public\Desktop\FaceFilter v3.02 Standard.lnk
2016-09-03 06:04 - 2016-09-03 06:04 - 00000223 __RSH C:\Windows\FF3STET.BIN
2016-09-03 06:04 - 2016-09-03 06:04 - 00000000 ____D C:\Users\Public\Documents\Reallusion
2016-09-03 06:04 - 2016-09-03 06:04 - 00000000 ____D C:\ProgramData\Reallusion
2016-09-03 06:04 - 2016-09-03 06:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FaceFilter3
2016-09-03 06:04 - 2016-09-03 06:04 - 00000000 ____D C:\Program Files (x86)\Reallusion
2016-09-03 05:59 - 2016-09-03 06:00 - 00000000 ____D C:\ProgramData\Corel
2016-09-03 05:59 - 2016-09-03 05:59 - 00001233 _____ C:\Users\Public\Desktop\Corel PaintShop Pro X6 (64-bit).lnk
2016-09-03 05:59 - 2016-09-03 05:59 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Documents\Corel PaintShop Pro
2016-09-03 05:59 - 2016-09-03 05:59 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\Ulead Systems
2016-09-03 05:59 - 2016-09-03 05:59 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\Corel
2016-09-03 05:59 - 2016-09-03 05:59 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Corel PaintShop Pro
2016-09-03 05:59 - 2016-09-03 05:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Pro X6
2016-09-03 05:59 - 2016-09-03 05:59 - 00000000 ____D C:\Program Files\Corel
2016-09-03 05:59 - 2016-09-03 05:59 - 00000000 ____D C:\Program Files\Common Files\Protexis
2016-09-03 05:59 - 2016-09-03 05:59 - 00000000 ____D C:\Program Files (x86)\Corel
2016-09-03 05:58 - 2016-09-04 16:54 - 00001551 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\Eloa.lnk
2016-09-03 05:58 - 2016-09-03 05:58 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webzen
2016-09-03 05:57 - 2016-09-03 05:57 - 00000000 ____D C:\Webzen
2016-09-03 05:55 - 2016-09-04 17:55 - 00000943 _____ C:\Windows\Tasks\EPSON WF-2650 Series Update {20C13937-2ACC-4FA1-865D-C27A28D93FF2}.job
2016-09-03 05:55 - 2016-09-03 05:55 - 00003974 _____ C:\Windows\System32\Tasks\EPSON WF-2650 Series Update {20C13937-2ACC-4FA1-865D-C27A28D93FF2}
2016-09-03 05:54 - 2016-09-03 05:54 - 00000000 ____D C:\Program Files\Common Files\EPSON
2016-09-03 05:53 - 2016-09-03 05:57 - 00001166 _____ C:\Users\Public\Desktop\EPSON-Handbücher.lnk
2016-09-03 05:53 - 2016-09-03 05:53 - 00000123 _____ C:\Users\Public\Desktop\Epson Connect Site.url
2016-09-03 05:53 - 2016-09-03 05:53 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\Epson
2016-09-03 05:53 - 2016-09-03 05:53 - 00000000 ____D C:\Program Files\EpsonNet
2016-09-03 05:52 - 2016-09-04 16:06 - 00000000 ____D C:\Program Files (x86)\Epson Software
2016-09-03 05:52 - 2016-09-03 05:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2016-09-03 05:51 - 2016-09-04 16:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2016-09-03 05:51 - 2016-09-03 05:56 - 00000000 ____D C:\Program Files (x86)\epson
2016-09-03 05:51 - 2016-09-03 05:51 - 00000946 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2016-09-03 05:51 - 2014-02-25 00:00 - 00466944 _____ (Seiko Epson Corporation) C:\Windows\system32\esxw2ud.dll
2016-09-03 05:51 - 2013-12-06 04:05 - 00179712 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YLMBMBE.DLL
2016-09-03 05:51 - 2012-05-17 00:00 - 00144560 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc64.exe
2016-09-03 05:51 - 2011-03-15 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BMBE.DLL
2016-09-03 05:51 - 2010-11-22 13:27 - 00147472 _____ (TWAIN Working Group) C:\Windows\SysWOW64\twaindsm.dll
2016-09-03 05:51 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
2016-09-03 05:50 - 2016-09-03 05:54 - 00000000 ____D C:\ProgramData\Epson
Code:
ATTFilter
2016-09-03 05:48 - 2016-09-03 05:48 - 00000975 _____ C:\Users\Public\Desktop\WinFF.lnk
2016-09-03 05:48 - 2016-09-03 05:48 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\WinFF
2016-09-03 05:48 - 2016-09-03 05:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinFF
2016-09-03 05:48 - 2016-09-03 05:48 - 00000000 ____D C:\Program Files (x86)\WinFF
2016-09-03 05:47 - 2016-09-04 04:43 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\.VirtualBox
2016-09-03 05:47 - 2016-09-04 03:27 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\vlc
2016-09-03 05:47 - 2016-09-03 05:47 - 00001092 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2016-09-03 05:47 - 2016-09-03 05:47 - 00000887 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-09-03 05:47 - 2016-09-03 05:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-09-03 05:47 - 2016-09-03 05:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2016-09-03 05:47 - 2016-09-03 05:47 - 00000000 ____D C:\Program Files\VideoLAN
2016-09-03 05:47 - 2016-09-03 05:47 - 00000000 ____D C:\Program Files\Oracle
2016-09-03 05:47 - 2016-08-16 20:18 - 00920168 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2016-09-03 05:47 - 2016-08-16 20:18 - 00149256 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2016-09-03 05:46 - 2016-09-03 05:46 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Documents\ViberDownloads
2016-09-03 05:45 - 2016-09-04 17:54 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\ViberPC
2016-09-03 05:45 - 2016-09-03 07:41 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Viber
2016-09-03 05:45 - 2016-09-03 05:45 - 00001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-09-03 05:45 - 2016-09-03 05:45 - 00001043 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-09-03 05:45 - 2016-09-03 05:45 - 00000964 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk
2016-09-03 05:45 - 2016-09-03 05:45 - 00000962 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\Viber.lnk
2016-09-03 05:45 - 2016-09-03 05:45 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\TeamViewer
2016-09-03 05:45 - 2016-09-03 05:45 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber
2016-09-03 05:45 - 2016-09-03 05:45 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Package Cache
2016-09-03 05:44 - 2016-09-03 05:45 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-09-03 05:43 - 2016-09-04 17:54 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-03 05:43 - 2016-09-03 05:43 - 00000979 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2016-09-03 05:43 - 2016-09-03 05:43 - 00000975 _____ C:\Users\Public\Desktop\Steam.lnk
2016-09-03 05:43 - 2016-09-03 05:43 - 00000941 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2016-09-03 05:43 - 2016-09-03 05:43 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\LocalLow\Adobe
2016-09-03 05:43 - 2016-09-03 05:43 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Steam
2016-09-03 05:43 - 2016-09-03 05:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-09-03 05:43 - 2016-09-03 05:43 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2016-09-03 05:42 - 2016-09-03 06:28 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-09-03 05:42 - 2016-09-03 05:42 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-03 05:42 - 2016-09-03 05:42 - 00002067 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-09-03 05:39 - 2016-09-03 16:50 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\.openshot_qt
2016-09-03 05:39 - 2016-09-03 05:39 - 00000915 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenShot Video Editor.lnk
2016-09-03 05:39 - 2016-09-03 05:39 - 00000903 _____ C:\Users\Public\Desktop\OpenShot Video Editor.lnk
2016-09-03 05:39 - 2016-09-03 05:39 - 00000000 ____D C:\Program Files\OpenShot Video Editor
2016-09-03 05:35 - 2016-09-03 05:35 - 00000118 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-09-03 05:35 - 2016-09-03 05:35 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\epm
2016-09-03 05:33 - 2016-09-03 05:33 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2016-09-03 05:33 - 2016-09-03 05:33 - 00027840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2016-09-03 05:33 - 2016-09-03 05:33 - 00000218 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\recently-used.xbel
2016-09-03 05:30 - 2016-09-03 22:20 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-03 05:30 - 2016-09-03 05:30 - 00001114 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-09-03 05:30 - 2016-09-03 05:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-09-03 05:30 - 2016-09-03 05:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-03 05:30 - 2016-09-03 05:30 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-09-03 05:30 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-09-03 05:30 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-09-03 05:30 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-09-03 05:29 - 2016-09-03 05:29 - 00001042 _____ C:\Users\Public\Desktop\LoiLo Game Recorder.lnk
2016-09-03 05:29 - 2016-09-03 05:29 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\LoiLo
2016-09-03 05:29 - 2016-09-03 05:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LoiLo Game Recorder
2016-09-03 05:29 - 2016-09-03 05:29 - 00000000 ____D C:\Program Files\LoiLo
2016-09-03 05:25 - 2016-09-03 05:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.2
2016-09-03 05:25 - 2016-09-03 05:25 - 00000000 ____D C:\Program Files\LibreOffice 5
2016-09-03 05:22 - 2016-09-03 05:22 - 00001885 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\Kodi.lnk
2016-09-03 05:22 - 2016-09-03 05:22 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi
2016-09-03 05:22 - 2016-09-03 05:22 - 00000000 ____D C:\Program Files (x86)\Kodi
2016-09-03 05:21 - 2016-09-03 05:21 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-09-03 05:21 - 2016-09-03 05:21 - 00000000 ____D C:\Program Files\Java
2016-09-03 05:20 - 2016-09-03 05:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-09-03 05:20 - 2016-09-03 05:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-09-03 05:20 - 2016-09-03 05:20 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-09-03 05:20 - 2016-09-03 05:20 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\Sun
2016-09-03 05:20 - 2016-09-03 05:20 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\LocalLow\Sun
2016-09-03 05:20 - 2016-09-03 05:20 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\LocalLow\Oracle
2016-09-03 05:20 - 2016-09-03 05:20 - 00000000 ____D C:\ProgramData\Oracle
2016-09-03 05:20 - 2016-09-03 05:20 - 00000000 ____D C:\Program Files (x86)\Java
2016-09-03 05:19 - 2016-09-03 05:19 - 00000000 ____D C:\Program Files\GIMP Extensions
2016-09-03 05:19 - 2016-09-03 05:19 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-09-03 05:17 - 2016-09-03 05:19 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\.gimp-2.8
2016-09-03 05:17 - 2016-09-03 05:18 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\ICQ
2016-09-03 05:17 - 2016-09-03 05:17 - 00001895 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\ICQ.lnk
2016-09-03 05:17 - 2016-09-03 05:17 - 00001753 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\ICQ.lnk
2016-09-03 05:17 - 2016-09-03 05:17 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
2016-09-03 05:17 - 2016-09-03 05:17 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\gegl-0.2
2016-09-03 05:17 - 2016-09-03 05:17 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\fontconfig
2016-09-03 05:15 - 2016-09-03 05:15 - 00000910 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2016-09-03 05:15 - 2016-09-03 05:15 - 00000898 _____ C:\Users\Public\Desktop\GIMP 2.lnk
2016-09-03 05:15 - 2016-09-03 05:15 - 00000000 ____D C:\Program Files\GIMP 2
2016-09-03 05:10 - 2016-09-03 05:10 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\FreemakeVideoConverter
2016-09-03 05:08 - 2016-09-03 05:08 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2016-09-03 05:07 - 2016-09-03 06:14 - 00000000 ____D C:\Program Files (x86)\Freemake
2016-09-03 05:07 - 2016-09-03 05:33 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\deluge
2016-09-03 05:06 - 2016-09-03 15:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
2016-09-03 05:00 - 2016-09-04 17:54 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Free Download Manager
2016-09-03 05:00 - 2016-09-03 05:00 - 00002746 _____ C:\Windows\System32\Tasks\FreeDownloadManagerNetworkMonitor
2016-09-03 05:00 - 2016-09-03 05:00 - 00001128 _____ C:\Users\Public\Desktop\Free Download Manager 5.lnk
2016-09-03 05:00 - 2016-09-03 05:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
2016-09-03 05:00 - 2016-09-03 05:00 - 00000000 ____D C:\Program Files\FreeDownloadManager.ORG
2016-09-03 04:59 - 2016-09-03 04:59 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\FileZilla
2016-09-03 04:56 - 2016-09-03 04:58 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\Mozilla
2016-09-03 04:56 - 2016-09-03 04:58 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Mozilla
2016-09-03 04:56 - 2016-09-03 04:56 - 00001870 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2016-09-03 04:56 - 2016-09-03 04:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-09-03 04:56 - 2016-09-03 04:56 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2016-09-03 04:56 - 2016-09-03 04:56 - 00000000 ____D C:\Program Files (x86)\AdAware
2016-09-03 04:54 - 2016-09-03 04:54 - 00001404 _____ C:\Users\Public\Desktop\EaseUS Partition Master 11.8.lnk
2016-09-03 04:54 - 2016-09-03 04:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 11.8
2016-09-03 04:54 - 2016-09-03 04:54 - 00000000 ____D C:\Program Files (x86)\EaseUS
2016-09-03 04:54 - 2016-08-26 17:49 - 03843264 _____ C:\Windows\system32\BootMan.exe
Code:
ATTFilter
2016-09-03 04:54 - 2016-08-26 17:46 - 02928320 _____ C:\Windows\SysWOW64\BootMan.exe
2016-09-03 04:54 - 2016-07-11 10:01 - 00101984 _____ C:\Windows\system32\setupempdrvx64.exe
2016-09-03 04:54 - 2016-07-11 10:01 - 00088160 _____ C:\Windows\SysWOW64\setupempdrv03.exe
2016-09-03 04:54 - 2016-07-11 10:01 - 00010848 _____ C:\Windows\system32\EuGdiDrv.sys
2016-09-03 04:54 - 2016-07-11 10:01 - 00010208 _____ C:\Windows\SysWOW64\EuGdiDrv.sys
2016-09-03 04:54 - 2016-07-08 15:28 - 00248832 _____ C:\Windows\SysWOW64\epmntdrv.pdb
2016-09-03 04:54 - 2016-01-14 10:05 - 00024056 _____ C:\Windows\system32\epmntdrv.sys
2016-09-03 04:54 - 2016-01-14 10:05 - 00021496 _____ C:\Windows\SysWOW64\epmntdrv.sys
2016-09-03 04:54 - 2014-11-18 14:46 - 00021088 _____ C:\Windows\SysWOW64\EuEpmGdi.dll
2016-09-03 04:54 - 2014-11-18 14:46 - 00017504 _____ C:\Windows\system32\EuEpmGdi.dll
2016-09-03 04:52 - 2016-09-03 09:14 - 00000000 __SHD C:\ProgramData\360Quarant
2016-09-03 04:52 - 2016-09-03 09:14 - 00000000 __SHD C:\$360Section
2016-09-03 04:52 - 2016-09-03 04:52 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\.thumb
2016-09-03 04:51 - 2016-09-03 04:51 - 00001819 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\CrystalDiskMark 5.lnk
2016-09-03 04:51 - 2016-09-03 04:51 - 00000842 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\HWiNFO64 Program.lnk
2016-09-03 04:51 - 2016-09-03 04:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
2016-09-03 04:51 - 2016-09-03 04:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskMark5
2016-09-03 04:51 - 2016-09-03 04:51 - 00000000 ____D C:\Program Files\HWiNFO64
2016-09-03 04:51 - 2016-09-03 04:51 - 00000000 ____D C:\Program Files\CrystalDiskMark5
2016-09-03 04:50 - 2016-09-03 06:18 - 00000000 ____D C:\Program Files (x86)\CrystalDiskInfo
2016-09-03 04:50 - 2016-09-03 04:50 - 00001251 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\CrystalDiskInfo Shizuku Edition.lnk
2016-09-03 04:50 - 2016-09-03 04:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2016-09-03 04:48 - 2016-09-03 04:48 - 00001157 _____ C:\Users\Public\Desktop\QuickMediaConverter.lnk
2016-09-03 04:48 - 2016-09-03 04:48 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\Cocoon Software
2016-09-03 04:48 - 2016-09-03 04:48 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\WDSetup
2016-09-03 04:48 - 2016-09-03 04:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickMediaConverter
2016-09-03 04:48 - 2016-09-03 04:48 - 00000000 ____D C:\Program Files (x86)\QUICKMEDIACONVERTER
2016-09-03 04:45 - 2016-09-03 04:53 - 00000000 ___HD C:\Windows\msdownld.tmp
2016-09-03 04:45 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2016-09-03 04:45 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2016-09-03 04:45 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2016-09-03 04:45 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2016-09-03 04:45 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2016-09-03 04:45 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2016-09-03 04:45 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2016-09-03 04:45 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2016-09-03 04:45 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2016-09-03 04:45 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2016-09-03 04:45 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2016-09-03 04:45 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2016-09-03 04:45 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2016-09-03 04:45 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2016-09-03 04:45 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2016-09-03 04:45 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2016-09-03 04:45 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2016-09-03 04:45 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2016-09-03 04:45 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2016-09-03 04:45 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2016-09-03 04:45 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2016-09-03 04:45 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2016-09-03 04:45 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2016-09-03 04:45 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2016-09-03 04:45 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2016-09-03 04:45 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2016-09-03 04:45 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2016-09-03 04:45 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2016-09-03 04:45 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2016-09-03 04:45 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2016-09-03 04:45 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2016-09-03 04:45 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2016-09-03 04:45 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2016-09-03 04:45 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2016-09-03 04:45 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2016-09-03 04:45 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2016-09-03 04:45 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2016-09-03 04:45 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2016-09-03 04:45 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2016-09-03 04:45 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2016-09-03 04:45 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2016-09-03 04:45 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2016-09-03 04:45 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2016-09-03 04:45 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2016-09-03 04:45 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2016-09-03 04:45 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2016-09-03 04:45 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2016-09-03 04:45 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2016-09-03 04:45 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2016-09-03 04:45 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2016-09-03 04:45 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2016-09-03 04:45 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2016-09-03 04:45 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2016-09-03 04:45 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2016-09-03 04:45 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2016-09-03 04:45 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2016-09-03 04:45 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2016-09-03 04:45 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2016-09-03 04:45 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2016-09-03 04:45 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2016-09-03 04:45 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2016-09-03 04:45 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2016-09-03 04:45 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2016-09-03 04:45 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2016-09-03 04:45 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2016-09-03 04:45 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2016-09-03 04:45 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2016-09-03 04:45 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2016-09-03 04:45 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2016-09-03 04:45 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2016-09-03 04:45 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2016-09-03 04:45 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2016-09-03 04:45 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2016-09-03 04:45 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2016-09-03 04:45 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2016-09-03 04:45 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2016-09-03 04:45 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2016-09-03 04:45 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
Code:
ATTFilter
2016-09-03 04:45 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2016-09-03 04:45 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2016-09-03 04:45 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2016-09-03 04:45 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2016-09-03 04:45 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2016-09-03 04:45 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2016-09-03 04:45 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2016-09-03 04:45 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2016-09-03 04:45 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2016-09-03 04:45 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2016-09-03 04:45 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2016-09-03 04:45 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2016-09-03 04:45 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2016-09-03 04:45 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2016-09-03 04:45 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2016-09-03 04:45 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2016-09-03 04:45 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2016-09-03 04:45 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2016-09-03 04:45 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2016-09-03 04:45 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2016-09-03 04:45 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2016-09-03 04:45 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2016-09-03 04:45 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2016-09-03 04:45 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2016-09-03 04:45 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2016-09-03 04:45 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2016-09-03 04:45 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2016-09-03 04:45 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2016-09-03 04:45 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2016-09-03 04:45 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2016-09-03 04:45 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2016-09-03 04:45 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2016-09-03 04:45 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2016-09-03 04:45 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2016-09-03 04:45 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2016-09-03 04:45 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2016-09-03 04:45 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2016-09-03 04:45 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2016-09-03 04:45 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2016-09-03 04:45 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2016-09-03 04:45 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2016-09-03 04:45 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2016-09-03 04:45 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2016-09-03 04:45 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2016-09-03 04:45 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2016-09-03 04:45 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2016-09-03 04:45 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2016-09-03 04:45 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2016-09-03 04:45 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2016-09-03 04:45 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2016-09-03 04:45 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2016-09-03 04:45 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2016-09-03 04:45 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2016-09-03 04:45 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2016-09-03 04:45 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2016-09-03 04:45 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2016-09-03 04:45 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2016-09-03 04:45 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2016-09-03 04:45 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2016-09-03 04:45 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2016-09-03 04:45 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2016-09-03 04:45 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2016-09-03 04:45 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2016-09-03 04:45 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2016-09-03 04:45 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2016-09-03 04:45 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2016-09-03 04:45 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2016-09-03 04:45 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2016-09-03 04:45 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2016-09-03 04:45 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2016-09-03 04:45 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2016-09-03 04:45 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2016-09-03 04:45 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2016-09-03 04:45 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2016-09-03 04:45 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2016-09-03 04:45 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2016-09-03 04:45 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2016-09-03 04:45 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2016-09-03 04:45 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2016-09-03 04:45 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2016-09-03 04:45 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2016-09-03 04:45 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2016-09-03 04:45 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2016-09-03 04:45 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2016-09-03 04:45 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2016-09-03 04:45 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2016-09-03 04:45 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2016-09-03 04:45 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2016-09-03 04:45 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2016-09-03 04:45 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2016-09-03 04:45 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2016-09-03 04:45 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2016-09-03 04:45 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2016-09-03 04:45 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2016-09-03 04:45 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2016-09-03 04:45 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2016-09-03 04:45 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2016-09-03 04:45 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2016-09-03 04:44 - 2016-09-03 04:53 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-09-03 04:43 - 2016-09-03 04:43 - 00001417 _____ C:\Users\Public\Desktop\AnyMP4 DVD Ripper.lnk
2016-09-03 04:42 - 2016-09-03 05:14 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Documents\AnyMP4 Studio
2016-09-03 04:42 - 2016-09-03 04:43 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\AnyMP4 Studio
2016-09-03 04:42 - 2016-09-03 04:42 - 00001473 _____ C:\Users\Public\Desktop\AnyMP4 Blu-ray Ripper.lnk
2016-09-03 04:41 - 2016-09-03 04:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyMP4
2016-09-03 04:41 - 2016-09-03 04:43 - 00000000 ____D C:\Program Files (x86)\AnyMP4 Studio
2016-09-03 04:41 - 2016-09-03 04:42 - 00000000 ____D C:\ProgramData\AnyMP4 Studio
2016-09-03 04:41 - 2016-09-03 04:41 - 00001473 _____ C:\Users\Public\Desktop\AnyMP4 Blu-ray Player.lnk
2016-09-03 04:40 - 2016-09-03 08:50 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\Audacity
2016-09-03 04:40 - 2016-09-03 04:40 - 00001031 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-09-03 04:40 - 2016-09-03 04:40 - 00001019 _____ C:\Users\Public\Desktop\Audacity.lnk
2016-09-03 04:40 - 2016-09-03 04:40 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Audacity
2016-09-03 04:40 - 2016-09-03 04:40 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2016-09-03 04:40 - 2016-09-03 04:40 - 00000000 ____D C:\Program Files (x86)\FFmpeg for Audacity
2016-09-03 04:40 - 2016-09-03 04:40 - 00000000 ____D C:\Program Files (x86)\Audacity
Code:
ATTFilter
2016-09-03 04:39 - 2016-09-03 04:39 - 00001452 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio 2016.lnk
2016-09-03 04:39 - 2016-09-03 04:39 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\Ashampoo
2016-09-03 04:39 - 2016-09-03 04:39 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\ashampoo
2016-09-03 04:39 - 2016-09-03 04:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2016-09-03 04:38 - 2016-09-03 04:39 - 00000000 ____D C:\ProgramData\Ashampoo
2016-09-03 04:38 - 2016-09-03 04:38 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2016-09-03 04:37 - 2016-09-04 17:35 - 00003680 _____ C:\Windows\System32\Tasks\AupAvUpdate
2016-09-03 04:37 - 2016-09-04 17:35 - 00003460 _____ C:\Windows\System32\Tasks\UninstallMonitor
2016-09-03 04:37 - 2016-09-04 04:38 - 00000360 _____ C:\Windows\Tasks\Health-Check.job
2016-09-03 04:37 - 2016-09-04 03:35 - 00000368 _____ C:\Windows\Tasks\Health-Check-deep.job
2016-09-03 04:37 - 2016-09-03 06:28 - 00000000 ____D C:\ProgramData\Adobe
2016-09-03 04:37 - 2016-09-03 05:43 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Adobe
2016-09-03 04:37 - 2016-09-03 05:42 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-09-03 04:37 - 2016-09-03 04:37 - 00002924 _____ C:\Windows\System32\Tasks\Health-Check-deep
2016-09-03 04:37 - 2016-09-03 04:37 - 00002916 _____ C:\Windows\System32\Tasks\Health-Check
2016-09-03 04:37 - 2016-09-03 04:37 - 00001657 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\Advanced Uninstaller PRO 12.lnk
2016-09-03 04:37 - 2016-09-03 04:37 - 00001541 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 12.lnk
2016-09-03 04:37 - 2016-09-03 04:37 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-09-03 04:37 - 2016-09-03 04:37 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-09-03 04:37 - 2016-09-03 04:37 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Innovative Solutions
2016-09-03 04:37 - 2016-09-03 04:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
2016-09-03 04:37 - 2016-09-03 04:37 - 00000000 ____D C:\ProgramData\Innovative Solutions
2016-09-03 04:37 - 2016-09-03 04:37 - 00000000 ____D C:\Program Files (x86)\Innovative Solutions
2016-09-03 04:37 - 2014-03-07 11:25 - 00042496 _____ C:\Windows\SysWOW64\AdvUninstCPL.cpl
2016-09-03 04:32 - 2016-09-04 04:10 - 00000401 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2016-09-03 04:30 - 2016-05-12 21:03 - 01131008 _____ (Intel Corporation) C:\Windows\system32\GfxResources.dll
2016-09-03 04:30 - 2016-05-12 21:03 - 00641530 _____ C:\Windows\system32\FilmModeDetection.wmv
2016-09-03 04:30 - 2016-05-12 21:03 - 00403671 _____ C:\Windows\system32\ImageStabilization.wmv
2016-09-03 04:30 - 2016-05-12 21:03 - 00375173 _____ C:\Windows\system32\ColorImageEnhancement.wmv
2016-09-03 04:21 - 2016-09-04 15:35 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\360safe
2016-09-03 04:20 - 2016-09-04 17:54 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\LocalLow\360WD
2016-09-03 04:20 - 2016-09-03 16:45 - 00000000 ____D C:\ProgramData\360safe
2016-09-03 04:20 - 2016-09-03 15:15 - 00000000 ____D C:\ProgramData\360TotalSecurity
2016-09-03 04:20 - 2016-08-10 12:54 - 00391392 _____ (360.cn) C:\Windows\system32\Drivers\360fsflt.sys
2016-09-03 04:20 - 2016-08-10 12:54 - 00086248 _____ (360.cn) C:\Windows\SysWOW64\Drivers\360AvFlt.sys
2016-09-03 04:19 - 2016-09-03 04:19 - 00001165 _____ C:\Users\Public\Desktop\360 Total Security.lnk
2016-09-03 04:19 - 2016-09-03 04:19 - 00000000 _RSHD C:\360SANDBOX
2016-09-03 04:19 - 2016-09-03 04:19 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360 Security Center
2016-09-03 04:19 - 2016-09-03 04:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
2016-09-03 04:19 - 2016-09-03 04:19 - 00000000 ____D C:\Program Files (x86)\360
2016-09-03 04:19 - 2016-08-10 12:54 - 00330472 _____ (360.cn) C:\Windows\system32\Drivers\360Box64.sys
2016-09-03 04:19 - 2016-08-10 12:54 - 00190696 _____ (360.cn) C:\Windows\system32\Drivers\BAPIDRV64.SYS
2016-09-03 04:19 - 2016-08-10 12:54 - 00151784 _____ (360.cn) C:\Windows\system32\Drivers\360AntiHacker64.sys
2016-09-03 04:19 - 2016-08-10 12:54 - 00086248 _____ (360.cn) C:\Windows\system32\Drivers\360AvFlt.sys
2016-09-03 04:19 - 2016-08-10 12:54 - 00040520 _____ (360.cn) C:\Windows\system32\Drivers\360Camera64.sys
2016-09-03 04:10 - 2016-07-12 16:08 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2016-09-03 04:10 - 2016-06-18 22:06 - 00590688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2016-09-03 04:10 - 2016-06-18 22:06 - 00072408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys
2016-09-03 04:10 - 2016-06-11 21:52 - 00379232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2016-09-03 04:10 - 2016-06-11 21:52 - 00057184 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2016-09-03 04:10 - 2016-06-11 20:05 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\gpresult.exe
2016-09-03 04:10 - 2016-06-11 19:14 - 00192512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpresult.exe
2016-09-03 04:10 - 2016-06-11 18:50 - 00987136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-09-03 04:10 - 2016-06-11 18:46 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\tpmvsc.dll
2016-09-03 04:10 - 2016-06-11 18:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-09-03 04:10 - 2016-06-11 18:37 - 00796672 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-09-03 04:10 - 2016-06-11 18:24 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-09-03 04:10 - 2016-06-11 18:20 - 00413184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-09-03 04:10 - 2016-06-11 18:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-09-03 04:10 - 2016-06-11 05:44 - 00107984 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2016-09-03 04:10 - 2016-06-11 05:44 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2016-09-03 04:10 - 2016-06-10 23:34 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsp.sys
2016-09-03 04:10 - 2016-06-10 22:07 - 03820544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2016-09-03 04:10 - 2016-06-10 22:03 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-03 04:10 - 2016-06-10 20:11 - 06521800 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2016-09-03 04:10 - 2016-06-10 20:11 - 01487992 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2016-09-03 04:10 - 2016-06-10 20:11 - 00261376 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2016-09-03 04:10 - 2016-06-10 20:11 - 00125024 _____ (Microsoft Corporation) C:\Windows\system32\cryptxml.dll
2016-09-03 04:10 - 2016-06-10 20:10 - 00099136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptxml.dll
2016-09-03 04:10 - 2016-06-10 20:07 - 03273728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2016-09-03 04:10 - 2016-06-10 20:04 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-09-03 04:10 - 2016-06-09 21:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-09-03 04:10 - 2016-06-09 20:18 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-09-03 04:10 - 2016-06-07 20:10 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\hbaapi.dll
2016-09-03 04:10 - 2016-06-07 19:13 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hbaapi.dll
2016-09-03 04:10 - 2016-06-04 02:38 - 01613528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-09-03 04:10 - 2016-06-04 02:37 - 01970968 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-09-03 04:10 - 2016-05-29 09:08 - 22361344 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-09-03 04:10 - 2016-05-28 20:31 - 19788688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-09-03 04:10 - 2016-05-18 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2016-09-03 04:10 - 2016-05-18 23:15 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2016-09-03 04:10 - 2016-05-18 22:56 - 01291776 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2016-09-03 04:10 - 2016-05-18 22:33 - 01060352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2016-09-03 04:10 - 2016-05-18 22:28 - 02635264 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2016-09-03 04:10 - 2016-05-18 22:16 - 02317824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2016-09-03 04:10 - 2016-05-14 22:26 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-09-03 04:10 - 2016-05-14 07:19 - 01134768 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-09-03 04:10 - 2016-05-14 01:08 - 00111616 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2016-09-03 04:10 - 2016-05-14 01:08 - 00032768 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2016-09-03 04:10 - 2016-05-14 01:08 - 00032512 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2016-09-03 04:10 - 2016-05-14 00:24 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-09-03 04:10 - 2016-05-13 23:42 - 03667968 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-09-03 04:10 - 2016-05-13 23:30 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-09-03 04:10 - 2016-05-13 23:29 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-09-03 04:10 - 2016-05-13 23:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2016-09-03 04:10 - 2016-05-13 23:27 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-09-03 04:10 - 2016-05-13 23:26 - 02230784 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-09-03 04:10 - 2016-05-13 23:26 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-09-03 04:10 - 2016-05-13 23:18 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-09-03 04:10 - 2016-05-13 23:18 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-09-03 04:10 - 2016-05-13 23:16 - 00727040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-09-03 04:10 - 2016-05-13 23:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-09-03 04:10 - 2016-05-12 20:36 - 00034600 _____ (Microsoft Corporation) C:\Windows\system32\UserAccountBroker.exe
2016-09-03 04:10 - 2016-05-12 19:39 - 00030984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserAccountBroker.exe
2016-09-03 04:10 - 2016-05-06 23:59 - 00331608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2016-09-03 04:10 - 2016-05-06 19:13 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-09-03 04:10 - 2016-05-05 19:18 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-09-03 04:10 - 2016-05-05 19:02 - 03320832 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-09-03 04:10 - 2016-05-05 18:37 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-09-03 04:10 - 2016-05-05 18:34 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-09-03 04:10 - 2016-05-05 18:29 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-09-03 04:10 - 2016-05-05 17:28 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-09-03 04:10 - 2016-05-05 17:16 - 02464768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-09-03 04:10 - 2016-04-12 17:46 - 14467584 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-09-03 04:10 - 2016-04-12 17:30 - 12879872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-09-03 04:10 - 2016-04-10 07:35 - 00551256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2016-09-03 04:10 - 2016-04-10 00:15 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2016-09-03 04:10 - 2016-04-10 00:14 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Geolocation.dll
2016-09-03 04:10 - 2016-04-10 00:10 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-09-03 04:10 - 2016-04-10 00:09 - 00754176 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2016-09-03 04:10 - 2016-04-10 00:02 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2016-09-03 04:10 - 2016-04-09 23:59 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Geolocation.dll
2016-09-03 04:10 - 2016-04-09 23:59 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2016-09-03 04:10 - 2016-04-09 23:56 - 00543232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2016-09-03 04:10 - 2016-04-09 23:55 - 00881152 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2016-09-03 04:10 - 2016-04-09 23:52 - 00281088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
__________________
Alt 04.09.2016, 17:18   #4
josy1982
 
Verdächtige Aktivitäten - Standard

Verdächtige Aktivitäten


Code:
ATTFilter
2016-09-03 04:10 - 2016-04-07 18:06 - 00927744 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2016-09-03 04:10 - 2016-04-06 23:21 - 00114528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys
2016-09-03 04:10 - 2016-04-06 20:20 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys
2016-09-03 04:10 - 2016-04-06 20:20 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2016-09-03 04:10 - 2016-04-06 20:17 - 18825216 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2016-09-03 04:10 - 2016-04-06 18:25 - 15158272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2016-09-03 04:10 - 2016-04-06 00:37 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys
2016-09-03 04:10 - 2016-04-02 16:09 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfg.exe
2016-09-03 04:10 - 2016-04-02 15:58 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfgLib.dll
2016-09-03 04:10 - 2016-04-01 19:40 - 00322048 _____ (Microsoft Corporation) C:\Windows\system32\fvecpl.dll
2016-09-03 04:10 - 2016-04-01 18:53 - 00348672 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2016-09-03 04:10 - 2016-04-01 18:50 - 00737280 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-09-03 04:10 - 2016-02-04 18:57 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\httpprxp.dll
2016-09-03 04:10 - 2016-02-04 18:49 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2016-09-03 04:10 - 2016-02-04 18:39 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2016-09-03 03:44 - 2016-09-03 03:44 - 00000000 ____D C:\Windows\system32\appraiser
2016-09-03 03:32 - 2016-09-03 03:32 - 00000978 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Desktop\eM Client.lnk
2016-09-03 03:30 - 2015-07-30 16:04 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-09-03 03:30 - 2015-07-30 15:48 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-09-03 02:44 - 2016-09-03 02:46 - 00000000 ____D C:\Windows\system32\MRT
2016-09-03 02:44 - 2016-09-03 02:44 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-09-03 02:41 - 2016-09-03 02:41 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Documents\cfvbnm
2016-09-03 02:32 - 2016-07-27 21:25 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-09-03 02:25 - 2015-01-06 05:01 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2016-09-03 02:25 - 2015-01-06 04:59 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2016-09-03 02:25 - 2015-01-06 03:12 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2016-09-03 02:25 - 2015-01-06 03:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2016-09-03 02:24 - 2016-09-03 02:24 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2016-09-03 02:22 - 2016-09-03 02:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-09-03 02:21 - 2016-09-03 02:21 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-09-03 02:21 - 2016-09-03 02:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-09-03 02:21 - 2016-05-12 20:38 - 00135336 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-09-03 02:21 - 2016-05-12 19:43 - 00115704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-09-03 02:21 - 2016-05-12 18:24 - 00678912 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-09-03 02:21 - 2016-05-12 18:17 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-09-03 02:21 - 2016-05-12 18:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-09-03 02:21 - 2016-05-12 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-09-03 02:21 - 2016-05-12 18:07 - 01360896 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-09-03 02:21 - 2016-05-12 17:59 - 00398848 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-09-03 02:21 - 2016-05-12 17:48 - 00580096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2016-09-03 02:21 - 2016-05-12 17:43 - 00291328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-09-03 02:21 - 2016-05-12 17:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
2016-09-03 02:21 - 2016-05-12 17:37 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-09-03 02:21 - 2016-03-31 08:50 - 01307328 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-09-03 02:21 - 2016-03-31 05:40 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-09-03 02:21 - 2016-01-10 19:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\cfgbkend.dll
2016-09-03 02:21 - 2016-01-10 19:16 - 00898048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-09-03 02:21 - 2016-01-10 19:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgbkend.dll
2016-09-03 02:21 - 2016-01-10 19:12 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-09-03 02:21 - 2016-01-10 18:51 - 00702976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-09-03 02:21 - 2016-01-10 18:49 - 00443392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-09-03 02:21 - 2015-12-30 23:53 - 02017624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-09-03 02:21 - 2015-04-30 01:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2016-09-03 02:21 - 2015-01-27 05:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2016-09-03 02:21 - 2015-01-24 03:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2016-09-03 02:20 - 2015-01-23 09:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2016-09-03 02:20 - 2015-01-23 07:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2016-09-03 02:20 - 2014-11-10 04:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2016-09-03 02:20 - 2014-11-10 03:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2016-09-03 02:19 - 2016-07-08 16:18 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-03 02:19 - 2016-06-25 20:13 - 00165376 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-09-03 02:19 - 2016-06-25 18:24 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-09-03 02:19 - 2016-06-25 18:15 - 01094656 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-09-03 02:19 - 2016-06-25 18:13 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-09-03 02:19 - 2016-06-25 18:05 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-09-03 02:19 - 2016-05-06 17:45 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-09-03 02:19 - 2016-05-06 17:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-09-03 02:19 - 2016-04-09 23:58 - 00534016 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2016-09-03 02:19 - 2016-04-09 23:50 - 00375296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2016-09-03 02:19 - 2016-04-06 23:13 - 00137976 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-09-03 02:19 - 2016-04-06 19:49 - 00120384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-09-03 02:19 - 2016-03-11 16:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-09-03 02:19 - 2016-03-10 19:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-09-03 02:19 - 2016-03-10 18:48 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-09-03 02:19 - 2016-02-05 16:46 - 01455104 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2016-09-03 02:19 - 2016-02-02 20:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2016-09-03 02:19 - 2016-01-30 21:50 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2016-09-03 02:19 - 2016-01-30 21:00 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2016-09-03 02:19 - 2016-01-30 20:48 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2016-09-03 02:19 - 2016-01-30 20:18 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2016-09-03 02:19 - 2016-01-30 19:48 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2016-09-03 02:19 - 2016-01-30 19:41 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2016-09-03 02:19 - 2016-01-24 20:19 - 00419160 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2016-09-03 02:19 - 2016-01-24 13:57 - 01335296 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2016-09-03 02:19 - 2016-01-24 13:45 - 01063424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2016-09-03 02:19 - 2016-01-21 21:35 - 00952928 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2016-09-03 02:19 - 2016-01-21 20:42 - 00786152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2016-09-03 02:19 - 2016-01-09 03:38 - 00091992 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-09-03 02:19 - 2015-12-16 19:11 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2016-09-03 02:19 - 2015-12-16 18:51 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2016-09-03 02:19 - 2015-12-05 07:58 - 02745184 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-09-03 02:19 - 2015-12-05 07:58 - 02528784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-09-03 02:19 - 2015-12-05 07:58 - 02450240 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-09-03 02:19 - 2015-12-05 07:58 - 02447136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-09-03 02:19 - 2015-12-05 07:58 - 02334104 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2016-09-03 02:19 - 2015-12-05 07:58 - 02324744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2016-09-03 02:19 - 2015-12-05 07:58 - 01877504 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-09-03 02:19 - 2015-12-05 07:58 - 01798480 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-09-03 02:19 - 2015-12-05 07:58 - 01484888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-09-03 02:19 - 2015-12-05 07:58 - 01288128 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2016-09-03 02:19 - 2015-12-05 07:58 - 01210200 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-09-03 02:19 - 2015-12-05 07:58 - 01150232 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-09-03 02:19 - 2015-12-05 07:58 - 01115640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2016-09-03 02:19 - 2015-12-05 07:58 - 01037680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-09-03 02:19 - 2015-12-05 07:58 - 00914672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-09-03 02:19 - 2015-12-05 07:58 - 00850680 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2016-09-03 02:19 - 2015-12-05 07:58 - 00735496 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-09-03 02:19 - 2015-12-05 07:58 - 00700360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2016-09-03 02:19 - 2015-12-05 07:58 - 00629600 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-09-03 02:19 - 2015-12-05 07:58 - 00584656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-09-03 02:19 - 2015-12-05 07:58 - 00557856 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-09-03 02:19 - 2015-12-05 07:58 - 00498472 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-09-03 02:19 - 2015-12-05 07:58 - 00492736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-09-03 02:19 - 2015-12-05 07:58 - 00463776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-09-03 02:19 - 2015-12-05 07:58 - 00399776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-09-03 02:19 - 2015-12-05 07:58 - 00299080 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-09-03 02:19 - 2015-12-05 07:58 - 00275312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-09-03 02:19 - 2015-12-05 07:58 - 00274280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-09-03 02:19 - 2015-12-05 07:58 - 00250520 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-09-03 02:19 - 2015-12-05 07:58 - 00248432 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-09-03 02:19 - 2015-12-05 07:58 - 00246856 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-09-03 02:19 - 2015-12-05 07:58 - 00244296 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-09-03 02:19 - 2015-12-05 07:58 - 00229272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-09-03 02:19 - 2015-12-05 07:58 - 00203016 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-09-03 02:19 - 2015-12-05 07:58 - 00184912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-09-03 02:19 - 2015-12-05 07:58 - 00183856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-09-03 02:19 - 2015-12-05 07:58 - 00116720 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-09-03 02:19 - 2015-12-05 07:58 - 00110544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-09-03 02:19 - 2015-12-05 07:58 - 00099136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-09-03 02:19 - 2015-12-05 07:58 - 00090904 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-09-03 02:19 - 2015-12-05 07:58 - 00090392 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-09-03 02:19 - 2015-12-05 07:58 - 00081032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-09-03 02:19 - 2015-12-05 07:58 - 00076936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-09-03 02:19 - 2015-12-03 20:07 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-09-03 02:19 - 2015-12-03 20:07 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-09-03 02:19 - 2015-12-03 20:05 - 00644608 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-09-03 02:19 - 2015-12-03 20:02 - 01664000 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-09-03 02:19 - 2015-12-03 20:00 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-09-03 02:19 - 2015-12-03 19:58 - 00378880 ____C (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-09-03 02:19 - 2015-12-03 19:36 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-09-03 02:19 - 2015-12-03 19:30 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-09-03 02:19 - 2015-12-03 19:28 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-09-03 02:19 - 2015-12-03 19:28 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-09-03 02:19 - 2015-12-03 19:27 - 00736256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-09-03 02:19 - 2015-12-03 19:24 - 01411584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-09-03 02:19 - 2015-12-03 19:23 - 00402432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-09-03 02:19 - 2015-12-03 19:06 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-09-03 02:19 - 2015-12-03 19:01 - 00743936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-09-03 02:19 - 2015-12-03 18:40 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-09-03 02:19 - 2015-12-03 18:29 - 00887296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-09-03 02:19 - 2015-12-02 17:04 - 00670208 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-09-03 02:19 - 2015-12-02 17:01 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-09-03 02:19 - 2015-11-05 10:59 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2016-09-03 02:19 - 2015-10-22 19:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2016-09-03 02:19 - 2015-10-22 19:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZST.DLL
2016-09-03 02:19 - 2015-10-22 19:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2016-09-03 02:19 - 2015-10-22 19:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
Code:
ATTFilter
2016-09-03 02:19 - 2015-10-22 18:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2016-09-03 02:19 - 2015-10-22 18:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZST.DLL
2016-09-03 02:19 - 2015-10-22 18:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2016-09-03 02:19 - 2015-10-22 18:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2016-09-03 02:19 - 2015-10-22 18:21 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2016-09-03 02:19 - 2015-10-22 17:58 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2016-09-03 02:19 - 2015-10-22 16:08 - 00513456 _____ C:\Windows\SysWOW64\locale.nls
2016-09-03 02:19 - 2015-10-22 16:08 - 00513456 _____ C:\Windows\system32\locale.nls
2016-09-03 02:19 - 2015-09-29 14:24 - 00155480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2016-09-03 02:19 - 2015-09-04 21:24 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2016-09-03 02:19 - 2015-09-03 04:18 - 02531400 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2016-09-03 02:19 - 2015-09-03 04:17 - 01903848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2016-09-03 02:19 - 2015-08-06 18:47 - 04710400 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2016-09-03 02:19 - 2015-08-06 18:18 - 04068352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2016-09-03 02:19 - 2015-05-30 23:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2016-09-03 02:19 - 2015-05-30 21:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2016-09-03 02:19 - 2015-05-30 21:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-09-03 02:19 - 2015-05-07 18:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2016-09-03 02:19 - 2015-05-07 17:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2016-09-03 02:19 - 2015-05-07 17:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2016-09-03 02:19 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2016-09-03 02:19 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2016-09-03 02:19 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2016-09-03 02:19 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2016-09-03 02:19 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2016-09-03 02:19 - 2015-01-29 03:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2016-09-03 02:19 - 2015-01-29 03:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2016-09-03 02:19 - 2014-12-19 10:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-03 02:19 - 2014-12-19 10:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-09-03 02:19 - 2014-12-09 05:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2016-09-03 02:19 - 2014-12-09 03:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2016-09-03 02:19 - 2014-12-08 21:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2016-09-03 02:19 - 2014-12-08 21:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2016-09-03 02:19 - 2014-12-08 21:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2016-09-03 02:19 - 2014-12-08 21:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2016-09-03 02:19 - 2014-12-08 21:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-09-03 02:19 - 2014-12-08 21:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2016-09-03 02:19 - 2014-12-08 21:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2016-09-03 02:18 - 2016-08-02 08:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-09-03 02:18 - 2016-08-02 08:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-09-03 02:18 - 2016-08-02 08:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-09-03 02:18 - 2016-08-02 08:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-09-03 02:18 - 2016-08-02 08:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-09-03 02:18 - 2016-08-02 08:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-09-03 02:18 - 2016-08-02 07:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-09-03 02:18 - 2016-08-02 07:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-09-03 02:18 - 2016-08-02 07:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-09-03 02:18 - 2016-08-02 07:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-09-03 02:18 - 2016-08-02 07:46 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-09-03 02:18 - 2016-08-02 07:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-09-03 02:18 - 2016-08-02 07:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-09-03 02:18 - 2016-08-02 07:39 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-09-03 02:18 - 2016-08-02 07:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-09-03 02:18 - 2016-08-02 07:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-09-03 02:18 - 2016-08-02 07:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-09-03 02:18 - 2016-08-02 07:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-09-03 02:18 - 2016-08-02 07:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-09-03 02:18 - 2016-08-02 07:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-09-03 02:18 - 2016-08-02 07:20 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-09-03 02:18 - 2016-08-02 07:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-09-03 02:18 - 2016-08-02 07:15 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-09-03 02:18 - 2016-08-02 07:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-09-03 02:18 - 2016-08-02 07:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-09-03 02:18 - 2016-08-02 07:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-09-03 02:18 - 2016-08-02 06:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-09-03 02:18 - 2016-08-02 06:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-09-03 02:18 - 2016-08-02 06:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-09-03 02:18 - 2016-08-02 06:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-09-03 02:18 - 2016-07-06 16:26 - 07793152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-09-03 02:18 - 2016-07-06 16:26 - 07075328 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-09-03 02:18 - 2016-07-06 16:23 - 05270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-09-03 02:18 - 2016-07-06 16:21 - 05265920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-09-03 02:18 - 2016-06-11 19:22 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-09-03 02:18 - 2016-06-11 19:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-09-03 02:18 - 2016-06-11 19:20 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-09-03 02:18 - 2016-06-11 18:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2016-09-03 02:18 - 2016-06-11 18:43 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-09-03 02:18 - 2016-06-11 18:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-09-03 02:18 - 2016-04-10 06:21 - 01763376 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-09-03 02:18 - 2016-04-10 06:21 - 01489088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-09-03 02:18 - 2016-02-08 22:29 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-09-03 02:18 - 2016-02-08 20:14 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-09-03 02:18 - 2015-11-10 02:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-09-03 02:18 - 2015-10-13 19:10 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2016-09-03 02:18 - 2015-10-13 19:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2016-09-03 02:18 - 2015-09-10 19:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-09-03 02:18 - 2015-09-10 18:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-09-03 02:18 - 2015-09-10 18:17 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-09-03 02:18 - 2015-09-10 18:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-09-03 02:18 - 2015-08-29 00:20 - 00183368 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2016-09-03 02:18 - 2015-07-22 16:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-09-03 02:18 - 2015-07-22 15:52 - 01633792 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-09-03 02:18 - 2015-07-17 16:15 - 00951296 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2016-09-03 02:18 - 2015-07-17 16:10 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2016-09-03 02:18 - 2015-07-16 22:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-09-03 02:18 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-09-03 02:18 - 2015-06-16 00:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2016-09-03 02:18 - 2015-06-15 23:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-09-03 02:18 - 2015-06-15 22:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2016-09-03 02:18 - 2015-06-15 22:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-09-03 02:18 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-09-03 02:18 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-09-03 02:18 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-09-03 02:18 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2016-09-03 02:18 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2016-09-03 02:18 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2016-09-03 02:18 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2016-09-03 02:18 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2016-09-03 02:17 - 2016-09-03 02:41 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Treiber
Code:
ATTFilter
2016-09-03 02:17 - 2016-07-09 02:09 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-03 02:17 - 2016-07-09 02:08 - 00332632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-09-03 02:17 - 2016-07-08 16:19 - 00840704 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2016-09-03 02:17 - 2016-07-08 16:17 - 00696832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2016-09-03 02:17 - 2016-03-03 18:47 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-09-03 02:17 - 2016-03-03 18:33 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-09-03 02:17 - 2016-02-02 19:51 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-09-03 02:17 - 2016-02-02 19:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-09-03 02:17 - 2016-02-02 19:01 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\WsmAgent.dll
2016-09-03 02:17 - 2016-02-02 18:51 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-09-03 02:17 - 2016-02-02 18:48 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-09-03 02:17 - 2016-02-02 18:46 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAgent.dll
2016-09-03 02:17 - 2016-02-02 18:41 - 02170880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-09-03 02:17 - 2016-02-02 18:39 - 00236032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-09-03 02:17 - 2016-01-09 03:49 - 00218448 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2016-09-03 02:17 - 2016-01-09 03:49 - 00192120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2016-09-03 02:17 - 2015-07-10 19:54 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2016-09-03 02:16 - 2016-07-08 16:32 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2016-09-03 02:16 - 2016-07-08 16:25 - 01491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2016-09-03 02:16 - 2016-07-08 16:22 - 01445376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-03 02:16 - 2016-07-08 00:33 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-03 02:16 - 2016-07-07 23:53 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-09-03 02:16 - 2016-07-07 22:06 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-09-03 02:16 - 2016-06-25 22:05 - 00050368 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-09-03 02:16 - 2016-06-22 15:48 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-09-03 02:16 - 2016-06-21 15:48 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-09-03 02:16 - 2016-06-21 15:48 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-09-03 02:16 - 2016-06-21 15:48 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-09-03 02:16 - 2016-06-21 15:48 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-09-03 02:16 - 2016-06-21 15:48 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-09-03 02:16 - 2016-06-21 15:48 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-09-03 02:16 - 2016-06-21 15:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-09-03 02:16 - 2016-06-03 19:11 - 00472576 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-09-03 02:16 - 2016-05-19 01:18 - 00563024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-09-03 02:16 - 2016-05-19 01:18 - 00397232 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-09-03 02:16 - 2016-05-19 01:16 - 00178016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-09-03 02:16 - 2016-05-19 00:28 - 00340880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-09-03 02:16 - 2016-04-06 20:19 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-03 02:16 - 2016-04-06 20:19 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-03 02:16 - 2016-03-10 19:43 - 00161280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-09-03 02:16 - 2016-03-10 18:55 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-09-03 02:16 - 2016-03-10 18:42 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-09-03 02:16 - 2016-02-09 03:31 - 02757616 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-09-03 02:16 - 2016-02-09 03:31 - 02412576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-09-03 02:16 - 2016-02-09 03:31 - 00273264 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2016-09-03 02:16 - 2016-02-08 22:55 - 02712576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-09-03 02:16 - 2016-02-08 22:15 - 02551808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themecpl.dll
2016-09-03 02:16 - 2016-02-08 22:02 - 01197056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2016-09-03 02:16 - 2016-02-08 21:43 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2016-09-03 02:16 - 2016-02-08 21:40 - 00539648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hgcpl.dll
2016-09-03 02:16 - 2016-02-08 21:39 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2016-09-03 02:16 - 2016-02-08 21:37 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingMonitor.dll
2016-09-03 02:16 - 2016-02-08 21:35 - 00954880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2016-09-03 02:16 - 2016-02-08 21:34 - 00667648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2016-09-03 02:16 - 2016-02-08 21:33 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2016-09-03 02:16 - 2016-02-08 20:50 - 03120640 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-09-03 02:16 - 2016-02-08 19:55 - 02592256 _____ (Microsoft Corporation) C:\Windows\system32\themecpl.dll
2016-09-03 02:16 - 2016-02-08 19:33 - 01278464 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2016-09-03 02:16 - 2016-02-08 19:15 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-09-03 02:16 - 2016-02-08 19:02 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2016-09-03 02:16 - 2016-02-08 19:00 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\hgcpl.dll
2016-09-03 02:16 - 2016-02-08 18:58 - 00336384 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2016-09-03 02:16 - 2016-02-08 18:55 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\SettingMonitor.dll
2016-09-03 02:16 - 2016-02-08 18:53 - 02171904 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2016-09-03 02:16 - 2016-02-08 18:53 - 01348096 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-09-03 02:16 - 2016-02-08 18:50 - 01220096 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2016-09-03 02:16 - 2016-02-08 18:50 - 00841728 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2016-09-03 02:16 - 2016-02-08 18:48 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2016-09-03 02:16 - 2016-02-08 18:47 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2016-09-03 02:16 - 2016-02-08 18:44 - 00955392 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-09-03 02:16 - 2016-02-03 17:14 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2016-09-03 02:16 - 2016-02-03 17:11 - 01673728 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2016-09-03 02:16 - 2016-02-03 17:00 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-09-03 02:16 - 2016-02-03 17:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-09-03 02:16 - 2016-02-02 19:15 - 00787456 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
2016-09-03 02:16 - 2016-01-21 00:40 - 00099672 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-09-03 02:16 - 2016-01-07 01:46 - 00148752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2016-09-03 02:16 - 2016-01-07 01:45 - 00177712 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2016-09-03 02:16 - 2016-01-06 18:47 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2016-09-03 02:16 - 2015-11-10 01:25 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2016-09-03 02:16 - 2015-11-09 02:41 - 01540728 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-03 02:16 - 2015-11-08 23:23 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-09-03 02:16 - 2015-11-08 23:13 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-09-03 02:16 - 2015-11-08 22:52 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-09-03 02:16 - 2015-11-08 22:48 - 01376256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-09-03 02:16 - 2015-09-07 18:21 - 00825856 _____ (Microsoft Corporation) C:\Windows\system32\pmcsnap.dll
2016-09-03 02:16 - 2015-09-07 18:17 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\ppcsnap.dll
2016-09-03 02:16 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2016-09-03 02:16 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2016-09-03 02:16 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2016-09-03 02:16 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2016-09-03 02:16 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2016-09-03 02:16 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2016-09-03 02:16 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2016-09-03 02:16 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2016-09-03 02:16 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2016-09-03 02:16 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2016-09-03 02:16 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2016-09-03 02:16 - 2015-01-30 05:01 - 00097792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2016-09-03 02:16 - 2015-01-30 05:00 - 00167424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys
2016-09-03 02:16 - 2014-12-12 04:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2016-09-03 02:15 - 2016-05-18 07:31 - 00372568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-09-03 02:15 - 2016-05-18 07:31 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-09-03 02:15 - 2016-05-14 01:04 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-09-03 02:15 - 2016-05-14 00:19 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-09-03 02:15 - 2016-03-10 19:03 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\dsparse.dll
2016-09-03 02:15 - 2016-03-10 18:48 - 00024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsparse.dll
2016-09-03 02:15 - 2016-02-04 20:07 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\dhcpsapi.dll
2016-09-03 02:15 - 2016-02-04 19:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpsapi.dll
2016-09-03 02:15 - 2016-01-26 21:15 - 00072024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpci.sys
2016-09-03 02:15 - 2016-01-26 16:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcivsp.sys
2016-09-03 02:15 - 2016-01-22 07:22 - 02487296 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2016-09-03 02:15 - 2016-01-22 07:11 - 01482240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2016-09-03 02:15 - 2016-01-10 18:41 - 01707008 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-09-03 02:15 - 2016-01-10 18:31 - 01344512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-09-03 02:15 - 2015-11-21 18:47 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2016-09-03 02:15 - 2015-11-21 18:40 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2016-09-03 02:15 - 2015-11-20 20:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-09-03 02:15 - 2015-11-19 16:33 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-09-03 02:15 - 2015-11-19 16:26 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-09-03 02:15 - 2015-10-03 21:41 - 01385280 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-09-03 02:15 - 2015-10-03 21:41 - 01124384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-09-03 02:15 - 2015-08-22 15:42 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-09-03 02:15 - 2015-08-22 15:42 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-09-03 02:15 - 2015-08-22 15:42 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-09-03 02:15 - 2015-08-22 15:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-09-03 02:15 - 2015-08-22 15:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-09-03 02:15 - 2015-08-22 15:42 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-09-03 02:15 - 2015-08-22 15:42 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-09-03 02:15 - 2015-08-22 15:42 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-09-03 02:15 - 2015-08-22 15:42 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-09-03 02:15 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-09-03 02:15 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-09-03 02:15 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-09-03 02:15 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-09-03 02:15 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-09-03 02:15 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-09-03 02:15 - 2015-08-22 15:35 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-09-03 02:15 - 2015-08-22 15:35 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-09-03 02:15 - 2015-08-22 15:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-09-03 02:15 - 2015-08-22 15:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-09-03 02:15 - 2015-08-22 15:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-09-03 02:15 - 2015-08-22 15:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-09-03 02:15 - 2015-08-22 15:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-09-03 02:15 - 2015-08-22 15:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-09-03 02:15 - 2015-08-22 15:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-09-03 02:15 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-09-03 02:15 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-09-03 02:15 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-09-03 02:15 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-09-03 02:15 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-09-03 02:15 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-09-03 02:15 - 2015-08-06 19:05 - 00669184 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2016-09-03 02:15 - 2015-08-06 18:37 - 00536576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2016-09-03 02:15 - 2015-07-30 19:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-09-03 02:15 - 2015-07-30 18:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
Code:
ATTFilter
2016-09-03 02:15 - 2015-07-22 16:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2016-09-03 02:15 - 2015-07-22 16:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2016-09-03 02:15 - 2015-07-09 20:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-09-03 02:15 - 2015-07-07 11:40 - 00270168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2016-09-03 02:15 - 2015-07-07 11:40 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2016-09-03 02:15 - 2015-07-07 11:40 - 00044560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2016-09-03 02:15 - 2015-07-02 00:16 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-09-03 02:15 - 2015-07-01 23:35 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-09-03 02:15 - 2015-06-27 05:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-09-03 02:15 - 2015-06-27 04:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-09-03 02:15 - 2015-04-25 04:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2016-09-03 02:15 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2016-09-03 02:15 - 2015-03-23 23:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2016-09-03 02:15 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2016-09-03 02:15 - 2015-03-20 05:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2016-09-03 02:15 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2016-09-03 02:15 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-09-03 02:15 - 2015-03-13 04:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2016-09-03 02:15 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2016-09-03 02:15 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2016-09-03 02:15 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2016-09-03 02:15 - 2015-02-03 02:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2016-09-03 02:15 - 2015-02-03 02:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2016-09-03 02:15 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2016-09-03 02:15 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2016-09-03 02:15 - 2015-01-30 04:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2016-09-03 02:15 - 2015-01-30 04:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2016-09-03 02:15 - 2015-01-30 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2016-09-03 02:15 - 2015-01-30 03:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2016-09-03 02:15 - 2015-01-30 03:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
2016-09-03 02:15 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2016-09-03 02:15 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2016-09-03 02:14 - 2016-07-24 01:01 - 07445856 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-03 02:14 - 2016-07-09 20:32 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-03 02:14 - 2016-07-09 20:32 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-03 02:14 - 2016-07-09 20:31 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-03 02:14 - 2016-07-09 18:10 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2016-09-03 02:14 - 2016-07-09 00:35 - 00101208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-09-03 02:14 - 2016-07-08 16:17 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll
2016-09-03 02:14 - 2016-07-08 16:17 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprddm.dll
2016-09-03 02:14 - 2016-07-08 00:32 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2016-09-03 02:14 - 2016-07-08 00:18 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2016-09-03 02:14 - 2016-07-08 00:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
2016-09-03 02:14 - 2016-07-08 00:01 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\rasppp.dll
2016-09-03 02:14 - 2016-07-07 23:04 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\rasman.dll
2016-09-03 02:14 - 2016-07-07 22:59 - 01080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2016-09-03 02:14 - 2016-07-07 22:44 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2016-09-03 02:14 - 2016-07-07 22:41 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2016-09-03 02:14 - 2016-07-07 22:34 - 00542720 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2016-09-03 02:14 - 2016-07-07 22:29 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2016-09-03 02:14 - 2016-07-07 22:29 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2016-09-03 02:14 - 2016-07-07 22:23 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2016-09-03 02:14 - 2016-07-07 22:18 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
2016-09-03 02:14 - 2016-07-07 22:11 - 01661064 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-09-03 02:14 - 2016-07-07 22:11 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-09-03 02:14 - 2016-07-07 22:11 - 00185856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasppp.dll
2016-09-03 02:14 - 2016-07-07 21:35 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasman.dll
2016-09-03 02:14 - 2016-07-07 21:14 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2016-09-03 02:14 - 2016-07-04 07:09 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-09-03 02:14 - 2016-07-04 05:45 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2016-09-03 02:14 - 2016-07-04 05:37 - 02897920 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2016-09-03 02:14 - 2016-07-04 05:33 - 00657920 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2016-09-03 02:14 - 2016-07-04 05:04 - 02539008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2016-09-03 02:14 - 2016-07-04 05:02 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2016-09-03 02:14 - 2016-07-04 04:19 - 03547136 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-09-03 02:14 - 2016-07-01 22:39 - 00197352 _____ (Microsoft Corporation) C:\Windows\system32\dssenh.dll
2016-09-03 02:14 - 2016-07-01 22:39 - 00157016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dssenh.dll
2016-09-03 02:14 - 2016-04-10 09:48 - 00738096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-09-03 02:14 - 2016-04-10 09:48 - 00613624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-09-03 02:14 - 2016-03-05 19:44 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2016-09-03 02:14 - 2016-03-05 19:04 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2016-09-03 02:14 - 2016-02-11 22:17 - 01737088 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-03 02:14 - 2016-02-11 22:17 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-09-03 02:14 - 2016-02-11 22:17 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-09-03 02:14 - 2016-02-11 22:17 - 01490120 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-09-03 02:14 - 2016-02-11 22:17 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-09-03 02:14 - 2016-02-11 22:16 - 01501488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-09-03 02:14 - 2016-02-09 20:07 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2016-09-03 02:14 - 2016-02-06 20:08 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-09-03 02:14 - 2016-02-05 21:07 - 00292696 _____ (Microsoft Corporation) C:\Windows\system32\WMASF.DLL
2016-09-03 02:14 - 2016-02-05 21:07 - 00243032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMASF.DLL
2016-09-03 02:14 - 2016-02-05 17:11 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2016-09-03 02:14 - 2016-02-05 17:11 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2016-09-03 02:14 - 2016-02-05 17:07 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2016-09-03 02:14 - 2016-02-05 17:03 - 15432704 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-09-03 02:14 - 2016-02-05 17:00 - 13318144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-09-03 02:14 - 2016-02-04 18:22 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2016-09-03 02:14 - 2016-02-02 19:18 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2016-09-03 02:14 - 2016-01-31 21:17 - 00118624 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-09-03 02:14 - 2016-01-31 21:16 - 00148832 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-09-03 02:14 - 2016-01-31 20:07 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-09-03 02:14 - 2016-01-31 19:17 - 00779264 _____ (Microsoft Corporation) C:\Windows\system32\WindowsAnytimeUpgradeui.exe
2016-09-03 02:14 - 2016-01-19 21:13 - 02175008 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2016-09-03 02:14 - 2016-01-19 21:13 - 01063464 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2016-09-03 02:14 - 2016-01-19 20:23 - 01564496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2016-09-03 02:14 - 2016-01-19 20:23 - 00548024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2016-09-03 02:14 - 2016-01-19 18:37 - 00267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2016-09-03 02:14 - 2016-01-10 19:08 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2016-09-03 02:14 - 2016-01-06 20:25 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-09-03 02:14 - 2015-12-30 22:49 - 00470360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-09-03 02:14 - 2015-10-11 08:34 - 00468824 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2016-09-03 02:14 - 2015-10-11 08:34 - 00462168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2016-09-03 02:14 - 2015-10-11 08:34 - 00443224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2016-09-03 02:14 - 2015-10-11 08:34 - 00027992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2016-09-03 02:14 - 2015-10-10 20:41 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2016-09-03 02:14 - 2015-10-10 20:41 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2016-09-03 02:14 - 2015-10-08 18:11 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll
2016-09-03 02:14 - 2015-10-08 17:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll
2016-09-03 02:14 - 2015-09-12 15:47 - 00414559 _____ C:\Windows\system32\ApnDatabase.xml
2016-09-03 02:14 - 2015-05-03 17:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-09-03 02:14 - 2015-05-03 16:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-09-03 02:14 - 2015-05-03 16:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2016-09-03 02:14 - 2015-05-03 16:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2016-09-03 02:14 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2016-09-03 02:14 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2016-09-03 02:14 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2016-09-03 02:14 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2016-09-03 02:14 - 2015-01-28 04:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2016-09-03 02:14 - 2015-01-28 03:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll
2016-09-03 02:14 - 2014-11-17 22:17 - 00672984 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2016-09-03 02:14 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
2016-09-03 02:14 - 2014-11-14 08:54 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
2016-09-03 02:13 - 2016-06-21 20:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-09-03 02:13 - 2016-06-21 16:12 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-09-03 02:13 - 2016-04-11 08:21 - 00074584 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2016-09-03 02:13 - 2016-03-14 18:50 - 00316760 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2016-09-03 02:13 - 2016-03-12 02:49 - 02466136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-09-03 02:13 - 2016-03-12 02:47 - 00160160 _____ (Microsoft Corporation) C:\Windows\system32\IPHLPAPI.DLL
2016-09-03 02:13 - 2016-03-12 02:47 - 00121912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IPHLPAPI.DLL
2016-09-03 02:13 - 2016-03-10 18:52 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2016-09-03 02:13 - 2015-12-28 23:42 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\WinSync.dll
2016-09-03 02:13 - 2015-12-28 22:31 - 00578048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSync.dll
2016-09-03 02:13 - 2015-10-05 20:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
2016-09-03 02:13 - 2015-08-03 23:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-09-03 02:13 - 2015-08-03 23:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-09-03 02:13 - 2015-08-01 16:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-09-03 02:13 - 2015-08-01 05:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2016-09-03 02:13 - 2015-08-01 05:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2016-09-03 02:13 - 2015-08-01 05:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2016-09-03 02:13 - 2015-08-01 05:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2016-09-03 02:13 - 2015-08-01 05:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2016-09-03 02:13 - 2015-07-14 23:59 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2016-09-03 02:13 - 2015-07-14 23:59 - 00487256 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
Code:
ATTFilter
2016-09-03 02:13 - 2015-07-14 23:59 - 00393560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2016-09-03 02:13 - 2015-07-10 20:19 - 01101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2016-09-03 02:13 - 2015-07-10 19:14 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2016-09-03 02:13 - 2015-07-10 19:13 - 07032320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-09-03 02:13 - 2015-07-10 18:31 - 06213120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-09-03 02:13 - 2015-07-09 19:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2016-09-03 02:13 - 2015-07-09 19:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2016-09-03 02:13 - 2015-07-09 18:30 - 00212992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2016-09-03 02:13 - 2015-07-09 18:14 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2016-09-03 02:13 - 2015-06-11 22:12 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-09-03 02:13 - 2015-05-11 18:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2016-09-03 02:13 - 2015-04-25 04:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2016-09-03 02:13 - 2015-04-25 04:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2016-09-03 02:13 - 2015-04-16 08:17 - 00325464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2016-09-03 02:13 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2016-09-03 02:13 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2016-09-03 02:13 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2016-09-03 02:13 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2016-09-03 02:13 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2016-09-03 02:13 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2016-09-03 02:13 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2016-09-03 02:13 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2016-09-03 02:13 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2016-09-03 02:13 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2016-09-03 02:13 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2016-09-03 02:13 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2016-09-03 02:13 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2016-09-03 02:13 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2016-09-03 02:13 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2016-09-03 02:13 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2016-09-03 02:13 - 2015-01-31 01:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2016-09-03 02:13 - 2015-01-30 04:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2016-09-03 02:13 - 2015-01-30 03:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2016-09-03 02:13 - 2015-01-30 03:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2016-09-03 02:13 - 2015-01-30 03:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2016-09-03 02:13 - 2015-01-30 03:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2016-09-03 02:13 - 2015-01-30 03:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2016-09-03 02:13 - 2015-01-30 03:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2016-09-03 02:13 - 2015-01-30 03:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2016-09-03 02:13 - 2014-12-11 07:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2016-09-03 02:13 - 2014-12-08 21:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2016-09-03 02:13 - 2014-12-06 05:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2016-09-03 02:13 - 2014-12-06 03:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2016-09-03 02:13 - 2014-11-15 21:05 - 00801584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-09-03 02:13 - 2014-11-15 08:29 - 00962216 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-09-03 02:13 - 2014-11-14 08:57 - 01027584 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2016-09-03 02:13 - 2014-11-14 07:03 - 00885760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2016-09-03 02:13 - 2014-11-10 20:06 - 00136512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2016-09-03 02:13 - 2014-11-08 06:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2016-09-03 02:13 - 2014-11-08 05:56 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2016-09-03 02:13 - 2014-11-08 05:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2016-09-03 02:13 - 2014-11-08 05:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2016-09-03 02:13 - 2014-11-08 05:24 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2016-09-03 02:13 - 2014-11-08 05:13 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2016-09-03 02:13 - 2014-11-08 05:13 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2016-09-03 02:13 - 2014-11-08 05:13 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2016-09-03 02:13 - 2014-11-08 04:48 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2016-09-03 02:13 - 2014-11-08 04:38 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2016-09-03 02:13 - 2014-11-08 04:17 - 00143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2016-09-03 02:13 - 2014-11-08 04:03 - 00733696 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2016-09-03 02:13 - 2014-11-08 03:58 - 04837376 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2016-09-03 02:13 - 2014-11-08 03:49 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2016-09-03 02:13 - 2014-11-05 04:12 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\QSHVHOST.DLL
2016-09-03 02:13 - 2014-11-05 04:12 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\QSVRMGMT.DLL
2016-09-03 02:13 - 2014-11-05 04:06 - 00514048 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
2016-09-03 02:13 - 2014-11-05 03:41 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2016-09-03 02:13 - 2014-11-05 03:39 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSHVHOST.DLL
2016-09-03 02:13 - 2014-11-05 03:39 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSVRMGMT.DLL
2016-09-03 02:13 - 2014-11-05 03:33 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2016-09-03 02:13 - 2014-11-05 03:21 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2016-09-03 02:13 - 2014-11-05 03:18 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2016-09-03 02:13 - 2014-11-05 03:14 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2016-09-03 02:13 - 2014-11-05 03:06 - 00555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2016-09-03 02:13 - 2014-11-04 21:33 - 00058176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2016-09-03 02:13 - 2014-11-04 21:25 - 00059712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys
2016-09-03 02:13 - 2014-11-04 21:25 - 00051008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys
2016-09-03 02:13 - 2014-11-04 08:55 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys
2016-09-03 02:13 - 2014-11-04 08:54 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys
2016-09-03 02:13 - 2014-11-04 08:54 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2016-09-03 02:13 - 2014-11-04 08:54 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2016-09-03 02:13 - 2014-11-04 08:27 - 00128512 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2016-09-03 02:13 - 2014-11-04 07:01 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2016-09-03 02:13 - 2014-10-29 03:55 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2016-09-03 02:13 - 2014-10-29 03:13 - 00169984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2016-09-03 02:13 - 2014-10-21 03:59 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\eventcls.dll
2016-09-03 02:13 - 2014-10-21 03:19 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eventcls.dll
2016-09-03 02:13 - 2014-10-21 02:50 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll
2016-09-03 02:13 - 2014-10-21 02:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2016-09-03 02:13 - 2014-10-21 02:31 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll
2016-09-03 02:13 - 2014-10-21 02:20 - 01142272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2016-09-03 02:13 - 2014-10-18 08:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2016-09-03 02:13 - 2014-10-17 06:56 - 00039744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2016-09-03 02:13 - 2014-10-17 05:35 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2016-09-03 02:12 - 2016-05-19 01:15 - 01379040 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-09-03 02:12 - 2016-05-18 22:35 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-09-03 02:12 - 2016-04-10 07:37 - 01549144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-09-03 02:12 - 2016-03-03 18:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2016-09-03 02:12 - 2016-02-04 19:24 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-09-03 02:12 - 2016-02-04 19:02 - 00483328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-09-03 02:12 - 2016-01-05 17:00 - 00570880 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2016-09-03 02:12 - 2015-12-20 16:56 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2016-09-03 02:12 - 2015-11-21 20:32 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-09-03 02:12 - 2015-11-21 19:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-09-03 02:12 - 2015-07-14 05:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tzsync.exe
2016-09-03 02:12 - 2015-07-13 21:46 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-03 02:12 - 2015-04-23 17:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2016-09-03 02:12 - 2015-04-23 17:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2016-09-03 02:12 - 2015-03-20 06:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-09-03 02:12 - 2015-03-20 06:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-09-03 02:12 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2016-09-03 02:12 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2016-09-03 02:12 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2016-09-03 02:12 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2016-09-03 02:12 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2016-09-03 02:12 - 2015-02-08 01:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2016-09-03 02:12 - 2015-02-08 01:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2016-09-03 02:12 - 2015-01-28 03:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2016-09-03 02:12 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2016-09-03 02:12 - 2014-10-29 03:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-09-03 02:12 - 2014-10-29 03:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-09-03 02:12 - 2014-10-29 03:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-09-03 02:12 - 2014-10-29 03:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-09-03 02:11 - 2016-05-14 22:01 - 00363104 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-09-03 02:11 - 2016-05-14 22:01 - 00320720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-09-03 02:11 - 2016-05-14 01:07 - 00281088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-09-03 02:11 - 2016-05-13 23:58 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-09-03 02:11 - 2016-05-13 23:35 - 00286208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-09-03 02:11 - 2015-12-08 21:08 - 00685432 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-09-03 02:11 - 2015-12-08 21:07 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-09-03 02:11 - 2015-07-16 20:58 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\NcdAutoSetup.dll
2016-09-03 02:11 - 2015-07-10 21:06 - 00118272 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2016-09-03 02:11 - 2015-06-10 00:39 - 00081920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2016-09-03 02:11 - 2015-06-10 00:39 - 00053248 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2016-09-03 02:11 - 2015-06-10 00:38 - 01201664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2016-09-03 02:11 - 2015-05-12 15:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2016-09-03 02:11 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2016-09-03 02:04 - 2016-09-04 17:54 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\eM Client
2016-09-03 02:04 - 2016-09-03 02:04 - 00000978 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eM Client.lnk
2016-09-03 02:04 - 2016-09-03 02:04 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\CEF
2016-09-03 02:03 - 2016-09-03 02:04 - 00000000 ____D C:\Program Files (x86)\eM Client
2016-09-03 01:18 - 2016-09-04 17:54 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\Skype
2016-09-03 01:18 - 2016-09-03 01:18 - 00002715 _____ C:\Users\Public\Desktop\Skype.lnk
2016-09-03 01:18 - 2016-09-03 01:18 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-09-03 01:18 - 2016-09-03 01:18 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Tracing
2016-09-03 01:18 - 2016-09-03 01:18 - 00000000 ____D C:\ProgramData\Skype
2016-09-03 01:18 - 2016-09-03 01:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-09-03 01:16 - 2016-09-03 01:16 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2016-09-03 01:16 - 2016-09-03 01:16 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-09-03 01:16 - 2016-09-03 01:16 - 00000000 ____D C:\Program Files\MSBuild
2016-09-03 01:16 - 2016-09-03 01:16 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-09-03 01:16 - 2016-09-03 01:16 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-09-03 01:16 - 2013-08-03 06:48 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
Code:
ATTFilter
2016-09-03 01:16 - 2013-08-03 06:41 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2016-09-03 01:01 - 2016-09-03 01:01 - 00003562 _____ C:\Windows\System32\Tasks\ATK Package 36D18D69AFC3
2016-09-03 00:58 - 2016-09-03 01:55 - 00000000 ____D C:\Windows\system32\appmgmt
2016-09-03 00:48 - 2013-10-08 09:47 - 00020280 _____ (ASUS) C:\Windows\system32\Drivers\AsHIDSwitch64.sys
2016-09-03 00:34 - 2016-09-04 17:53 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\ClassicShell
2016-09-03 00:34 - 2016-09-03 00:34 - 00000000 ____D C:\ProgramData\ClassicShell
2016-09-03 00:34 - 2016-09-03 00:33 - 00002170 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\startscreen.lnk
2016-09-03 00:33 - 2016-09-03 00:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2016-09-03 00:33 - 2016-09-03 00:33 - 00000000 ____D C:\Program Files\Classic Shell
2016-09-03 00:32 - 2016-09-04 17:53 - 00000494 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\sp_data.sys
2016-09-03 00:32 - 2016-09-03 00:32 - 00002986 _____ C:\Windows\System32\Tasks\ASUS Splendid ACMON
2016-09-03 00:32 - 2016-09-03 00:32 - 00001100 _____ C:\Users\Public\Desktop\Splendid Utility.Lnk
2016-09-03 00:32 - 2016-09-03 00:32 - 00000000 ____D C:\Program Files\Asus
2016-09-03 00:31 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2016-09-03 00:31 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2016-09-03 00:31 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2016-09-03 00:31 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2016-09-03 00:31 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2016-09-03 00:31 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2016-09-03 00:29 - 2016-09-04 04:10 - 00019204 _____ C:\Windows\system32\results.xml
2016-09-03 00:29 - 2016-09-03 00:39 - 00000000 ____D C:\ProgramData\USBChargerPlus
2016-09-03 00:28 - 2016-09-04 17:54 - 00000000 __SHD C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\IntelGraphicsProfiles
2016-09-03 00:27 - 2016-09-03 00:27 - 00003028 _____ C:\Windows\System32\Tasks\ASUS USB Charger Plus
2016-09-03 00:19 - 2016-09-03 00:39 - 00000000 ___HD C:\Windows\system32\WLANProfiles
2016-09-03 00:19 - 2016-09-03 00:19 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\Intel
2016-09-03 00:19 - 2016-09-03 00:19 - 00000000 ____D C:\ProgramData\Intel.sav
2016-09-03 00:18 - 2016-09-04 03:57 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-03 00:17 - 2016-05-12 22:06 - 02039808 _____ (Intel Corporation) C:\Windows\system32\igfxLHM.dll
2016-09-03 00:17 - 2016-05-12 22:06 - 00698368 _____ (Intel Corporation) C:\Windows\system32\igfxDH.dll
2016-09-03 00:17 - 2016-05-12 22:06 - 00288256 _____ (Intel Corporation) C:\Windows\system32\igfxDI.dll
2016-09-03 00:16 - 2016-09-03 00:16 - 00003538 _____ C:\Windows\System32\Tasks\ASUS Smart Gesture Launcher
2016-09-03 00:16 - 2016-09-03 00:16 - 00000000 ____D C:\Program Files\DIFX
2016-09-03 00:08 - 2014-06-17 20:14 - 00873688 _____ (Realtek ) C:\Windows\system32\Drivers\Rt630x64.sys
2016-09-03 00:08 - 2014-06-17 20:14 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2016-09-02 23:46 - 2012-08-06 11:17 - 00017280 _____ ( ) C:\Windows\system32\Drivers\kbfiltr.sys
2016-09-02 23:45 - 2016-09-02 23:45 - 00000000 ____D C:\Windows\SysWOW64\Codecs
2016-09-02 23:45 - 2016-09-02 23:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cole2k Media - Codec Pack
2016-09-02 23:44 - 2016-09-02 23:44 - 00000000 ____D C:\Windows\SysWOW64\sda
2016-09-02 23:44 - 2014-01-27 13:39 - 09890008 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll
2016-09-02 23:43 - 2016-09-04 04:51 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Documents\Meine empfangenen Dateien
2016-09-02 23:43 - 2016-09-02 23:43 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_btmhsf_01011.Wdf
2016-09-02 23:43 - 2016-09-02 23:43 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_btmaux_01009.Wdf
2016-09-02 23:42 - 2016-09-03 03:49 - 00000000 ____D C:\Program Files (x86)\ASUS
2016-09-02 23:42 - 2016-09-03 01:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2016-09-02 23:34 - 2016-09-02 23:34 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps
2016-09-02 23:33 - 2016-09-04 17:53 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-02 23:33 - 2016-09-04 17:38 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-02 23:33 - 2016-09-03 18:31 - 00000000 ____D C:\Program Files (x86)\Google
2016-09-02 23:33 - 2016-09-03 02:40 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Google
2016-09-02 23:33 - 2016-09-02 23:33 - 00004104 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-09-02 23:33 - 2016-09-02 23:33 - 00003868 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-09-02 23:33 - 2016-09-02 23:33 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-02 23:33 - 2016-09-02 23:33 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-02 23:29 - 2016-09-03 08:29 - 00359626 _____ C:\Windows\system32\Drivers\RTWAVES40.dat
2016-09-02 23:29 - 2016-09-03 08:29 - 00006786 _____ C:\Windows\system32\Drivers\rtwavesEFX.dat
2016-09-02 23:29 - 2016-09-03 08:29 - 00002626 _____ C:\Windows\system32\Drivers\rtwavesMFX.dat
2016-09-02 23:29 - 2016-09-03 08:11 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-09-02 23:29 - 2016-09-02 23:29 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-09-02 23:28 - 2016-09-03 08:29 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-09-02 23:27 - 2016-09-03 15:34 - 00000000 ____D C:\Windows\Panther
2016-09-02 23:26 - 2016-09-03 08:01 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\LocalLow\Intel
2016-09-02 23:24 - 2016-09-04 03:56 - 00000000 ____D C:\ProgramData\Intel
2016-09-02 23:24 - 2016-09-04 03:55 - 00000000 ____D C:\Program Files\Intel
2016-09-02 23:24 - 2013-12-09 15:26 - 00016344 _____ (Intel Corporation) C:\Windows\system32\Drivers\IntelMEFWVer.dll
2016-09-02 23:23 - 2016-09-03 08:28 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-09-02 23:23 - 2016-09-02 23:23 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2016-09-02 23:23 - 2013-12-09 15:26 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2016-09-02 23:23 - 2013-12-09 15:26 - 00100312 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys
2016-09-02 23:22 - 2014-11-13 15:05 - 00673520 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys
2016-09-02 23:21 - 2016-09-04 03:56 - 00000000 ____D C:\Program Files (x86)\Intel
2016-09-02 23:21 - 2016-09-03 04:30 - 00000000 ____D C:\Intel
2016-09-02 23:21 - 2013-08-21 15:16 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2016-09-02 23:18 - 2016-09-02 23:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerArchiver 2016
2016-09-02 23:18 - 2016-09-02 23:18 - 00001752 _____ C:\Users\Public\Desktop\PowerArchiver 2016.lnk
2016-09-02 23:18 - 2016-09-02 23:18 - 00000000 ____D C:\ProgramData\Caphyon
2016-09-02 23:18 - 2016-09-02 23:18 - 00000000 ____D C:\Program Files (x86)\PowerArchiver
2016-09-02 22:57 - 2016-09-02 22:57 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\Macromedia
2016-09-02 22:56 - 2016-09-04 14:32 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E2D40195-22F9-4D81-9618-6695467369A7}
2016-09-02 22:56 - 2016-09-03 05:16 - 00000000 __SHD C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\LocalLow\EmieUserList
2016-09-02 22:56 - 2016-09-03 05:16 - 00000000 __SHD C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\LocalLow\EmieSiteList
2016-09-02 22:56 - 2016-09-03 05:16 - 00000000 __SHD C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\EmieUserList
2016-09-02 22:56 - 2016-09-03 05:16 - 00000000 __SHD C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\EmieSiteList
2016-09-02 22:56 - 2016-09-02 22:56 - 00000000 __SHD C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\LocalLow\EmieBrowserModeList
2016-09-02 22:56 - 2016-09-02 22:56 - 00000000 __SHD C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\EmieBrowserModeList
2016-09-02 22:46 - 2016-09-02 22:46 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-09-02 22:45 - 2016-09-04 15:35 - 00000990 __RSH C:\ProgramData\ntuser.pol
2016-09-02 22:40 - 2016-09-04 17:42 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-870488476-3347437722-3144900748-1001
2016-09-02 22:36 - 2016-09-04 17:54 - 00000000 __RDO C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\OneDrive
2016-09-02 22:33 - 2016-09-04 17:12 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx
2016-09-02 22:33 - 2016-09-03 15:53 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Packages
2016-09-02 22:33 - 2016-09-03 05:43 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\Adobe
2016-09-02 22:33 - 2016-09-02 22:34 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\PackageStaging
2016-09-02 22:33 - 2016-09-02 22:33 - 00001450 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-09-02 22:33 - 2016-09-02 22:33 - 00000020 ___SH C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\ntuser.ini
2016-09-02 22:33 - 2016-09-02 22:33 - 00000000 _SHDL C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Vorlagen
2016-09-02 22:33 - 2016-09-02 22:33 - 00000000 _SHDL C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Startmenü
2016-09-02 22:33 - 2016-09-02 22:33 - 00000000 _SHDL C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Netzwerkumgebung
2016-09-02 22:33 - 2016-09-02 22:33 - 00000000 _SHDL C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Lokale Einstellungen
2016-09-02 22:33 - 2016-09-02 22:33 - 00000000 _SHDL C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Eigene Dateien
2016-09-02 22:33 - 2016-09-02 22:33 - 00000000 _SHDL C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Druckumgebung
2016-09-02 22:33 - 2016-09-02 22:33 - 00000000 _SHDL C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Documents\Eigene Videos
2016-09-02 22:33 - 2016-09-02 22:33 - 00000000 _SHDL C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Documents\Eigene Musik
2016-09-02 22:33 - 2016-09-02 22:33 - 00000000 _SHDL C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Documents\Eigene Bilder
2016-09-02 22:33 - 2016-09-02 22:33 - 00000000 _SHDL C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-09-02 22:33 - 2016-09-02 22:33 - 00000000 _SHDL C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Verlauf
2016-09-02 22:33 - 2016-09-02 22:33 - 00000000 _SHDL C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Anwendungsdaten
2016-09-02 22:33 - 2016-09-02 22:33 - 00000000 _SHDL C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\Anwendungsdaten
2016-09-02 22:33 - 2016-09-02 22:33 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-09-02 22:33 - 2016-09-02 22:33 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-09-02 22:33 - 2016-09-02 22:33 - 00000000 ____D C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\VirtualStore
2016-09-02 22:33 - 2014-11-21 05:42 - 00000369 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-09-02 22:33 - 2014-11-21 05:42 - 00000369 _____ C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-09-02 22:31 - 2016-09-02 22:31 - 00000000 ____D C:\Windows\CSC
2016-09-02 22:30 - 2016-09-03 15:39 - 00000000 ____D C:\Windows\softwaredistribution.bak
2016-09-02 22:29 - 2016-09-02 22:29 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Videos
2016-09-02 22:29 - 2016-09-02 22:29 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2016-09-02 22:29 - 2016-09-02 22:29 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2016-09-02 22:29 - 2016-09-02 22:29 - 00000000 _SHDL C:\Users\Default\Vorlagen
2016-09-02 22:29 - 2016-09-02 22:29 - 00000000 _SHDL C:\Users\Default\Startmenü
2016-09-02 22:29 - 2016-09-02 22:29 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2016-09-02 22:29 - 2016-09-02 22:29 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2016-09-02 22:29 - 2016-09-02 22:29 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2016-09-02 22:29 - 2016-09-02 22:29 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2016-09-02 22:29 - 2016-09-02 22:29 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Videos
2016-09-02 22:29 - 2016-09-02 22:29 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2016-09-02 22:29 - 2016-09-02 22:29 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2016-09-02 22:29 - 2016-09-02 22:29 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-09-02 22:29 - 2016-09-02 22:29 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2016-09-02 22:29 - 2016-09-02 22:29 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2016-09-02 22:29 - 2016-09-02 22:29 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2016-09-02 22:29 - 2016-09-02 22:29 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Videos
2016-09-02 22:29 - 2016-09-02 22:29 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2016-09-02 22:29 - 2016-09-02 22:29 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2016-09-02 22:29 - 2016-09-02 22:29 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-09-02 22:29 - 2016-09-02 22:29 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2016-09-02 22:29 - 2016-09-02 22:29 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2016-09-02 22:29 - 2016-09-02 22:29 - 00000000 _SHDL C:\Programme
2016-09-02 22:29 - 2016-09-02 22:29 - 00000000 _SHDL C:\ProgramData\Vorlagen
2016-09-02 22:29 - 2016-09-02 22:29 - 00000000 _SHDL C:\ProgramData\Startmenü
2016-09-02 22:29 - 2016-09-02 22:29 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2016-09-02 22:29 - 2016-09-02 22:29 - 00000000 _SHDL C:\ProgramData\Dokumente
2016-09-02 22:29 - 2016-09-02 22:29 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2016-09-02 22:29 - 2016-09-02 22:29 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2016-09-02 22:29 - 2016-09-02 22:29 - 00000000 _SHDL C:\Dokumente und Einstellungen
2016-08-16 20:18 - 2016-08-16 20:18 - 00195936 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetLwf.sys
2016-08-16 20:18 - 2016-08-16 20:18 - 00121248 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp6.sys

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-09-04 17:53 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-04 17:53 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-09-04 17:43 - 2014-11-21 05:35 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-04 17:43 - 2014-11-21 04:45 - 00765582 _____ C:\Windows\system32\perfh007.dat
2016-09-04 17:43 - 2014-11-21 04:45 - 00159366 _____ C:\Windows\system32\perfc007.dat
2016-09-04 17:43 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2016-09-04 04:19 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\Help
2016-09-04 01:57 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppCompat
2016-09-03 16:22 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-09-03 15:57 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2016-09-03 06:35 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2016-09-03 05:45 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-03 04:48 - 2013-08-22 15:25 - 00000443 _____ C:\Windows\win.ini
2016-09-03 04:17 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2016-09-03 04:10 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2016-09-03 04:06 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-09-03 03:44 - 2014-11-21 13:07 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-09-03 03:44 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-09-03 03:44 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\WinStore
2016-09-03 03:44 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\setup
2016-09-03 03:44 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\setup
2016-09-03 03:44 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-09-03 03:44 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2016-09-03 03:44 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-09-03 03:44 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-09-03 01:16 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\MUI
2016-09-03 01:16 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\MUI
2016-09-03 00:12 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\Cursors
2016-09-02 23:27 - 2013-08-22 17:36 - 00262144 _____ C:\Windows\system32\config\BCD-Template
2016-09-02 22:44 - 2013-08-22 17:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-09-02 22:31 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-09-02 22:29 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows NT

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-09-03 00:32 - 2016-09-04 17:53 - 0000494 _____ () C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Roaming\sp_data.sys
2016-09-03 05:33 - 2016-09-03 05:33 - 0000218 _____ () C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\recently-used.xbel
2016-09-02 23:29 - 2016-09-02 23:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\ProgramData\C__Program Files (x86)_WebcamMax_wcmmon.exe


Einige Dateien in TEMP:
====================
C:\Users\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\AppData\Local\Temp\parctmp.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-09-02 22:27

==================== Ende von FRST.txt ============================
ADDITION.TXT

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 31-08-2016
durchgeführt von David (04-09-2016 17:56:10)
Gestartet von C:\Users\David\Downloads
Windows 8.1 Pro (Update) (X64) (2016-09-02 20:33:18)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-870488476-3347437722-3144900748-500 - Administrator - Disabled)
David (S-1-5-21-870488476-3347437722-3144900748-1001 - Administrator - Enabled) => C:\Users\David
Gast (S-1-5-21-870488476-3347437722-3144900748-501 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: 360 Total Security (Disabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
AS: 360 Total Security (Disabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

. . . (Version: 2.1.28.3 - Intel) Hidden
. . . (x32 Version: 2.6.1.4 - Intel) Hidden
360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 8.8.0.1020 - 360 Security Center)
Adblock Plus für IE (32-Bit- und 64-Bit) (HKLM\...\{588B7DD2-3480-4A89-A8F6-C6781CBFAD56}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Advanced Uninstaller PRO - Version 12 (HKLM-x32\...\AU11_is1) (Version: 12.14.0.50 - Innovative Solutions)
Ansel (Version: 372.70 - NVIDIA Corporation) Hidden
AnyMP4 Blu-ray Player 6.1.88 (HKLM-x32\...\{DF8BE739-832A-482a-8C75-FB9628A6BE6E}_is1) (Version: 6.1.88 - AnyMP4 Studio)
AnyMP4 Blu-ray Ripper 6.3.8 (HKLM-x32\...\{24282023-D344-47f0-ABEA-C1734F1F291B}_is1) (Version: 6.3.8 - AnyMP4 Studio)
AnyMP4 DVD Ripper 6.3.6 (HKLM-x32\...\{991684FE-29A2-4b20-8CD5-FFD2275FD2CD}_is1) (Version: 6.3.6 - AnyMP4 Studio)
Ashampoo Burning Studio 2016 (HKLM-x32\...\{91B33C97-B4A4-B41A-6B97-C62C82CEB6A9}_is1) (Version: 16.0.2 - Ashampoo GmbH & Co. KG)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.02.0001 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS)
ASUS Video DSP (HKLM\...\{46E0F6B1-3061-46C0-9184-6D8D5A0A621D}) (Version: 1.0.136 - ASUS)
Athentech Perfectly Clear (HKLM-x32\...\_{B109CAE0-1D2E-4BF6-8205-C18012E490A9}) (Version: 1.0.0.106 - Corel Corporation)
Athentech Perfectly Clear (Version: 1.0.0.106 - Corel Corporation) Hidden
Athentech Perfectly Clear (x32 Version: 1.0.0.106 - Ihr Firmenname) Hidden
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0036 - ASUS)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Chrome Remote Desktop Host (HKLM-x32\...\{159AA592-31AA-4EAC-A6CB-B47AB2CB1476}) (Version: 52.0.2743.48 - Google Inc.)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Cole2k Media - Codec Pack (Advanced) 8.0.6 (HKLM-x32\...\Cole2k Media - Codec Pack) (Version: 8.0.6 - Cole2k Media)
Corel PaintShop Pro X6 (HKLM-x32\...\_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.2.0.20 - Corel Corporation)
CrystalDiskInfo 7.0.3 Shizuku Edition (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.3 - Crystal Dew World)
CrystalDiskMark 5.1.2 Shizuku Edition (HKLM\...\CrystalDiskMark5_is1) (Version: 5.1.2 - Crystal Dew World)
DVDStyler v3.0.2 (HKLM\...\DVDStyler_is1) (Version:  - Thüring IT-Consulting)
EaseUS Partition Master 11.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
Eloa (HKLM-x32\...\WebzenEloa) (Version: 1.0.0.0 - Webzen)
eM Client (HKLM-x32\...\{B789B80C-0763-46B9-B5B4-F3926F3B10C8}) (Version: 7.0.26687.0 - eM Client Inc.)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.0 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.63.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.20.0000 - SEIKO EPSON Corp.)
EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{6DBD132B-7F42-4594-BBE7-0BB677EB2926}) (Version: 4.4.2 - SEIKO EPSON CORPORATION)
EPSON WF-2650 Series Printer Uninstall (HKLM\...\EPSON WF-2650 Series) (Version:  - SEIKO EPSON Corporation)
EPSON-Handbücher (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.52.0.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM\...\{0CB4EF8E-EE5B-49F6-8376-A702C222D6DA}) (Version: 3.1.3.0 - SEIKO EPSON Corporation)
FaceFilter v3.02 Standard (HKLM-x32\...\{6020758E-57A9-41E3-AF20-8EE311EA6156}) (Version: 3.02.1506.1 - Reallusion Inc.)
FFmpeg (Windows) for Audacity Version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
FileZilla Client 3.21.0 (HKLM-x32\...\FileZilla Client) (Version: 3.21.0 - Tim Kosse)
Free Download Manager (HKLM\...\{43781dff-e0df-49ce-a6d2-47da96a485e7}}_is1) (Version: 5.1.17.4597 - FreeDownloadManager.ORG)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
GIMP Extensions 2.8.20150403 (HKLM\...\GIMP Extensions) (Version: 2.8.20150403 - Pedro Cunha)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HWiNFO64 Version 5.34 (HKLM\...\HWiNFO64_is1) (Version: 5.34 - Martin MalÃ*k - REALiX)
ICA (x32 Version: 16.2.0.20 - Corel Corporation) Hidden
ICQ (Version 10.0.12107) (HKU\S-1-5-21-870488476-3347437722-3144900748-1001\...\icq.desktop) (Version: 10.0.12107 - ICQ)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4414 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1419.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0464 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{35069AA3-F7B2-4759-96F0-9EE43AACB690}) (Version: 19.00.1621.3340 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.1.1.14 - Intel(R) Corporation) Hidden
Intel® Driver Update Utility (HKLM-x32\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{12415e07-c869-4438-9d99-b55261706671}) (Version: 19.1.0 - Intel Corporation)
IPM_PSP_COM64 (Version: 16.2.0.20 - Corel Corporation) Hidden
Java 8 Update 102 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180102F0}) (Version: 8.0.1020.14 - Oracle Corporation)
Java 8 Update 102 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180102F0}) (Version: 8.0.1020.14 - Oracle Corporation)
Java SE Development Kit 8 Update 102 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180102}) (Version: 8.0.1020.14 - Oracle Corporation)
Java SE Development Kit 8 Update 102 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180102}) (Version: 8.0.1020.14 - Oracle Corporation)
Kodi (HKU\S-1-5-21-870488476-3347437722-3144900748-1001\...\Kodi) (Version:  - XBMC-Foundation)
LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version:  - Audacity Team)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LibreOffice 5.2 Help Pack (German) (HKLM\...\{6821D137-9D4C-4E86-A897-9810DEF51A3D}) (Version: 5.2.0.4 - The Document Foundation)
LibreOffice 5.2.0.4 (HKLM\...\{9BFD5527-C736-4246-8CFE-B4AAC279BE0B}) (Version: 5.2.0.4 - The Document Foundation)
LoiLo Game Recorder (HKLM\...\{89E4163C-BD19-45A9-BCEB-980741786799}_is1) (Version: 1.1.0.1 - LoiLo inc.)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
NVIDIA GeForce Experience 3.0.5.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.0.5.18 - NVIDIA Corporation)
NVIDIA Grafiktreiber 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.70 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.0.5.18 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.0.0.0 - NVIDIA Corporation) Hidden

Alt 04.09.2016, 17:25   #5
josy1982
 
Verdächtige Aktivitäten - Standard

Verdächtige Aktivitäten


Code:
ATTFilter
OpenShot Video Editor Version 2.1.0 (HKLM\...\{4BB0DCDC-BC24-49EC-8937-72956C33A470}_is1) (Version: 2.1.0 - OpenShot Studios, LLC)
Oracle VM VirtualBox 5.1.4 (HKLM\...\{4EF3FBF6-697D-440A-AADA-7F5D39B73E62}) (Version: 5.1.4 - Oracle Corporation)
PowerArchiver 2016 (HKLM-x32\...\PowerArchiver 2016 16.10.14) (Version: 16.10.14 - ConeXware, Inc.)
PowerArchiver 2016 (x32 Version: 16.10.14 - ConeXware, Inc.) Hidden
PSPPContent (x32 Version: 16.2.0.20 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 16.2.0.20 - Corel Corporation) Hidden
PSPPro64 (Version: 16.2.0.20 - Corel Corporation) Hidden
qBittorrent 3.3.6 (HKLM-x32\...\qBittorrent) (Version: 3.3.6 - The qBittorrent project)
QuickMediaConverter (HKLM-x32\...\QUICKMEDIACONVERTERExécutable Windows 64 bits) (Version:  - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21255 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.34.617.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7329 - Realtek Semiconductor Corp.)
Setup (x32 Version: 16.2.0.20 - Ihr Firmenname) Hidden
SHIELD Streaming (Version: 7.1.0310 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.0.5.18 - NVIDIA Corporation) Hidden
Skypeâ„¢ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.65452 - TeamViewer)
TweakNow PowerPack (HKLM-x32\...\TweakNow PowerPack_is1) (Version: 4.6.0 - TweakNow.com)
Ultimate Creative Collection (X6) (HKLM-x32\...\_{FE752025-AED8-4AED-BC44-B03C9048A3D4}) (Version: 1.0.0.107 - Corel Corporation)
Ultimate Creative Collection (X6) (x32 Version: 1.0.0.107 - Ihr Firmenname) Hidden
Viber (HKU\S-1-5-21-870488476-3347437722-3144900748-1001\...\{d96d3a07-b1fd-4625-b739-627196eb9aac}) (Version: 6.2.0.1306 - Viber Media Inc.)
Viber (x32 Version: 6.2.0.1306 - Viber Media Inc.) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
WebcamMax (HKLM-x32\...\WebcamMax) (Version: 8.0.1.2.MultiLanguage - COOLWAREMAX)
Windows-Treiberpaket - ASUS (ATP) Mouse  (03/17/2014 1.0.0.207) (HKLM\...\AA2CC56D4BBEE037DC99871F5F6551133D2A0CC3) (Version: 03/17/2014 1.0.0.207 - ASUS)
WinFF 1.5.4 (Codename EMMA) (HKLM-x32\...\WinFF_is1) (Version:  - WinFF.org)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WOT for Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 15.6.9.0 - WOT Services Oy)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-870488476-3347437722-3144900748-1001_Classes\CLSID\{13D67BB7-DB5F-48AA-884D-7A5D94168509}\InprocServer32 -> C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\iebho.dll ()
CustomCLSID: HKU\S-1-5-21-870488476-3347437722-3144900748-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-870488476-3347437722-3144900748-1001_Classes\CLSID\{8A862E2D-CEB8-480D-AA78-A24367C6EF3C}\InprocServer32 -> C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\iedownloadmanager.dll ()

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0B7A2C47-E86D-49BE-9078-85FF76E07665} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-02] (Google Inc.)
Task: {1B159AE7-113B-4C0C-A146-152EA1FAA39D} - System32\Tasks\FreeDownloadManagerNetworkMonitor => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe [2016-08-23] ()
Task: {2A882C2F-1CFE-4096-8686-F23A89719440} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek)
Task: {2D363CE2-E6EF-4039-BB12-0F3C42C517CE} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-09-01] (NVIDIA Corporation)
Task: {36D6B861-C1D7-4708-AF4C-5121589AEF10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-02] (Google Inc.)
Task: {3B238F68-B412-47DA-A0ED-27755C23E79D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-01] (NVIDIA Corporation)
Task: {3D9B5860-6DAF-4DC0-BCD2-EFA3E33D61F4} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {3DF7E5B3-7FD5-41EE-9A41-C38336D2CCC1} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-01] (NVIDIA Corporation)
Task: {464ECD2B-BDB4-4348-B082-55C3EC92AC6C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {5CA6F179-D3D6-49A5-811C-0C805FA54BFA} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-27] (ASUSTek Computer Inc.)
Task: {60EB55A3-8844-477D-9CCC-B39BD4CF7D83} - System32\Tasks\EPSON WF-2650 Series Update {47D110FB-9C9C-4366-9ADB-FF6FFC7DF1B6} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {64E1D59F-7217-444C-BE75-5B3BB588C403} - System32\Tasks\AupAvUpdate => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\updAvTask.exe [2016-06-01] ()
Task: {67C677C0-541F-4673-987A-40CEE551473A} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-01] (NVIDIA Corporation)
Task: {73D55CBA-EEA6-41B6-B110-E763A33CAB63} - System32\Tasks\eM Client Database Backup => C:\Program Files (x86)\eM Client\DbBackup.exe [2016-07-27] ()
Task: {8BCF4937-F916-479A-8CE3-257135F85A57} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)
Task: {989C1F98-0736-468A-8DBE-35F37AF1B309} - System32\Tasks\Health-Check-deep => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe [2016-08-12] (Innovative Solutions)
Task: {A1DBF714-6C9C-45D4-BDB1-816CF97696BF} - System32\Tasks\Health-Check => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe [2016-08-12] (Innovative Solutions)
Task: {ADDA9809-33BB-4662-A4CD-F24968F420D4} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-09-01] (NVIDIA Corporation)
Task: {C28AF548-06AC-4410-B93E-E8334B4DA095} - System32\Tasks\UninstallMonitor => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe [2016-08-12] (Innovative Solutions GRUP SRL)
Task: {C345ACB4-E13B-4F9A-9C0E-271D30B5D2A0} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {CD6F5B50-2788-4205-AF49-C07EF9C0742D} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-06-03] (ASUS)
Task: {D5ADEE8A-2749-46BC-B8AD-D8FFD6CC6FF2} - System32\Tasks\EPSON WF-2650 Series Update {20C13937-2ACC-4FA1-865D-C27A28D93FF2} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\EPSON WF-2650 Series Update {20C13937-2ACC-4FA1-865D-C27A28D93FF2}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE:/EXE:{20C13937-2ACC-4FA1-865D-C27A28D93FF2} /F:Update WORKGROUP\SONOR_45-45$ÄŠSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON WF-2650 Series Update {47D110FB-9C9C-4366-9ADB-FF6FFC7DF1B6}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE:/EXE:{47D110FB-9C9C-4366-9ADB-FF6FFC7DF1B6} /F:Update WORKGROUP\SONOR_45-45$ÄŠSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Health-Check-deep.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
Task: C:\Windows\Tasks\Health-Check.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

ShortcutWithArgument: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\TeamViewer.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=oooiobdokpcfdlahlmcddobejikcmkfo

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-09-04 04:19 - 2016-08-25 23:10 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-03 05:00 - 2016-08-23 20:27 - 00848896 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe
2016-09-03 05:00 - 2016-08-23 20:24 - 00029696 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\WinDivert.dll
2016-09-04 04:23 - 2016-09-01 10:29 - 04490296 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-09-04 04:23 - 2016-09-01 10:29 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-04 04:23 - 2016-09-01 10:29 - 00419896 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2016-06-08 18:04 - 2016-06-08 18:04 - 00117400 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
2016-09-03 04:19 - 2016-08-10 12:54 - 00782248 _____ () C:\Program Files (x86)\360\Total Security\MenuEx64.dll
2016-05-12 22:12 - 2016-05-12 22:12 - 00382072 _____ () C:\Windows\system32\igfxTray.exe
2016-09-04 04:23 - 2016-09-01 10:28 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\nvstreamsrv\boost_system-vc120-mt-1_58.dll
2016-09-04 04:23 - 2016-09-01 10:28 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\nvstreamsrv\boost_regex-vc120-mt-1_58.dll
2016-09-03 05:00 - 2016-06-28 19:14 - 02160128 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\avformat-57.dll
2016-09-03 05:00 - 2016-06-28 19:14 - 00484352 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\avutil-55.dll
2016-09-03 05:00 - 2016-06-28 19:14 - 12621312 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\avcodec-57.dll
2016-09-03 05:00 - 2016-06-28 19:14 - 02111488 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\avfilter-6.dll
2016-09-03 05:00 - 2016-06-28 19:14 - 00663040 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\swscale-4.dll
2016-09-03 05:00 - 2016-06-28 19:14 - 00139264 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\swresample-2.dll
2016-09-03 05:00 - 2016-06-28 19:14 - 00071168 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\postproc-54.dll
2016-09-03 05:00 - 2016-08-23 20:24 - 00099328 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winunivappfeatures.dll
2016-09-03 05:00 - 2016-06-28 18:32 - 65771520 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\libcef.dll
2016-09-03 05:00 - 2016-06-28 18:32 - 02129920 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\libglesv2.dll
2016-09-03 05:00 - 2016-06-28 18:32 - 00087040 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\libegl.dll
2016-09-03 05:17 - 2016-09-03 05:17 - 26540168 _____ () C:\Users\David\AppData\Roaming\ICQ\bin\icq.exe
2016-09-04 03:52 - 2016-06-08 18:07 - 00458904 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
2016-09-04 03:52 - 2016-06-08 18:18 - 00709272 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_modeler.dll
2016-09-04 03:52 - 2016-06-08 18:17 - 00188568 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\foreground_window_input.dll
2011-07-17 06:56 - 2011-07-17 06:56 - 01038848 _____ () C:\Program Files (x86)\WebcamMax\wcmmon.exe
2016-07-20 18:29 - 2016-07-20 18:29 - 15855104 _____ () C:\Program Files (x86)\qBittorrent\qbittorrent.exe
2014-12-21 04:07 - 2014-12-21 04:07 - 00208415 _____ () C:\Windows\SysWOW64\Codecs\TrayMenu.exe
2016-09-03 04:19 - 2016-08-10 12:54 - 01153448 _____ () C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
2016-09-03 04:19 - 2016-08-10 12:54 - 00099240 _____ () C:\Program Files (x86)\360\Total Security\deepscan\qutmload.dll
2016-09-04 04:23 - 2016-09-01 10:29 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-09-03 04:37 - 2016-08-12 13:02 - 00010792 _____ () C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\memmgrset.dll
2016-09-03 04:37 - 2014-03-07 11:23 - 00565827 _____ () C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\sqlite3.dll
2014-06-03 20:01 - 2014-06-03 20:01 - 00117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-06-03 20:01 - 2014-06-03 20:01 - 00037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2014-06-03 20:01 - 2014-06-03 20:01 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll
2014-06-03 20:01 - 2014-06-03 20:01 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll
2016-09-04 04:23 - 2016-09-01 09:17 - 00502328 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-09-04 04:23 - 2016-09-01 09:17 - 00256056 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-09-04 04:23 - 2016-09-01 09:17 - 02799552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-09-04 04:23 - 2016-09-01 09:17 - 00246328 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-09-04 04:23 - 2016-09-01 09:17 - 00430136 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-09-04 04:23 - 2016-09-01 09:17 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-09-04 04:23 - 2016-09-01 09:17 - 00373696 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-09-04 04:23 - 2016-09-01 10:28 - 60819000 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-07-14 17:32 - 2016-07-14 17:32 - 55714816 _____ () C:\Program Files (x86)\eM Client\libcef.DLL
2016-07-14 17:34 - 2016-07-14 17:34 - 00871936 _____ () C:\Program Files (x86)\eM Client\SQLite\x86\sqlite3.dll
2016-09-03 05:17 - 2016-09-03 05:17 - 04058248 _____ () C:\Users\David\AppData\Roaming\ICQ\bin\corelib.dll
2016-09-03 05:43 - 2016-08-09 01:27 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-09-03 05:43 - 2015-07-02 00:06 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-09-03 05:43 - 2016-09-01 02:02 - 02321696 _____ () C:\Program Files (x86)\Steam\video.dll
2016-09-03 05:43 - 2015-07-02 00:06 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-09-03 05:43 - 2015-07-02 00:06 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-09-03 05:43 - 2016-01-27 09:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-09-03 05:43 - 2016-01-27 09:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
Code:
ATTFilter
2016-09-03 05:43 - 2016-01-27 09:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-09-03 05:43 - 2016-01-27 09:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-09-03 05:43 - 2016-01-27 09:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-09-03 05:43 - 2016-09-01 02:02 - 00835360 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-09-03 05:43 - 2016-07-05 00:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-09-03 05:43 - 2016-08-04 22:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-08-10 17:54 - 2016-08-10 17:54 - 00042064 _____ () C:\Users\David\AppData\Local\Viber\qrencode.dll
2016-08-10 17:55 - 2016-08-10 17:55 - 00397904 _____ () C:\Users\David\AppData\Local\Viber\imageformats\qsvg.dll
2016-09-03 08:01 - 2013-12-09 15:26 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-870488476-3347437722-3144900748-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\David\Pictures\Wallpaper\night_sky_moon_trees_river_reflection_95979_1920x1080.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C87F5B35-E9B2-4925-9F4B-FF69F988420D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{E3E26090-FFE6-46D5-A493-1286F8808438}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{CF1BA3A8-A1D1-473C-A6DF-C91853FCB7BC}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{997A256F-5506-4D51-BA16-53D85BA01F4E}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{49755C9E-FFA0-48A6-B80A-7A1C699FF070}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{136CC0E8-CB15-413E-8510-CBC27E33FF2F}] => (Allow) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
FirewallRules: [{A22FFDB8-A2AC-4F25-9ADE-73CB7F7D8537}] => (Allow) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
FirewallRules: [TCP Query User{0ECB9077-7CEF-4849-995F-00FDC70F6D9E}C:\program files\openshot video editor\launch.exe] => (Allow) C:\program files\openshot video editor\launch.exe
FirewallRules: [UDP Query User{B6FB3418-142E-4E5A-A5F0-11FC6F12D5B1}C:\program files\openshot video editor\launch.exe] => (Allow) C:\program files\openshot video editor\launch.exe
FirewallRules: [{9199BF7F-17F7-4A4C-B129-F1DCF76ED3AB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E23202D5-DC00-4918-AE4C-A561FF0F96B3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1EFAB845-D151-4261-B7B6-4DC6F01F024D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2155E5E3-DBFB-4B6B-86D0-C0B41BD7C73D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{118F2E1A-F8C1-4E16-865B-4E855C3E2C46}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{79DEE7AA-C4D1-4579-9DDF-D89E0CE03767}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A333E90C-78F7-4845-B373-1586B517E221}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{78AEE1A2-5585-42BA-9D82-926918FD5C58}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{921B9F8A-C937-44FC-9C5E-F8F07BE08253}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{8325021A-4179-4DA9-96A7-458860BBB99F}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{A421DA3C-59FA-45A3-9570-B148E0D183E7}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{4B57DAA1-D3F0-436B-87A5-9BFA7F52071C}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{665E51CD-0B2E-4D4F-9A73-489379A15C06}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{6A594E5E-48C7-42E0-AD61-B5AAF368920C}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{42638317-CCBB-4996-A066-CF8E65348E2B}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
FirewallRules: [{46BA67C5-3E5C-4BA9-82DC-6EED962F44C1}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{88463A54-09CB-4D55-86CB-F97CCDA51C1F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{C130B361-DCBC-447F-80F8-BC7611320420}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{A10BC970-9BA8-49DB-9108-BB0B7FB16DE0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{E4C72743-D5FB-4937-82FA-014D56B12C34}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{96CAB168-DD47-40F0-A128-B933B397CD0B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C7534C61-15BB-4924-98C3-06F7FCD25DF9}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{D3197F2F-D126-4C88-9D85-C8660C760837}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{BE404BDE-5CA1-477B-B9B6-244F58D34F62}] => (Allow) C:\Users\David\Downloads\freefirewall-x64-setup.exe
FirewallRules: [{ECA31298-34EE-4769-8FB6-F07E4E0A6C83}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{51506D61-8ED7-4A63-8AEF-B87ECB0C4D90}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe

==================== Wiederherstellungspunkte =========================

04-09-2016 03:52:03 Intel® Driver Update Utility
04-09-2016 03:53:55 Installed Intel(R) Wireless Bluetooth(R)
04-09-2016 15:49:56 Installed Intel(R) Wireless Bluetooth(R)
04-09-2016 16:06:27 Installed Epson Connect Printer Setup
04-09-2016 16:58:11 Free Firewall

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (09/04/2016 05:52:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: healthmon.exe, Version: 1.1.0.17, Zeitstempel: 0x57c7378e
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18340, Zeitstempel: 0x57366075
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000008a5c
ID des fehlerhaften Prozesses: 0x6e4
Startzeit der fehlerhaften Anwendung: 0x01d206c230c488ed
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\AdAware\hms\healthmon.exe
Pfad des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll
Berichtskennung: 87592455-72b7-11e6-8287-4851b736bb44
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Code:
ATTFilter
Error: (09/04/2016 05:52:06 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: healthmon.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ArgumentOutOfRangeException
Stapel:
   bei System.Threading.Thread.Sleep(System.TimeSpan)
   bei HealthMonitor.MainMonitor.Worker()
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart()

Error: (09/04/2016 05:26:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: healthmon.exe, Version: 1.1.0.17, Zeitstempel: 0x57c7378e
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18340, Zeitstempel: 0x57366075
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000008a5c
ID des fehlerhaften Prozesses: 0x80c
Startzeit der fehlerhaften Anwendung: 0x01d206bea8833df9
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\AdAware\hms\healthmon.exe
Pfad des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll
Berichtskennung: fefb7275-72b3-11e6-8286-4851b736bb44
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/04/2016 05:26:49 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: healthmon.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ArgumentOutOfRangeException
Stapel:
   bei System.Threading.Thread.Sleep(System.TimeSpan)
   bei HealthMonitor.MainMonitor.Worker()
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart()

Error: (09/04/2016 05:08:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PowerPack.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ff_vfw.dll, Version: 1.3.0.0, Zeitstempel: 0x548199c3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00004d4b
ID des fehlerhaften Prozesses: 0x1b24
Startzeit der fehlerhaften Anwendung: 0x01d206bdd6ef7817
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\TweakNow PowerPack\PowerPack.exe
Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ff_vfw.dll
Berichtskennung: 699a7b0e-72b1-11e6-8285-4851b736bb44
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/04/2016 05:03:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: healthmon.exe, Version: 1.1.0.17, Zeitstempel: 0x57c7378e
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18340, Zeitstempel: 0x57366075
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000008a5c
ID des fehlerhaften Prozesses: 0x67c
Startzeit der fehlerhaften Anwendung: 0x01d206bb5daa0fe9
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\AdAware\hms\healthmon.exe
Pfad des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll
Berichtskennung: b43d4c04-72b0-11e6-8285-4851b736bb44
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/04/2016 05:03:15 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: healthmon.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ArgumentOutOfRangeException
Stapel:
   bei System.Threading.Thread.Sleep(System.TimeSpan)
   bei HealthMonitor.MainMonitor.Worker()
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart()

Error: (09/04/2016 04:35:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: healthmon.exe, Version: 1.1.0.17, Zeitstempel: 0x57c7378e
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18340, Zeitstempel: 0x57366075
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000008a5c
ID des fehlerhaften Prozesses: 0x7f8
Startzeit der fehlerhaften Anwendung: 0x01d206b76f0df15d
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\AdAware\hms\healthmon.exe
Pfad des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll
Berichtskennung: c58a52a8-72ac-11e6-8284-4851b736bb44
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/04/2016 04:35:06 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: healthmon.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ArgumentOutOfRangeException
Stapel:
   bei System.Threading.Thread.Sleep(System.TimeSpan)
   bei HealthMonitor.MainMonitor.Worker()
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart()

Error: (09/04/2016 04:04:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: healthmon.exe, Version: 1.1.0.17, Zeitstempel: 0x57c7378e
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18340, Zeitstempel: 0x57366075
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000008a5c
ID des fehlerhaften Prozesses: 0x24b4
Startzeit der fehlerhaften Anwendung: 0x01d206b3253b7d6d
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\AdAware\hms\healthmon.exe
Pfad des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll
Berichtskennung: 7ba08557-72a8-11e6-8283-54a0508c1c1b
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


Systemfehler:
=============
Error: (09/04/2016 05:52:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Health Monitor Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/04/2016 05:36:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Energy Server Service WILLAMETTE" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/04/2016 05:26:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Health Monitor Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/04/2016 05:03:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Health Monitor Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/04/2016 04:35:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Health Monitor Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/04/2016 04:04:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Health Monitor Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/04/2016 03:50:06 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (09/04/2016 03:48:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Health Monitor Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/04/2016 03:32:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Health Monitor Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/04/2016 03:16:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Health Monitor Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.


CodeIntegrity:
===================================
  Date: 2016-09-03 04:07:29.947
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-03 04:07:29.825
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-03 04:07:29.701
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 23%
Installierter physikalischer RAM: 16266.84 MB
Verfügbarer physikalischer RAM: 12493.45 MB
Summe virtueller Speicher: 33674.84 MB
Verfügbarer virtueller Speicher: 29994.04 MB

==================== Laufwerke ================================

Drive c: (WIN81PRO) (Fixed) (Total:223.44 GB) (Free:147.01 GB) NTFS
Drive d: (WIN81PRO2) (Fixed) (Total:223.05 GB) (Free:222.7 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: 00037006)

Partition: GPT.

========================================================
Disk: 1 (Size: 223.6 GB) (Disk ID: 00B7D16F)

Partition: GPT.

==================== Ende von Addition.txt ============================
TDSS:

Code:
ATTFilter
17:56:50.0156 0x0d10  TDSS rootkit removing tool 3.1.0.11 Aug  5 2016 12:13:31
17:56:50.0156 0x0d10  UEFI system
17:57:03.0058 0x0d10  ============================================================
17:57:03.0058 0x0d10  Current date / time: 2016/09/04 17:57:03.0058
17:57:03.0058 0x0d10  SystemInfo:
17:57:03.0058 0x0d10  
17:57:03.0058 0x0d10  OS Version: 6.3.9600 ServicePack: 0.0
17:57:03.0058 0x0d10  Product type: Workstation
17:57:03.0058 0x0d10  ComputerName: SONOR_45-45
17:57:03.0058 0x0d10  UserName: xxxxxxxxxxxxxxxxx
17:57:03.0058 0x0d10  Windows directory: C:\Windows
17:57:03.0058 0x0d10  System windows directory: C:\Windows
17:57:03.0058 0x0d10  Running under WOW64
17:57:03.0058 0x0d10  Processor architecture: Intel x64
17:57:03.0058 0x0d10  Number of processors: 8
17:57:03.0058 0x0d10  Page size: 0x1000
17:57:03.0058 0x0d10  Boot type: Normal boot
17:57:03.0058 0x0d10  CodeIntegrityOptions = 0x00000001
17:57:03.0058 0x0d10  ============================================================
17:57:03.0446 0x0d10  KLMD registered as C:\Windows\system32\drivers\62636068.sys
17:57:03.0446 0x0d10  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 9600.18423, osProperties = 0x19
17:57:03.0635 0x0d10  System UUID: {ED223F76-4B53-BE6E-6447-A8EE8714085B}
17:57:03.0952 0x0d10  Drive \Device\Harddisk0\DR0 - Size: 0x37E4896000 ( 223.57 Gb ), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:57:03.0952 0x0d10  Drive \Device\Harddisk1\DR1 - Size: 0x37E4896000 ( 223.57 Gb ), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:57:03.0955 0x0d10  ============================================================
17:57:03.0955 0x0d10  \Device\Harddisk0\DR0:
17:57:03.0955 0x0d10  GPT partitions:
17:57:03.0955 0x0d10  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {40B344D1-5C13-4D82-A326-C2CEA0F35A82}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x96000
17:57:03.0955 0x0d10  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {D86F6069-71C5-40EF-8338-8D4A3435F061}, Name: EFI system partition, StartLBA 0x96800, BlocksNum 0x32000
17:57:03.0955 0x0d10  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {59AEB804-AEDB-4602-A81C-2F4A11475998}, Name: Microsoft reserved partition, StartLBA 0xC8800, BlocksNum 0x40000
17:57:03.0955 0x0d10  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {AEF6449D-15A5-42DA-B9B3-6BBCB83F36FB}, Name: Basic data partition, StartLBA 0x108800, BlocksNum 0x1BE1B800
17:57:03.0955 0x0d10  MBR partitions:
17:57:03.0955 0x0d10  \Device\Harddisk1\DR1:
17:57:03.0955 0x0d10  GPT partitions:
17:57:03.0956 0x0d10  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {CE4DC5F5-E895-4567-BADE-4C607B44C0AE}, Name: Microsoft reserved partition, StartLBA 0x800, BlocksNum 0x40000
17:57:03.0956 0x0d10  \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {2DDB91CC-0EA1-4BA6-B928-91FC21CA2575}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x1BEE3800
17:57:03.0956 0x0d10  MBR partitions:
17:57:03.0956 0x0d10  ============================================================
17:57:03.0956 0x0d10  Initialize success
17:57:03.0956 0x0d10  ============================================================
17:57:08.0501 0x09a8  ============================================================
17:57:08.0501 0x09a8  Scan started
17:57:08.0501 0x09a8  Mode: Manual; SigCheck; TDLFS; 
17:57:08.0501 0x09a8  ============================================================
17:57:08.0501 0x09a8  KSN ping started
17:57:08.0573 0x09a8  KSN ping finished: true
17:57:08.0709 0x09a8  ================ Scan system memory ========================
17:57:08.0709 0x09a8  System memory - ok
17:57:08.0709 0x09a8  ================ Scan services =============================
17:57:08.0716 0x09a8  1394ohci - ok
17:57:08.0718 0x09a8  360AntiHacker - ok
17:57:08.0719 0x09a8  360AvFlt - ok
17:57:08.0721 0x09a8  360Box64 - ok
17:57:08.0723 0x09a8  360Camera - ok
17:57:08.0725 0x09a8  360FsFlt - ok
17:57:08.0727 0x09a8  3ware - ok
17:57:08.0729 0x09a8  ACPI - ok
17:57:08.0731 0x09a8  acpiex - ok
17:57:08.0732 0x09a8  acpipagr - ok
17:57:08.0734 0x09a8  AcpiPmi - ok
17:57:08.0736 0x09a8  acpitime - ok
17:57:08.0739 0x09a8  AdobeARMservice - ok
17:57:08.0741 0x09a8  ADP80XX - ok
17:57:08.0743 0x09a8  AeLookupSvc - ok
17:57:08.0745 0x09a8  AFD - ok
17:57:08.0747 0x09a8  agp440 - ok
17:57:08.0749 0x09a8  ahcache - ok
17:57:08.0750 0x09a8  AiCharger - ok
17:57:08.0752 0x09a8  ALG - ok
17:57:08.0754 0x09a8  AmdK8 - ok
17:57:08.0756 0x09a8  AmdPPM - ok
17:57:08.0758 0x09a8  amdsata - ok
17:57:08.0761 0x09a8  amdsbs - ok
17:57:08.0763 0x09a8  amdxata - ok
17:57:08.0765 0x09a8  AppID - ok
17:57:08.0767 0x09a8  AppIDSvc - ok
17:57:08.0769 0x09a8  Appinfo - ok
17:57:08.0771 0x09a8  AppMgmt - ok
17:57:08.0773 0x09a8  AppReadiness - ok
17:57:08.0775 0x09a8  AppXSvc - ok
17:57:08.0777 0x09a8  arcsas - ok
17:57:08.0779 0x09a8  ASLDRService - ok
17:57:08.0781 0x09a8  ASMMAP64 - ok
17:57:08.0783 0x09a8  atapi - ok
17:57:08.0784 0x09a8  ATKGFNEXSrv - ok
17:57:08.0786 0x09a8  ATKWMIACPIIO - ok
17:57:08.0788 0x09a8  ATP - ok
17:57:08.0790 0x09a8  AudioEndpointBuilder - ok
17:57:08.0792 0x09a8  Audiosrv - ok
17:57:08.0793 0x09a8  AxInstSV - ok
17:57:08.0795 0x09a8  b06bdrv - ok
17:57:08.0797 0x09a8  BAPIDRV - ok
17:57:08.0799 0x09a8  BasicDisplay - ok
17:57:08.0801 0x09a8  BasicRender - ok
17:57:08.0803 0x09a8  bcmfn2 - ok
17:57:08.0806 0x09a8  BDESVC - ok
17:57:08.0808 0x09a8  Beep - ok
17:57:08.0809 0x09a8  BFE - ok
17:57:08.0811 0x09a8  BITS - ok
17:57:08.0813 0x09a8  Bluetooth Device Monitor - ok
17:57:08.0815 0x09a8  Bluetooth OBEX Service - ok
17:57:08.0817 0x09a8  bowser - ok
17:57:08.0818 0x09a8  BrokerInfrastructure - ok
17:57:08.0820 0x09a8  Browser - ok
17:57:08.0822 0x09a8  BthAvrcpTg - ok
17:57:08.0824 0x09a8  BthEnum - ok
17:57:08.0825 0x09a8  BthHFEnum - ok
17:57:08.0827 0x09a8  bthhfhid - ok
17:57:08.0829 0x09a8  BthHFSrv - ok
17:57:08.0831 0x09a8  BthLEEnum - ok
17:57:08.0832 0x09a8  BTHMODEM - ok
17:57:08.0834 0x09a8  BthPan - ok
17:57:08.0836 0x09a8  BTHPORT - ok
17:57:08.0837 0x09a8  bthserv - ok
17:57:08.0839 0x09a8  BTHUSB - ok
17:57:08.0841 0x09a8  btmaux - ok
17:57:08.0842 0x09a8  btmhsf - ok
17:57:08.0844 0x09a8  cdfs - ok
17:57:08.0846 0x09a8  cdrom - ok
17:57:08.0848 0x09a8  CertPropSvc - ok
17:57:08.0850 0x09a8  chromoting - ok
17:57:08.0852 0x09a8  circlass - ok
17:57:08.0854 0x09a8  CLFS - ok
17:57:08.0859 0x09a8  CmBatt - ok
17:57:08.0860 0x09a8  CNG - ok
17:57:08.0863 0x09a8  CompositeBus - ok
17:57:08.0865 0x09a8  COMSysApp - ok
17:57:08.0867 0x09a8  condrv - ok
17:57:08.0869 0x09a8  cphs - ok
17:57:08.0871 0x09a8  CryptSvc - ok
17:57:08.0873 0x09a8  CSC - ok
17:57:08.0875 0x09a8  CscService - ok
17:57:08.0877 0x09a8  dam - ok
17:57:08.0879 0x09a8  DcomLaunch - ok
17:57:08.0881 0x09a8  defragsvc - ok
17:57:08.0883 0x09a8  DeviceAssociationService - ok
17:57:08.0884 0x09a8  DeviceInstall - ok
17:57:08.0886 0x09a8  Dfsc - ok
17:57:08.0888 0x09a8  Dhcp - ok
17:57:08.0891 0x09a8  DiagTrack - ok
17:57:08.0893 0x09a8  disk - ok
17:57:08.0894 0x09a8  dmvsc - ok
Code:
ATTFilter
17:57:08.0896 0x09a8  Dnscache - ok
17:57:08.0898 0x09a8  dot3svc - ok
17:57:08.0899 0x09a8  DPS - ok
17:57:08.0901 0x09a8  DriverMFTService - ok
17:57:08.0903 0x09a8  drmkaud - ok
17:57:08.0905 0x09a8  DsmSvc - ok
17:57:08.0907 0x09a8  DXGKrnl - ok
17:57:08.0909 0x09a8  Eaphost - ok
17:57:08.0910 0x09a8  ebdrv - ok
17:57:08.0912 0x09a8  EFS - ok
17:57:08.0914 0x09a8  EhStorClass - ok
17:57:08.0915 0x09a8  EhStorTcgDrv - ok
17:57:08.0917 0x09a8  epmntdrv - ok
17:57:08.0919 0x09a8  EpsonScanSvc - ok
17:57:08.0921 0x09a8  ErrDev - ok
17:57:08.0926 0x09a8  EuGdiDrv - ok
17:57:08.0929 0x09a8  EventSystem - ok
17:57:08.0931 0x09a8  EvtEng - ok
17:57:08.0933 0x09a8  exfat - ok
17:57:08.0934 0x09a8  fastfat - ok
17:57:08.0936 0x09a8  Fax - ok
17:57:08.0938 0x09a8  fdc - ok
17:57:08.0940 0x09a8  fdPHost - ok
17:57:08.0942 0x09a8  FDResPub - ok
17:57:08.0943 0x09a8  fhsvc - ok
17:57:08.0945 0x09a8  FileInfo - ok
17:57:08.0947 0x09a8  Filetrace - ok
17:57:08.0948 0x09a8  flpydisk - ok
17:57:08.0950 0x09a8  FltMgr - ok
17:57:08.0952 0x09a8  FontCache - ok
17:57:08.0953 0x09a8  FontCache3.0.0.0 - ok
17:57:08.0955 0x09a8  FsDepends - ok
17:57:08.0957 0x09a8  Fs_Rec - ok
17:57:08.0959 0x09a8  fvevol - ok
17:57:08.0961 0x09a8  FxPPM - ok
17:57:08.0962 0x09a8  gagp30kx - ok
17:57:08.0964 0x09a8  gencounter - ok
17:57:08.0966 0x09a8  GPIOClx0101 - ok
17:57:08.0968 0x09a8  gpsvc - ok
17:57:08.0969 0x09a8  gupdate - ok
17:57:08.0971 0x09a8  gupdatem - ok
17:57:08.0973 0x09a8  HdAudAddService - ok
17:57:08.0975 0x09a8  HDAudBus - ok
17:57:08.0976 0x09a8  healthmon - ok
17:57:08.0978 0x09a8  HidBatt - ok
17:57:08.0980 0x09a8  HidBth - ok
17:57:08.0982 0x09a8  hidi2c - ok
17:57:08.0983 0x09a8  HidIr - ok
17:57:08.0985 0x09a8  hidserv - ok
17:57:08.0987 0x09a8  HIDSwitch - ok
17:57:08.0988 0x09a8  HidUsb - ok
17:57:08.0990 0x09a8  hkmsvc - ok
17:57:08.0992 0x09a8  HomeGroupListener - ok
17:57:08.0994 0x09a8  HomeGroupProvider - ok
17:57:08.0995 0x09a8  HpSAMD - ok
17:57:08.0997 0x09a8  HTTP - ok
17:57:08.0999 0x09a8  HWiNFO32 - ok
17:57:09.0000 0x09a8  hwpolicy - ok
17:57:09.0002 0x09a8  hyperkbd - ok
17:57:09.0004 0x09a8  HyperVideo - ok
17:57:09.0006 0x09a8  i8042prt - ok
17:57:09.0008 0x09a8  iaLPSSi_GPIO - ok
17:57:09.0011 0x09a8  iaLPSSi_I2C - ok
17:57:09.0012 0x09a8  iaStorA - ok
17:57:09.0013 0x09a8  iaStorAV - ok
17:57:09.0016 0x09a8  iaStorV - ok
17:57:09.0019 0x09a8  ibtsiva - ok
17:57:09.0020 0x09a8  ibtusb - ok
17:57:09.0022 0x09a8  IEEtwCollectorService - ok
17:57:09.0024 0x09a8  igfx - ok
17:57:09.0026 0x09a8  igfxCUIService1.0.0.0 - ok
17:57:09.0028 0x09a8  IKEEXT - ok
17:57:09.0031 0x09a8  InnovativeSolutions_monitor - ok
17:57:09.0034 0x09a8  intaud_WaveExtensible - ok
17:57:09.0036 0x09a8  IntcAzAudAddService - ok
17:57:09.0038 0x09a8  IntcDAud - ok
17:57:09.0039 0x09a8  Intel(R) Capability Licensing Service Interface - ok
17:57:09.0041 0x09a8  Intel(R) Capability Licensing Service TCP IP Interface - ok
17:57:09.0043 0x09a8  intelide - ok
17:57:09.0045 0x09a8  intelpep - ok
17:57:09.0047 0x09a8  intelppm - ok
17:57:09.0049 0x09a8  IpFilterDriver - ok
17:57:09.0051 0x09a8  iphlpsvc - ok
17:57:09.0052 0x09a8  IPMIDRV - ok
17:57:09.0054 0x09a8  IPNAT - ok
17:57:09.0056 0x09a8  IRENUM - ok
17:57:09.0058 0x09a8  isapnp - ok
17:57:09.0060 0x09a8  iScsiPrt - ok
17:57:09.0061 0x09a8  iwdbus - ok
17:57:09.0063 0x09a8  jhi_service - ok
17:57:09.0065 0x09a8  kbdclass - ok
17:57:09.0067 0x09a8  kbdhid - ok
17:57:09.0069 0x09a8  kbfiltr - ok
17:57:09.0071 0x09a8  kbldfltr - ok
17:57:09.0073 0x09a8  kdnic - ok
17:57:09.0075 0x09a8  KeyIso - ok
17:57:09.0076 0x09a8  KSecDD - ok
17:57:09.0078 0x09a8  KSecPkg - ok
17:57:09.0080 0x09a8  ksthunk - ok
17:57:09.0081 0x09a8  KtmRm - ok
17:57:09.0083 0x09a8  LanmanServer - ok
17:57:09.0085 0x09a8  LanmanWorkstation - ok
17:57:09.0087 0x09a8  lfsvc - ok
17:57:09.0089 0x09a8  lltdio - ok
17:57:09.0091 0x09a8  lltdsvc - ok
17:57:09.0093 0x09a8  lmhosts - ok
17:57:09.0094 0x09a8  LMS - ok
17:57:09.0097 0x09a8  LSI_SAS - ok
17:57:09.0099 0x09a8  LSI_SAS2 - ok
17:57:09.0101 0x09a8  LSI_SAS3 - ok
17:57:09.0102 0x09a8  LSI_SSS - ok
17:57:09.0104 0x09a8  LSM - ok
17:57:09.0106 0x09a8  luafv - ok
17:57:09.0108 0x09a8  megasas - ok
17:57:09.0110 0x09a8  megasr - ok
17:57:09.0112 0x09a8  MEIx64 - ok
17:57:09.0113 0x09a8  MMCSS - ok
17:57:09.0115 0x09a8  Modem - ok
17:57:09.0117 0x09a8  monitor - ok
17:57:09.0118 0x09a8  mouclass - ok
17:57:09.0120 0x09a8  mouhid - ok
17:57:09.0122 0x09a8  mountmgr - ok
17:57:09.0124 0x09a8  mpsdrv - ok
17:57:09.0126 0x09a8  MpsSvc - ok
17:57:09.0128 0x09a8  MRxDAV - ok
17:57:09.0129 0x09a8  mrxsmb - ok
17:57:09.0131 0x09a8  mrxsmb10 - ok
17:57:09.0133 0x09a8  mrxsmb20 - ok
17:57:09.0134 0x09a8  MsBridge - ok
17:57:09.0136 0x09a8  MSDTC - ok
17:57:09.0139 0x09a8  Msfs - ok
17:57:09.0142 0x09a8  msgpiowin32 - ok
17:57:09.0143 0x09a8  mshidkmdf - ok
17:57:09.0145 0x09a8  mshidumdf - ok
17:57:09.0147 0x09a8  msisadrv - ok
17:57:09.0149 0x09a8  MSiSCSI - ok
17:57:09.0151 0x09a8  msiserver - ok
17:57:09.0152 0x09a8  MsKeyboardFilter - ok
17:57:09.0154 0x09a8  MSKSSRV - ok
17:57:09.0156 0x09a8  MsLldp - ok
17:57:09.0158 0x09a8  MSPCLOCK - ok
17:57:09.0160 0x09a8  MSPQM - ok
17:57:09.0161 0x09a8  MsRPC - ok
17:57:09.0164 0x09a8  mssmbios - ok
17:57:09.0166 0x09a8  MSTEE - ok
17:57:09.0168 0x09a8  MTConfig - ok
17:57:09.0170 0x09a8  Mup - ok
17:57:09.0171 0x09a8  mvumis - ok
17:57:09.0173 0x09a8  MyWiFiDHCPDNS - ok
17:57:09.0175 0x09a8  napagent - ok
17:57:09.0177 0x09a8  NativeWifiP - ok
17:57:09.0179 0x09a8  NcaSvc - ok
17:57:09.0180 0x09a8  NcbService - ok
17:57:09.0182 0x09a8  NcdAutoSetup - ok
17:57:09.0184 0x09a8  NDIS - ok
17:57:09.0186 0x09a8  NdisCap - ok
17:57:09.0188 0x09a8  NdisImPlatform - ok
17:57:09.0189 0x09a8  NdisTapi - ok
17:57:09.0191 0x09a8  Ndisuio - ok
17:57:09.0193 0x09a8  NdisVirtualBus - ok
17:57:09.0195 0x09a8  NdisWan - ok
17:57:09.0197 0x09a8  NdisWanLegacy - ok
17:57:09.0198 0x09a8  NDProxy - ok
17:57:09.0200 0x09a8  Ndu - ok
17:57:09.0202 0x09a8  NetBIOS - ok
17:57:09.0204 0x09a8  NetBT - ok
17:57:09.0206 0x09a8  Netlogon - ok
17:57:09.0208 0x09a8  Netman - ok
17:57:09.0210 0x09a8  netprofm - ok
17:57:09.0211 0x09a8  NetTcpPortSharing - ok
17:57:09.0213 0x09a8  netvsc - ok
17:57:09.0215 0x09a8  NETwNb64 - ok
17:57:09.0217 0x09a8  NETwNe64 - ok
17:57:09.0219 0x09a8  NlaSvc - ok
17:57:09.0220 0x09a8  Npfs - ok
17:57:09.0223 0x09a8  npggsvc - ok
17:57:09.0225 0x09a8  npsvctrig - ok
17:57:09.0227 0x09a8  nsi - ok
17:57:09.0228 0x09a8  nsiproxy - ok
17:57:09.0231 0x09a8  Ntfs - ok
17:57:09.0233 0x09a8  Null - ok
17:57:09.0235 0x09a8  NvContainerLocalSystem - ok
17:57:09.0237 0x09a8  NvContainerNetworkService - ok
17:57:09.0239 0x09a8  NVIDIA Wireless Controller Service - ok
17:57:09.0241 0x09a8  nvlddmkm - ok
17:57:09.0243 0x09a8  nvraid - ok
17:57:09.0245 0x09a8  nvstor - ok
17:57:09.0247 0x09a8  NvStreamKms - ok
17:57:09.0248 0x09a8  nvsvc - ok
17:57:09.0250 0x09a8  nvvad_WaveExtensible - ok
17:57:09.0252 0x09a8  nv_agp - ok
17:57:09.0254 0x09a8  p2pimsvc - ok
17:57:09.0256 0x09a8  p2psvc - ok
17:57:09.0257 0x09a8  Parport - ok
17:57:09.0259 0x09a8  partmgr - ok
17:57:09.0261 0x09a8  PcaSvc - ok
17:57:09.0263 0x09a8  pci - ok
17:57:09.0264 0x09a8  pciide - ok
17:57:09.0266 0x09a8  pcmcia - ok
17:57:09.0268 0x09a8  pcw - ok
17:57:09.0270 0x09a8  pdc - ok
17:57:09.0272 0x09a8  PEAUTH - ok
17:57:09.0274 0x09a8  PeerDistSvc - ok
17:57:09.0276 0x09a8  PerfHost - ok
17:57:09.0280 0x09a8  pla - ok
17:57:09.0282 0x09a8  PlugPlay - ok
17:57:09.0284 0x09a8  PNRPAutoReg - ok
17:57:09.0286 0x09a8  PNRPsvc - ok
17:57:09.0287 0x09a8  PolicyAgent - ok
Code:
ATTFilter
17:57:09.0290 0x09a8  Power - ok
17:57:09.0292 0x09a8  PrintNotify - ok
17:57:09.0294 0x09a8  Processor - ok
17:57:09.0296 0x09a8  ProfSvc - ok
17:57:09.0297 0x09a8  Psched - ok
17:57:09.0299 0x09a8  PSI_SVC_2_x64 - ok
17:57:09.0301 0x09a8  QHActiveDefense - ok
17:57:09.0303 0x09a8  QWAVE - ok
17:57:09.0304 0x09a8  QWAVEdrv - ok
17:57:09.0306 0x09a8  RasAcd - ok
17:57:09.0308 0x09a8  RasAuto - ok
17:57:09.0310 0x09a8  RasMan - ok
17:57:09.0312 0x09a8  RasPppoe - ok
17:57:09.0314 0x09a8  rdbss - ok
17:57:09.0317 0x09a8  rdpbus - ok
17:57:09.0318 0x09a8  RDPDR - ok
17:57:09.0322 0x09a8  RdpVideoMiniport - ok
17:57:09.0323 0x09a8  rdyboost - ok
17:57:09.0325 0x09a8  ReFS - ok
17:57:09.0328 0x09a8  RegSrvc - ok
17:57:09.0330 0x09a8  RemoteAccess - ok
17:57:09.0332 0x09a8  RemoteRegistry - ok
17:57:09.0333 0x09a8  RFCOMM - ok
17:57:09.0335 0x09a8  RpcEptMapper - ok
17:57:09.0337 0x09a8  RpcLocator - ok
17:57:09.0339 0x09a8  RpcSs - ok
17:57:09.0341 0x09a8  rspndr - ok
17:57:09.0343 0x09a8  RTL8168 - ok
17:57:09.0345 0x09a8  RTSPER - ok
17:57:09.0346 0x09a8  s3cap - ok
17:57:09.0348 0x09a8  SamSs - ok
17:57:09.0350 0x09a8  sbp2port - ok
17:57:09.0352 0x09a8  SCardSvr - ok
17:57:09.0353 0x09a8  ScDeviceEnum - ok
17:57:09.0355 0x09a8  scfilter - ok
17:57:09.0357 0x09a8  Schedule - ok
17:57:09.0359 0x09a8  SCPolicySvc - ok
17:57:09.0361 0x09a8  sdbus - ok
17:57:09.0363 0x09a8  sdstor - ok
17:57:09.0364 0x09a8  secdrv - ok
17:57:09.0366 0x09a8  seclogon - ok
17:57:09.0368 0x09a8  semav6msr64 - ok
17:57:09.0370 0x09a8  SENS - ok
17:57:09.0372 0x09a8  SensrSvc - ok
17:57:09.0374 0x09a8  SerCx - ok
17:57:09.0376 0x09a8  SerCx2 - ok
17:57:09.0377 0x09a8  Serenum - ok
17:57:09.0379 0x09a8  Serial - ok
17:57:09.0381 0x09a8  sermouse - ok
17:57:09.0385 0x09a8  SessionEnv - ok
17:57:09.0387 0x09a8  sfloppy - ok
17:57:09.0389 0x09a8  SharedAccess - ok
17:57:09.0391 0x09a8  ShellHWDetection - ok
17:57:09.0393 0x09a8  SiSRaid2 - ok
17:57:09.0395 0x09a8  SiSRaid4 - ok
17:57:09.0397 0x09a8  SkypeUpdate - ok
17:57:09.0399 0x09a8  smphost - ok
17:57:09.0402 0x09a8  SNMPTRAP - ok
17:57:09.0404 0x09a8  spaceport - ok
17:57:09.0406 0x09a8  SpbCx - ok
17:57:09.0408 0x09a8  Spooler - ok
17:57:09.0410 0x09a8  sppsvc - ok
17:57:09.0411 0x09a8  srv - ok
17:57:09.0413 0x09a8  srv2 - ok
17:57:09.0415 0x09a8  srvnet - ok
17:57:09.0417 0x09a8  SSDPSRV - ok
17:57:09.0419 0x09a8  SstpSvc - ok
17:57:09.0420 0x09a8  Steam Client Service - ok
17:57:09.0422 0x09a8  stexstor - ok
17:57:09.0424 0x09a8  stisvc - ok
17:57:09.0426 0x09a8  storahci - ok
17:57:09.0428 0x09a8  storflt - ok
17:57:09.0429 0x09a8  stornvme - ok
17:57:09.0431 0x09a8  StorSvc - ok
17:57:09.0433 0x09a8  storvsc - ok
17:57:09.0435 0x09a8  storvsp - ok
17:57:09.0437 0x09a8  svsvc - ok
17:57:09.0439 0x09a8  swenum - ok
17:57:09.0441 0x09a8  swprv - ok
17:57:09.0442 0x09a8  SysMain - ok
17:57:09.0444 0x09a8  SystemEventsBroker - ok
17:57:09.0446 0x09a8  SystemUsageReportSvc_WILLAMETTE - ok
17:57:09.0449 0x09a8  TabletInputService - ok
17:57:09.0450 0x09a8  TapiSrv - ok
17:57:09.0452 0x09a8  Tcpip - ok
17:57:09.0454 0x09a8  TCPIP6 - ok
17:57:09.0456 0x09a8  tcpipreg - ok
17:57:09.0459 0x09a8  tdx - ok
17:57:09.0460 0x09a8  TeamViewer - ok
17:57:09.0462 0x09a8  terminpt - ok
17:57:09.0464 0x09a8  TermService - ok
17:57:09.0466 0x09a8  Themes - ok
17:57:09.0468 0x09a8  THREADORDER - ok
17:57:09.0470 0x09a8  TimeBroker - ok
17:57:09.0471 0x09a8  TPM - ok
17:57:09.0474 0x09a8  TrkWks - ok
17:57:09.0476 0x09a8  TrustedInstaller - ok
17:57:09.0479 0x09a8  TsUsbFlt - ok
17:57:09.0480 0x09a8  TsUsbGD - ok
17:57:09.0483 0x09a8  tunnel - ok
17:57:09.0484 0x09a8  t_mouse.sys - ok
17:57:09.0486 0x09a8  uagp35 - ok
17:57:09.0488 0x09a8  UASPStor - ok
17:57:09.0490 0x09a8  UCX01000 - ok
17:57:09.0492 0x09a8  udfs - ok
17:57:09.0494 0x09a8  UEFI - ok
17:57:09.0497 0x09a8  UI0Detect - ok
17:57:09.0499 0x09a8  uliagpkx - ok
17:57:09.0501 0x09a8  umbus - ok
17:57:09.0502 0x09a8  UmPass - ok
17:57:09.0504 0x09a8  UmRdpService - ok
17:57:09.0506 0x09a8  upnphost - ok
17:57:09.0508 0x09a8  usbccgp - ok
17:57:09.0510 0x09a8  usbcir - ok
17:57:09.0512 0x09a8  usbehci - ok
17:57:09.0513 0x09a8  usbhub - ok
17:57:09.0515 0x09a8  USBHUB3 - ok
17:57:09.0517 0x09a8  usbohci - ok
17:57:09.0519 0x09a8  usbprint - ok
17:57:09.0520 0x09a8  USBSTOR - ok
17:57:09.0522 0x09a8  usbuhci - ok
17:57:09.0524 0x09a8  usbvideo - ok
17:57:09.0526 0x09a8  USBXHCI - ok
17:57:09.0527 0x09a8  USER_ESRV_SVC_WILLAMETTE - ok
17:57:09.0529 0x09a8  VaultSvc - ok
17:57:09.0531 0x09a8  VBoxDrv - ok
17:57:09.0533 0x09a8  VBoxNetAdp - ok
17:57:09.0534 0x09a8  VBoxNetLwf - ok
17:57:09.0536 0x09a8  VBoxUSBMon - ok
17:57:09.0538 0x09a8  vdrvroot - ok
17:57:09.0540 0x09a8  vds - ok
17:57:09.0542 0x09a8  VerifierExt - ok
17:57:09.0544 0x09a8  vhdmp - ok
17:57:09.0546 0x09a8  viaide - ok
17:57:09.0548 0x09a8  Vid - ok
17:57:09.0549 0x09a8  vmbus - ok
17:57:09.0551 0x09a8  VMBusHID - ok
17:57:09.0553 0x09a8  vmbusr - ok
17:57:09.0555 0x09a8  vmicguestinterface - ok
17:57:09.0557 0x09a8  vmicheartbeat - ok
17:57:09.0558 0x09a8  vmickvpexchange - ok
17:57:09.0560 0x09a8  vmicrdv - ok
17:57:09.0562 0x09a8  vmicshutdown - ok
17:57:09.0563 0x09a8  vmictimesync - ok
17:57:09.0565 0x09a8  vmicvss - ok
17:57:09.0567 0x09a8  volmgr - ok
17:57:09.0569 0x09a8  volmgrx - ok
17:57:09.0570 0x09a8  volsnap - ok
17:57:09.0572 0x09a8  vpci - ok
17:57:09.0574 0x09a8  vpcivsp - ok
17:57:09.0576 0x09a8  vsmraid - ok
17:57:09.0578 0x09a8  VSS - ok
17:57:09.0579 0x09a8  VSTXRAID - ok
17:57:09.0581 0x09a8  vwifibus - ok
17:57:09.0583 0x09a8  vwififlt - ok
17:57:09.0585 0x09a8  vwifimp - ok
17:57:09.0587 0x09a8  W32Time - ok
17:57:09.0588 0x09a8  WacomPen - ok
17:57:09.0590 0x09a8  wbengine - ok
17:57:09.0592 0x09a8  WbioSrvc - ok
17:57:09.0594 0x09a8  Wcmsvc - ok
17:57:09.0596 0x09a8  WCMVCAM - ok
17:57:09.0598 0x09a8  wcncsvc - ok
17:57:09.0600 0x09a8  WcsPlugInService - ok
17:57:09.0602 0x09a8  WdBoot - ok
17:57:09.0603 0x09a8  Wdf01000 - ok
17:57:09.0605 0x09a8  WdFilter - ok
17:57:09.0607 0x09a8  WdiServiceHost - ok
17:57:09.0609 0x09a8  WdiSystemHost - ok
17:57:09.0611 0x09a8  WdNisDrv - ok
17:57:09.0613 0x09a8  WdNisSvc - ok
17:57:09.0615 0x09a8  WebClient - ok
17:57:09.0617 0x09a8  Wecsvc - ok
17:57:09.0619 0x09a8  WEPHOSTSVC - ok
17:57:09.0620 0x09a8  wercplsupport - ok
17:57:09.0622 0x09a8  WerSvc - ok
17:57:09.0624 0x09a8  WFPLWFS - ok
17:57:09.0626 0x09a8  WiaRpc - ok
17:57:09.0628 0x09a8  WIMMount - ok
17:57:09.0630 0x09a8  WinDefend - ok
17:57:09.0633 0x09a8  WinHttpAutoProxySvc - ok
17:57:09.0635 0x09a8  Winmgmt - ok
17:57:09.0637 0x09a8  WinRM - ok
17:57:09.0641 0x09a8  WlanSvc - ok
17:57:09.0643 0x09a8  wlidsvc - ok
17:57:09.0645 0x09a8  WmiAcpi - ok
17:57:09.0647 0x09a8  wmiApSrv - ok
17:57:09.0649 0x09a8  WMPNetworkSvc - ok
17:57:09.0651 0x09a8  Wof - ok
17:57:09.0654 0x09a8  workfolderssvc - ok
17:57:09.0655 0x09a8  wpcfltr - ok
17:57:09.0657 0x09a8  WPCSvc - ok
17:57:09.0659 0x09a8  WPDBusEnum - ok
17:57:09.0661 0x09a8  WpdUpFltr - ok
17:57:09.0663 0x09a8  ws2ifsl - ok
17:57:09.0665 0x09a8  wscsvc - ok
17:57:09.0667 0x09a8  WSDPrintDevice - ok
17:57:09.0669 0x09a8  WSDScan - ok
17:57:09.0670 0x09a8  WSearch - ok
17:57:09.0673 0x09a8  WSService - ok
17:57:09.0675 0x09a8  wuauserv - ok
17:57:09.0677 0x09a8  WudfPf - ok
17:57:09.0679 0x09a8  WUDFRd - ok
17:57:09.0681 0x09a8  wudfsvc - ok
17:57:09.0683 0x09a8  WUDFWpdFs - ok
17:57:09.0685 0x09a8  WwanSvc - ok
17:57:09.0687 0x09a8  ZeroConfigService - ok
17:57:09.0694 0x09a8  ================ Scan global ===============================
17:57:09.0695 0x09a8  [ Global ] - ok
17:57:09.0695 0x09a8  ================ Scan MBR ==================================
17:57:09.0698 0x09a8  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
17:57:09.0724 0x09a8  \Device\Harddisk0\DR0 - ok
17:57:09.0726 0x09a8  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
17:57:09.0761 0x09a8  \Device\Harddisk1\DR1 - ok
17:57:09.0761 0x09a8  ================ Scan VBR ==================================
17:57:09.0762 0x09a8  [ 698C0A411B5D6FC349492FAAE6A3B278 ] \Device\Harddisk0\DR0\Partition1
17:57:09.0763 0x09a8  \Device\Harddisk0\DR0\Partition1 - ok
17:57:09.0765 0x09a8  [ 3134F361089AF13626F26DD0D3618D22 ] \Device\Harddisk0\DR0\Partition2
17:57:09.0765 0x09a8  \Device\Harddisk0\DR0\Partition2 - ok
17:57:09.0767 0x09a8  [ 02CE700CFD16E0C562D0FC736136EAE9 ] \Device\Harddisk0\DR0\Partition3
17:57:09.0767 0x09a8  \Device\Harddisk0\DR0\Partition3 - ok
17:57:09.0768 0x09a8  [ C7684A0EFBBAF66C017DB98EC9A524DB ] \Device\Harddisk0\DR0\Partition4
17:57:09.0769 0x09a8  \Device\Harddisk0\DR0\Partition4 - ok
17:57:09.0770 0x09a8  [ BDB82A0BA1A988EAB30FCE40F886661E ] \Device\Harddisk1\DR1\Partition1
17:57:09.0770 0x09a8  \Device\Harddisk1\DR1\Partition1 - ok
17:57:09.0772 0x09a8  [ 77C49A17894DA6001F7ED05DA904700A ] \Device\Harddisk1\DR1\Partition2
17:57:09.0773 0x09a8  \Device\Harddisk1\DR1\Partition2 - ok
17:57:09.0773 0x09a8  ================ Scan generic autorun ======================
17:57:09.0773 0x09a8  BTMTrayAgent - ok
17:57:09.0774 0x09a8  Classic Start Menu - ok
17:57:09.0775 0x09a8  MouseDriver - ok
17:57:09.0775 0x09a8  IntelPROSet - ok
17:57:09.0776 0x09a8  ShadowPlay - ok
17:57:09.0777 0x09a8  Codec Settings UAC Manager - ok
17:57:09.0778 0x09a8  QHSafeTray - ok
17:57:09.0778 0x09a8  EaseUS EPM tray - ok
17:57:09.0779 0x09a8  EaseUS Cleanup - ok
17:57:09.0780 0x09a8  SunJavaUpdateSched - ok
17:57:09.0781 0x09a8  FUFAXRCV - ok
17:57:09.0782 0x09a8  FUFAXSTM - ok
17:57:09.0783 0x09a8  EEventManager - ok
17:57:09.0783 0x09a8  Skype - ok
17:57:09.0784 0x09a8  eM Client - ok
17:57:09.0785 0x09a8  Free Download Manager - ok
17:57:09.0786 0x09a8  icq.desktop - ok
17:57:09.0787 0x09a8  Steam - ok
17:57:09.0787 0x09a8  Viber - ok
17:57:09.0788 0x09a8  EPLTarget\P0000000000000000 - ok
17:57:09.0789 0x09a8  WebcamMaxAutoRun - ok
17:57:09.0790 0x09a8  qBittorrent - ok
17:57:09.0791 0x09a8  FreeFirewall - ok
17:57:09.0791 0x09a8  EPLTarget\P0000000000000001 - ok
17:57:09.0805 0x09a8  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.207.0 ), 0x60100 ( disabled : updated )
17:57:09.0805 0x09a8  AV detected via SS2: 360 Total Security, C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe ( 8.8.0.1001 ), 0x50000 ( disabled : updated )
17:57:09.0808 0x09a8  Win FW state via NFP2: disabled ( trusted )
17:57:09.0882 0x09a8  ============================================================
17:57:09.0882 0x09a8  Scan finished
17:57:09.0882 0x09a8  ============================================================
17:57:09.0887 0x09a4  Detected object count: 0
17:57:09.0887 0x09a4  Actual detected object count: 0
17:57:12.0476 0x1760  Deinitialize success
Hoffe hab das richtig gemacht mit dem stückeln. Gruß


Alt 05.09.2016, 08:58   #6
M-K-D-B
/// TB-Ausbilder
 
Verdächtige Aktivitäten - Standard

Verdächtige Aktivitäten


Servus,



evtl. kannst du versuchen, nicht ganz so oft zu "stückeln"...





bitte zukünftig beachten:
Zitat:
Gestartet von C:\Users\David\Downloads
Leider hast du unsere Anleitung nicht richtig befolgt:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.
Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter.






Schritt 1
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel
    • "Prefetch" Dateien
    • Proxy
    • Winsock
  • Bestätige die Auswahl mit Ok.
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die beiden neuen Logdateien von FRST.
Alt 08.09.2016, 16:05   #7
M-K-D-B
/// TB-Ausbilder
 
Verdächtige Aktivitäten - Standard

Verdächtige Aktivitäten


Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!

Alt 08.09.2016, 16:31   #8
josy1982
 
Verdächtige Aktivitäten - Standard

Verdächtige Aktivitäten


Hallo,


ich mußte neu aufsetzten. Was auch immer es war er hat sich in den Google-Chrome mit drei Profilen eingenistet ich habe es nicht mehr raus bekommen. Gast01 usw. hab Screenshot gemacht ab an Google und neu aufgesetzt.

Gruß

PS: Bin ich hier 10 Jahre drinne? Ich bin alt

Antwort

Themen zu Verdächtige Aktivitäten
appdata, automatische, avira, code, erkannt, explorer, gekauft, google, internet, internet explorer, launch, linux, log, malwarebytes, mbam, neu, programme, quarantäne, scan, scannen, security, software, total, trojaner, websites, windows


« Windows 10: Nach Öffnung eines Email-Anhangs (polnische emailadresse) seltsames Startverhalten des PC | Trojaner oder Virus über E-Mail »


Ähnliche Themen: Verdächtige Aktivitäten


  1. Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere verdächtige Aktivitäten
    Log-Analyse und Auswertung - 19.07.2015 (19)
  2. WIN 7: Google meldet dubiose Aktivitäten und verlangt Captcha
    Log-Analyse und Auswertung - 12.05.2015 (31)
  3. Seltsame Aktivitäten in meinem Gastzugang der FritzBox
    Plagegeister aller Art und deren Bekämpfung - 18.07.2014 (3)
  4. WebCake 3.00 - komische PC aktivitäten
    Plagegeister aller Art und deren Bekämpfung - 20.07.2013 (3)
  5. Virus auf meinem Rechner (100euro psc für illigale Aktivitäten)
    Log-Analyse und Auswertung - 13.10.2012 (6)
  6. Hab ich mir was eingefangen? - verdächtige Aktivitäten
    Plagegeister aller Art und deren Bekämpfung - 11.10.2012 (21)
  7. Systemsperrung aufgrund Illegaler aktivitäten 100€ Zahlung
    Log-Analyse und Auswertung - 07.08.2012 (8)
  8. Unerklärliche HDD Aktivitäten - Tool gesucht.
    Antiviren-, Firewall- und andere Schutzprogramme - 12.11.2011 (9)
  9. Merkwürdige Aktivitäten auf PC! Virus?
    Log-Analyse und Auswertung - 13.09.2010 (1)
  10. Verdächtige Firefox Aktivitäten
    Log-Analyse und Auswertung - 14.01.2010 (1)
  11. Komische Aktivitäten und seltsame Netstat Einträge
    Log-Analyse und Auswertung - 23.11.2009 (1)
  12. Seltsame Aktivitäten
    Log-Analyse und Auswertung - 24.03.2009 (1)
  13. aktivitäten bei abwesenheit
    Überwachung, Datenschutz und Spam - 02.10.2008 (1)
  14. Verdächtige PC-Aktivitäten??
    Log-Analyse und Auswertung - 10.10.2005 (2)
  15. Textdateien mit gespeicherten Aktivitäten im Win/System32 Ordner
    Plagegeister aller Art und deren Bekämpfung - 31.08.2005 (11)
  16. Beschwerde über unbefugte Aktivitäten im Internet
    Netzwerk und Hardware - 19.05.2003 (11)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Verdächtige Aktivitäten - Hallo, nach langer Zeit unter Linux mal wieder bei Windows 8.1 Pro 64 Bit angelangt. Ich hatte heute Windows 8.1 Pro komplett neu installiert und alle SSD's formatiert. Nun ich - Verdächtige Aktivitäten...
Archiv
Du betrachtest: Verdächtige Aktivitäten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131