Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   cmd öffnet sich automatisch und Verlangsamung des PCs (https://www.trojaner-board.de/142233-cmd-oeffnet-automatisch-verlangsamung-pcs.html)

Konomono 28.09.2013 16:55
cmd öffnet sich automatisch und Verlangsamung des PCs
 
Hallo,

seit kurzer Zeit öffnet sich hin und wieder automatisch das cmd Fenster. In manchen Fällen wird der PC daraufhin sehr langsam, bleibt kurzzeitig hängen usw. Da ich nicht weiß, woran das liegt, wollte ich mal meine Log Files überprüfen lassen, ob ihr nicht seht, was das Problem verursacht.

Die Logfiles musste ich leider anhängen..

Ich hoffe, es ist alles okay so :)

schrauber 28.09.2013 17:55
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Konomono 28.09.2013 18:13
Defogger:

Code:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:51 on 27/09/2013 (Admin)

Checking for autostart values...
Unable to open HKCU\~\Run key (2)
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013
Ran by Tobi (ATTENTION: The logged in user is not administrator) on TOBIS-PC on 27-09-2013 19:59:25
Running from C:\Users\Tobi\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(IvoSoft) D:\Classic Shell\ClassicStartMenu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Spotify Ltd) C:\Users\Tobi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Intel Corporation) C:\Windows\system32\igfxpers.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Windows\syswow64\wwahost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13267016 2013-01-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1276488 2013-01-18] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Tobi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-09-25] (Spotify Ltd)
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-27] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe [3423104 2012-08-31] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [ASUS InstantKey] - C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe [20456 2012-02-20] (ASUS)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [222504 2012-10-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [F-Secure Hoster (666)] - C:\Program Files (x86)\F-Secure\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure Manager] - C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE [310208 2013-08-14] (F-Secure Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - D:\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [245872 2013-01-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [201576 2013-01-10] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\mw992w50.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - D:\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\mw992w50.default\Extensions\ich@maltegoetz.de
FF Extension: WOT - C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\mw992w50.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: No Name - C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\mw992w50.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 ClassicShellService; D:\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft)
R2 fshoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE [216000 2013-08-14] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [60352 2013-09-04] (F-Secure Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [29696 2012-11-27] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-11-15] ()
R2 NlaSvc; C:\Windows\System32\svchost.exe [29696 2012-11-27] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [29696 2012-11-27] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2012-10-31] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-11-15] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-01-16] (ASUS Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [131968 2012-10-30] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1345920 2012-11-06] (Motorola Solutions, Inc.)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [202176 2013-09-09] (F-Secure Corporation)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [202176 2013-09-09] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [68928 2013-09-04] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [68928 2013-09-04] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2013-09-09] ()
R0 fsbts; C:\Windows\SysWow64\Drivers\fsbts.sys [41024 2013-09-04] ()
R3 fsni; C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\fsni64.sys [80832 2013-04-25] (F-Secure Corporation)
R3 fsni; C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\fsni64.sys [80832 2013-04-25] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13248 2013-08-14] ()
R1 fsvista; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13248 2013-08-14] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S4 mfewfpk; C:\Windows\system32\drivers\mfewfpk.sys [335784 2012-06-22] (McAfee, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-11-29] (Windows (R) Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-11-29] (Windows (R) Win 7 DDK provider)
U0 msahci;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-27 19:59 - 2013-09-27 19:59 - 00000000 ____D C:\FRST
2013-09-27 19:58 - 2013-09-27 19:58 - 00377856 _____ C:\Users\Tobi\Downloads\tjrbk90r.exe
2013-09-27 19:57 - 2013-09-27 19:58 - 01953854 _____ (Farbar) C:\Users\Tobi\Desktop\FRST64.exe
2013-09-27 19:51 - 2013-09-27 19:51 - 00000542 _____ C:\Users\Tobi\Desktop\defogger_disable.log
2013-09-27 19:49 - 2013-09-27 19:48 - 00050477 _____ C:\Users\Tobi\Desktop\Defogger.exe
2013-09-27 18:00 - 2013-09-27 19:23 - 00000276 _____ C:\error.fstmp
2013-09-27 18:00 - 2013-09-27 18:00 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\F-Secure
2013-09-27 18:00 - 2013-09-27 18:00 - 00000000 _____ C:\infect.fstmp
2013-09-27 17:32 - 2013-09-27 17:32 - 00001444 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-27 17:32 - 2013-09-27 17:32 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-27 17:32 - 2013-09-27 17:32 - 00000000 ____D C:\Program Files\iTunes
2013-09-27 17:32 - 2013-09-27 17:32 - 00000000 ____D C:\Program Files\iPod
2013-09-26 13:16 - 2013-09-26 13:16 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-26 13:15 - 2013-09-26 13:15 - 00000000 ____D C:\ProgramData\Adobe
2013-09-26 13:15 - 2013-09-26 13:15 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-19 11:13 - 2013-09-27 19:51 - 00000000 ____D C:\Users\Admin
2013-09-19 00:46 - 2013-09-27 19:43 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-19 00:41 - 2013-09-19 00:41 - 00000000 ____D C:\Users\Tobi\AppData\Local\Secunia PSI
2013-09-19 00:40 - 2013-09-19 00:40 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-09-19 00:33 - 2013-09-19 00:33 - 00000000 ____D C:\Users\Tobi\Downloads\Firefox Add Ons
2013-09-19 00:32 - 2013-09-19 00:32 - 00000000 ____D C:\Users\Tobi\Downloads\Handy
2013-09-18 17:09 - 2013-09-18 17:09 - 00003967 _____ C:\Users\Tobi\AppData\Local\recently-used.xbel
2013-09-18 16:28 - 2013-09-18 16:28 - 00000000 ____D C:\Users\Tobi\.thumbnails
2013-09-18 16:27 - 2013-09-18 17:12 - 00000000 ____D C:\Users\Tobi\.gimp-2.8
2013-09-18 16:27 - 2013-09-18 16:27 - 00000000 ____D C:\Users\Tobi\AppData\Local\gegl-0.2
2013-09-18 15:51 - 2013-09-18 15:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-12 19:11 - 2013-09-19 01:26 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-12 19:11 - 2013-09-19 01:26 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-12 13:39 - 2013-09-21 00:11 - 00000000 ____D C:\Users\Tobi\Documents\TmForever
2013-09-12 13:39 - 2013-09-12 14:33 - 00000000 ____D C:\ProgramData\TmForever
2013-09-12 00:51 - 2013-09-12 00:51 - 00000000 ____D C:\Users\Tobi\Downloads\__MACOSX
2013-09-11 23:50 - 2013-09-11 23:50 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-09-11 23:50 - 2013-09-11 23:50 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\OpenOffice
2013-09-11 23:49 - 2013-09-11 23:49 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-09-11 23:01 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2013-09-11 23:01 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2013-09-11 23:01 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2013-09-11 23:01 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2013-09-11 23:01 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2013-09-11 23:01 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2013-09-11 23:01 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2013-09-11 23:01 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2013-09-11 23:01 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2013-09-11 23:01 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2013-09-11 23:01 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2013-09-11 23:01 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2013-09-11 23:00 - 2013-09-11 23:00 - 00000631 _____ C:\Users\Public\Desktop\TmNationsForever.lnk
2013-09-11 23:00 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2013-09-11 23:00 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2013-09-11 23:00 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2013-09-11 23:00 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2013-09-11 23:00 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2013-09-11 23:00 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2013-09-11 23:00 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2013-09-11 23:00 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2013-09-11 23:00 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2013-09-11 23:00 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2013-09-11 23:00 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2013-09-11 23:00 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2013-09-11 20:13 - 2013-08-07 07:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2013-09-10 23:39 - 2013-09-10 23:39 - 00495557 _____ C:\Users\Tobi\Downloads\WLAN_ATHEROS_V7.6.0.164_VISTA64_CA41534-1967.EXE
2013-09-10 22:47 - 2013-08-16 07:41 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2013-09-10 22:47 - 2013-08-16 07:39 - 02371728 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2013-09-10 22:47 - 2013-08-16 07:39 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-09-10 22:47 - 2013-08-16 07:32 - 00209200 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2013-09-10 22:47 - 2013-08-16 07:22 - 04917760 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2013-09-10 22:47 - 2013-08-16 07:22 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-09-10 22:47 - 2013-08-16 07:21 - 03275776 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-09-10 22:47 - 2013-08-16 07:21 - 01621504 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-09-10 22:47 - 2013-08-16 07:21 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2013-09-10 22:47 - 2013-08-16 07:21 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-09-10 22:47 - 2013-08-16 07:21 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2013-09-10 22:47 - 2013-08-16 07:21 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2013-09-10 22:47 - 2013-08-16 07:21 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-09-10 22:47 - 2013-08-16 07:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2013-09-10 22:47 - 2013-08-16 07:21 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2013-09-10 22:47 - 2013-08-16 07:21 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll
2013-09-10 22:47 - 2013-08-16 07:21 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-09-10 22:47 - 2013-08-16 07:21 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-10 22:47 - 2013-08-16 07:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-09-10 22:47 - 2013-08-16 07:21 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2013-09-10 22:47 - 2013-08-16 07:21 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-09-10 22:47 - 2013-08-16 07:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll
2013-09-10 22:47 - 2013-08-16 07:21 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-09-10 22:47 - 2013-08-16 07:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-09-10 22:47 - 2013-08-16 07:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2013-09-10 22:47 - 2013-08-16 00:43 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-09-10 22:47 - 2013-08-16 00:43 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2013-09-10 22:47 - 2013-08-16 00:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2013-09-10 22:47 - 2013-08-16 00:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll
2013-09-10 22:47 - 2013-08-16 00:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2013-09-10 22:47 - 2013-08-16 00:43 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-09-10 22:47 - 2013-08-16 00:43 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-10 22:47 - 2013-08-16 00:43 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-09-10 22:47 - 2013-08-16 00:43 - 00083968 _____ C:\Windows\SysWOW64\OEMLicense.dll
2013-09-10 22:47 - 2013-08-16 00:43 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-09-10 22:47 - 2013-08-16 00:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2013-09-10 22:47 - 2013-08-16 00:42 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2013-09-10 22:47 - 2013-08-16 00:42 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2013-09-10 22:45 - 2013-09-10 22:45 - 00000000 ____D C:\Users\Tobi\Documents\Meine empfangenen Dateien
2013-09-10 22:45 - 2013-08-21 06:12 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-10 22:45 - 2013-08-21 06:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-10 22:45 - 2013-08-21 06:11 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-10 22:45 - 2013-08-21 06:11 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-10 22:45 - 2013-08-21 06:11 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-10 22:45 - 2013-08-21 06:11 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-10 22:45 - 2013-08-21 06:11 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-10 22:45 - 2013-08-21 06:11 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-09-10 22:45 - 2013-08-21 06:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-10 22:45 - 2013-08-21 06:11 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-10 22:45 - 2013-08-21 06:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-10 22:45 - 2013-08-21 06:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-10 22:45 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-09-10 22:45 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-10 22:45 - 2013-08-21 06:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-10 22:45 - 2013-08-21 04:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-10 22:45 - 2013-08-21 04:06 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-10 22:45 - 2013-08-21 04:06 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-10 22:45 - 2013-08-21 04:06 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-09-10 22:45 - 2013-08-21 04:05 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-10 22:45 - 2013-08-21 04:05 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-10 22:45 - 2013-08-21 04:05 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-10 22:45 - 2013-08-21 04:05 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-10 22:45 - 2013-08-21 04:05 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-10 22:45 - 2013-08-21 04:05 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-10 22:45 - 2013-08-21 04:05 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-10 22:45 - 2013-08-21 04:05 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-10 22:45 - 2013-08-21 04:05 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-10 22:45 - 2013-08-21 04:05 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-10 22:45 - 2013-08-21 03:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-10 22:45 - 2013-08-21 01:52 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-09-10 22:44 - 2013-08-03 06:30 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-10 22:44 - 2013-07-09 10:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2013-09-10 22:44 - 2013-07-09 08:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2013-09-10 22:44 - 2013-07-09 06:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2013-09-10 22:44 - 2013-07-09 05:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2013-09-10 22:44 - 2013-07-09 00:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2013-09-10 22:44 - 2013-07-09 00:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2013-09-10 22:44 - 2013-07-09 00:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll
2013-09-10 22:44 - 2013-07-09 00:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2013-09-10 22:44 - 2013-07-06 02:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-09-10 22:44 - 2013-07-03 02:23 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-09-10 22:44 - 2013-07-03 02:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-09-10 22:44 - 2013-07-03 02:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2013-09-10 22:44 - 2013-07-03 02:22 - 01300480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-09-10 22:44 - 2013-07-03 02:11 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-09-10 22:44 - 2013-07-03 02:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-09-10 22:44 - 2013-07-03 02:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2013-09-10 22:44 - 2013-07-02 00:08 - 00387583 _____ C:\Windows\system32\ApnDatabase.xml
2013-09-10 22:44 - 2013-07-01 00:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe
2013-09-10 22:44 - 2013-07-01 00:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe
2013-09-10 22:44 - 2013-06-29 08:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-09-10 22:44 - 2013-06-29 08:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-09-10 22:44 - 2013-06-29 07:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2013-09-10 22:44 - 2013-06-29 03:12 - 01022464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-09-10 22:44 - 2013-06-26 05:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2013-09-10 22:44 - 2013-06-26 04:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2013-09-10 22:44 - 2013-06-25 00:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-09-10 22:44 - 2013-06-25 00:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2013-09-10 22:44 - 2013-06-25 00:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2013-09-10 22:44 - 2013-06-19 07:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2013-09-10 22:44 - 2013-06-19 07:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2013-09-10 22:44 - 2013-06-19 00:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2013-09-10 22:44 - 2013-06-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2013-09-10 22:44 - 2013-06-12 01:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2013-09-10 22:44 - 2013-06-12 01:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2013-09-10 22:44 - 2013-06-10 23:17 - 00096512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-09-10 22:44 - 2013-06-10 21:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-09-10 22:44 - 2013-06-10 21:15 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-09-10 22:44 - 2013-06-10 21:15 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-09-10 22:44 - 2013-06-10 21:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-09-10 22:44 - 2013-06-10 21:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-09-10 22:44 - 2013-06-10 21:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-09-10 22:44 - 2013-06-06 10:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2013-09-05 19:17 - 2012-11-20 07:24 - 01164800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Display.dll
2013-09-05 19:17 - 2012-11-20 07:17 - 01184256 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
2013-09-05 19:17 - 2012-11-20 07:02 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDKURD.DLL
2013-09-05 19:17 - 2012-11-20 06:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDKURD.DLL
2013-09-05 19:16 - 2012-10-12 08:13 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\dskquota.dll
2013-09-05 19:16 - 2012-10-12 07:39 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dskquota.dll
2013-09-05 19:15 - 2012-10-24 06:54 - 00396008 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2013-09-05 19:15 - 2012-10-17 06:32 - 01172992 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2013-09-05 19:15 - 2012-10-17 06:32 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2013-09-05 19:15 - 2012-10-17 06:32 - 00673280 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2013-09-05 19:15 - 2012-10-17 05:57 - 00929792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2013-09-05 19:15 - 2012-10-17 05:57 - 00568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2013-09-05 19:15 - 2012-10-17 05:57 - 00513024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2013-09-05 19:13 - 2012-10-11 07:46 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2013-09-05 19:12 - 2012-10-11 09:47 - 00793200 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2013-09-05 19:12 - 2012-10-11 09:25 - 00056552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdstor.sys
2013-09-05 19:12 - 2012-10-11 09:23 - 00441576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-09-05 19:12 - 2012-10-11 09:18 - 00172264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-09-05 19:12 - 2012-10-11 09:13 - 00033512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\battc.sys
2013-09-05 19:12 - 2012-10-11 09:08 - 00562392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-09-05 19:12 - 2012-10-11 07:46 - 00517120 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2013-09-05 19:12 - 2012-10-11 07:46 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.Compression.dll
2013-09-05 19:12 - 2012-10-11 07:46 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\BdeUISrv.exe
2013-09-05 19:12 - 2012-10-11 07:46 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2013-09-05 19:12 - 2012-10-11 07:45 - 01045504 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2013-09-05 19:12 - 2012-10-11 07:45 - 00590848 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2013-09-05 19:12 - 2012-10-11 07:45 - 00579584 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2013-09-05 19:12 - 2012-10-11 07:45 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\SpaceControl.dll
2013-09-05 19:12 - 2012-10-11 07:45 - 00370176 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2013-09-05 19:12 - 2012-10-11 07:45 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll
2013-09-05 19:12 - 2012-10-11 07:44 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-09-05 19:12 - 2012-10-11 07:44 - 00904192 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2013-09-05 19:12 - 2012-10-11 07:44 - 00355328 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-09-05 19:12 - 2012-10-11 07:44 - 00264704 _____ (Microsoft Corporation) C:\Windows\system32\ListSvc.dll
2013-09-05 19:12 - 2012-10-11 07:44 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2013-09-05 19:12 - 2012-10-11 07:44 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2013-09-05 19:12 - 2012-10-11 07:43 - 01280000 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-09-05 19:12 - 2012-10-11 07:43 - 00757760 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2013-09-05 19:12 - 2012-10-11 07:43 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2013-09-05 19:12 - 2012-10-11 07:43 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2013-09-05 19:12 - 2012-10-11 07:43 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2013-09-05 19:12 - 2012-10-11 07:43 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\AppxSip.dll
2013-09-05 19:12 - 2012-10-11 07:43 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2013-09-05 19:12 - 2012-10-11 07:43 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2013-09-05 19:12 - 2012-10-11 07:42 - 00612416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2013-09-05 19:12 - 2012-10-11 07:23 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-pdc.dll
2013-09-05 19:12 - 2012-10-11 07:16 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-09-05 19:12 - 2012-10-11 07:07 - 01226752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2013-09-05 19:12 - 2012-10-11 07:07 - 00962560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2013-09-05 19:12 - 2012-10-11 07:07 - 00460800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2013-09-05 19:12 - 2012-10-11 07:07 - 00414720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2013-09-05 19:12 - 2012-10-11 07:07 - 00116224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.Compression.dll
2013-09-05 19:12 - 2012-10-11 07:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll
2013-09-05 19:12 - 2012-10-11 07:07 - 00019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2013-09-05 19:12 - 2012-10-11 07:06 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2013-09-05 19:12 - 2012-10-11 07:06 - 00289280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-09-05 19:12 - 2012-10-11 07:06 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2013-09-05 19:12 - 2012-10-11 07:06 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2013-09-05 19:12 - 2012-10-11 07:06 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2013-09-05 19:12 - 2012-10-11 07:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2013-09-05 19:12 - 2012-10-11 07:06 - 00051712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2013-09-05 19:12 - 2012-10-11 07:05 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxSip.dll
2013-09-05 19:12 - 2012-10-11 02:45 - 00478424 _____ C:\Windows\SysWOW64\locale.nls
2013-09-05 19:12 - 2012-10-11 02:44 - 00478424 _____ C:\Windows\system32\locale.nls
2013-09-05 19:11 - 2012-10-11 07:23 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\kbdhebl3.dll
2013-09-05 19:11 - 2012-10-11 07:19 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2013-09-05 19:11 - 2012-10-11 07:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-09-05 19:11 - 2012-10-11 07:15 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2013-09-05 19:11 - 2012-10-11 06:42 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdhebl3.dll
2013-09-05 19:09 - 2012-11-27 08:39 - 01122768 _____ (Microsoft Corporation) C:\Windows\system32\Taskmgr.exe
2013-09-05 19:09 - 2012-11-27 06:49 - 01027152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Taskmgr.exe
2013-09-05 19:09 - 2012-11-27 06:20 - 01217536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2013-09-05 19:09 - 2012-11-27 06:20 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-09-05 19:09 - 2012-11-27 06:20 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-09-05 19:09 - 2012-11-27 06:20 - 00798208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebcamUi.dll
2013-09-05 19:09 - 2012-11-27 06:20 - 00560128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserLanguagesCpl.dll
2013-09-05 19:09 - 2012-11-27 06:20 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2013-09-05 19:09 - 2012-11-27 06:19 - 03245568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-09-05 19:09 - 2012-11-27 06:19 - 01536512 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2013-09-05 19:09 - 2012-11-27 06:19 - 00955904 _____ (Microsoft Corporation) C:\Windows\system32\WebcamUi.dll
2013-09-05 19:09 - 2012-11-27 06:19 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\UserLanguagesCpl.dll
2013-09-05 19:09 - 2012-11-27 06:19 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll
2013-09-05 19:09 - 2012-10-12 10:08 - 00027880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-09-05 19:09 - 2012-10-12 08:14 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2013-09-05 19:09 - 2012-09-11 07:28 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\vdsldr.exe
2013-09-05 19:08 - 2012-11-27 06:20 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vds_ps.dll
2013-09-05 19:08 - 2012-10-12 07:50 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-09-05 19:08 - 2012-09-11 07:27 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\vds_ps.dll
2013-09-05 19:07 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-09-05 19:07 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2013-09-05 19:07 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2013-09-05 19:07 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2013-09-05 19:07 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-05 19:07 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2013-09-05 19:07 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2013-09-05 19:07 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-09-05 19:07 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2013-09-05 19:07 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2013-09-05 19:07 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2013-09-05 19:07 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2013-09-05 19:07 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2013-09-05 19:07 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2013-09-05 19:07 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-09-05 19:07 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2013-09-05 19:07 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MbaeParserTask.exe
2013-09-05 19:07 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2013-09-05 19:07 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2013-09-05 19:07 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2013-09-05 19:07 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2013-09-05 19:07 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2013-09-05 19:07 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2013-09-05 19:07 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2013-09-05 19:07 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupManager.dll
2013-09-05 19:07 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthAvrcpTg.sys
2013-09-05 19:07 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2013-09-05 19:07 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2013-09-05 19:07 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2013-09-05 19:07 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2013-09-05 19:05 - 2012-11-06 09:33 - 01566432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2013-09-05 19:05 - 2012-11-06 06:20 - 00516608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2013-09-05 19:05 - 2012-11-06 06:19 - 08552448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2013-09-05 19:05 - 2012-11-06 06:19 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2013-09-05 19:05 - 2012-11-06 06:18 - 11459584 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2013-09-05 19:05 - 2012-11-06 06:18 - 00976384 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-05 19:04 - 2012-11-06 09:52 - 00277736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2013-09-05 19:04 - 2012-11-06 06:48 - 01150160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2013-09-05 19:04 - 2012-11-06 06:20 - 00883712 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2013-09-05 19:04 - 2012-11-06 06:20 - 00386560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2013-09-05 19:04 - 2012-11-06 06:20 - 00375296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll
2013-09-05 19:04 - 2012-11-06 06:20 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2013-09-05 19:04 - 2012-11-06 06:20 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2013-09-05 19:04 - 2012-11-06 06:20 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnApi.dll
2013-09-05 19:04 - 2012-11-06 06:20 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfdprov.dll
2013-09-05 19:04 - 2012-11-06 06:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2013-09-05 19:04 - 2012-11-06 06:19 - 00470016 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2013-09-05 19:04 - 2012-11-06 06:19 - 00466944 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2013-09-05 19:04 - 2012-11-06 06:19 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2013-09-05 19:04 - 2012-11-06 06:19 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2013-09-05 19:04 - 2012-11-06 06:19 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\WcnApi.dll
2013-09-05 19:04 - 2012-11-06 06:19 - 00126464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
2013-09-05 19:04 - 2012-11-06 06:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\wfdprov.dll
2013-09-05 19:04 - 2012-11-06 06:19 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapPeerProxy.dll
2013-09-05 19:04 - 2012-11-06 06:19 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapAuthProxy.dll
2013-09-05 19:04 - 2012-11-06 06:18 - 00189440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bthprops.cpl
2013-09-05 19:04 - 2012-11-06 06:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll
2013-09-05 19:04 - 2012-11-06 06:18 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\fdWCN.dll
2013-09-05 19:04 - 2012-11-06 06:18 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWCN.dll
2013-09-05 19:04 - 2012-11-06 06:17 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\bthprops.cpl
2013-09-05 19:04 - 2012-11-06 06:17 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\dafWCN.dll
2013-09-05 19:04 - 2012-11-06 05:53 - 00560640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-09-05 19:04 - 2012-11-06 05:51 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-05 19:03 - 2012-11-06 06:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\iscsilog.dll
2013-09-05 19:03 - 2012-11-06 05:58 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2013-09-05 19:03 - 2012-11-06 05:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
2013-09-05 19:03 - 2012-11-06 05:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2013-09-05 19:03 - 2012-11-06 05:55 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2013-09-05 19:03 - 2012-11-06 05:55 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2013-09-05 19:03 - 2012-11-06 05:55 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2013-09-05 19:03 - 2012-11-06 05:55 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fxppm.sys
2013-09-05 13:45 - 2013-09-05 14:02 - 00000000 ___RD C:\Windows\BrowserChoice
2013-09-05 00:32 - 2013-09-05 00:32 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-09-05 00:32 - 2013-09-05 00:32 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-09-05 00:32 - 2013-09-05 00:32 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-05 00:32 - 2013-09-05 00:32 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-05 00:32 - 2013-09-05 00:32 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-05 00:32 - 2013-09-05 00:32 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-05 00:32 - 2013-09-05 00:32 - 00000000 ____D C:\ProgramData\Sun
2013-09-04 20:02 - 2013-09-04 20:03 - 00000000 ____D C:\Users\Tobi\Downloads\Seven VG Skin
2013-09-04 19:54 - 2013-09-22 02:41 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Skype
2013-09-04 19:54 - 2013-09-04 19:54 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk
2013-09-04 19:54 - 2013-09-04 19:54 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-09-04 19:54 - 2013-09-04 19:54 - 00000000 ____D C:\ProgramData\Skype
2013-09-04 15:33 - 2013-09-04 15:33 - 00000877 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-09-04 15:32 - 2013-09-04 15:33 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\DVDVideoSoft
2013-09-04 14:48 - 2013-09-04 14:48 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Apple Computer
2013-09-04 14:48 - 2013-09-04 14:48 - 00000000 ____D C:\Users\Tobi\AppData\Local\Apple Computer
2013-09-04 14:47 - 2013-09-04 14:47 - 00000000 ____D C:\ProgramData\Apple Computer
2013-09-04 14:47 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-09-04 14:46 - 2013-09-04 14:46 - 00000000 ____D C:\Users\Tobi\AppData\Local\Apple
2013-09-04 14:46 - 2013-09-04 14:46 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-04 14:46 - 2013-09-04 14:46 - 00000000 ____D C:\Program Files\Bonjour
2013-09-04 14:46 - 2013-09-04 14:46 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-09-04 14:46 - 2013-09-04 14:46 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-04 14:45 - 2013-09-04 14:46 - 00000000 ____D C:\ProgramData\Apple
2013-09-04 03:55 - 2013-09-11 10:34 - 00000000 ____D C:\Windows\system32\MRT
2013-09-04 03:55 - 2013-09-11 10:32 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-04 03:48 - 2013-09-04 03:48 - 00000000 ____D C:\Users\Tobi\AppData\Local\Macromedia
2013-09-04 03:43 - 2013-09-24 13:11 - 00000000 ____D C:\Users\Tobi\AppData\Local\Spotify
2013-09-04 03:43 - 2013-09-04 03:43 - 00001764 _____ C:\Users\Tobi\Desktop\Spotify.lnk
2013-09-04 03:43 - 2013-09-04 03:43 - 00001750 _____ C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-09-04 03:42 - 2013-09-27 19:27 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Spotify
2013-09-04 03:12 - 2012-08-31 02:52 - 00017888 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2013-09-04 03:11 - 2012-08-31 02:53 - 00017888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2013-09-04 03:09 - 2013-01-10 03:53 - 00028904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpiowin32.sys
2013-09-04 03:09 - 2013-01-10 03:29 - 00785504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-09-04 03:09 - 2013-01-10 03:29 - 00091880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2013-09-04 03:09 - 2013-01-10 01:26 - 01752064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll
2013-09-04 03:09 - 2013-01-10 01:26 - 01611776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe
2013-09-04 03:09 - 2013-01-10 01:26 - 00890880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2013-09-04 03:09 - 2013-01-10 01:26 - 00436736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2013-09-04 03:09 - 2013-01-10 01:26 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2013-09-04 03:09 - 2013-01-10 01:26 - 00083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiaacmgr.exe
2013-09-04 03:09 - 2013-01-10 01:23 - 02094592 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe
2013-09-04 03:09 - 2013-01-10 01:23 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2013-09-04 03:09 - 2013-01-10 01:23 - 01886208 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll
2013-09-04 03:09 - 2013-01-10 01:23 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2013-09-04 03:09 - 2013-01-10 01:23 - 00256000 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2013-09-04 03:09 - 2013-01-10 01:23 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\wiaacmgr.exe
2013-09-04 03:09 - 2013-01-10 01:22 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2013-09-04 03:09 - 2013-01-10 01:22 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2013-09-04 03:09 - 2013-01-10 01:22 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2013-09-04 03:09 - 2013-01-10 01:22 - 00438272 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2013-09-04 03:09 - 2013-01-10 01:22 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2013-09-04 03:09 - 2012-11-02 07:19 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ncbservice.dll
2013-09-04 03:09 - 2012-11-02 07:18 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2013-09-04 03:09 - 2012-11-02 07:18 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2013-09-04 03:09 - 2012-11-02 07:18 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\adhapi.dll
2013-09-04 03:09 - 2012-11-02 07:18 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\httpprxp.dll
2013-09-04 03:09 - 2012-11-02 07:18 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\keepaliveprovider.dll
2013-09-04 03:07 - 2013-05-24 01:02 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-09-04 03:07 - 2013-05-24 00:25 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-09-04 03:06 - 2013-04-09 07:20 - 00306952 _____ (Microsoft Corporation) C:\Windows\system32\kd_02_10ec.dll
2013-09-04 03:06 - 2013-04-09 07:17 - 01829408 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-04 03:06 - 2013-04-09 06:51 - 14267904 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-09-04 03:06 - 2013-04-09 06:51 - 03552768 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2013-09-04 03:06 - 2013-04-09 06:50 - 02107904 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2013-09-04 03:06 - 2013-04-09 06:50 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2013-09-04 03:06 - 2013-04-09 06:49 - 01444864 _____ (Microsoft Corporation) C:\Windows\system32\MSAudDecMFT.dll
2013-09-04 03:06 - 2013-04-08 23:52 - 11878912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-09-04 03:06 - 2013-04-08 23:51 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2013-09-04 03:06 - 2013-04-08 23:51 - 01593344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2013-09-04 03:06 - 2013-04-08 23:51 - 01113600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
2013-09-04 03:05 - 2013-04-09 07:33 - 00489576 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2013-09-04 03:05 - 2013-04-09 07:33 - 00446792 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2013-09-04 03:05 - 2013-04-09 07:33 - 00253544 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2013-09-04 03:05 - 2013-04-09 07:20 - 00086280 _____ (Microsoft Corporation) C:\Windows\system32\kdnet.dll
2013-09-04 03:05 - 2013-04-09 07:18 - 00077960 _____ (Microsoft Corporation) C:\Windows\system32\kdvm.dll
2013-09-04 03:05 - 2013-04-09 06:52 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2013-09-04 03:05 - 2013-04-09 06:52 - 00804352 _____ (Microsoft Corporation) C:\Windows\system32\RecoveryDrive.exe
2013-09-04 03:05 - 2013-04-09 06:52 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2013-09-04 03:05 - 2013-04-09 06:52 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2013-09-04 03:05 - 2013-04-09 06:52 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2013-09-04 03:05 - 2013-04-09 06:51 - 00595456 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.dll
2013-09-04 03:05 - 2013-04-09 06:51 - 00456704 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2013-09-04 03:05 - 2013-04-09 06:51 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-04 03:05 - 2013-04-09 06:51 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2013-09-04 03:05 - 2013-04-09 06:50 - 00745984 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2013-09-04 03:05 - 2013-04-09 06:50 - 00435200 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2013-09-04 03:05 - 2013-04-09 06:50 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-09-04 03:05 - 2013-04-09 06:50 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\GenuineCenter.dll
2013-09-04 03:05 - 2013-04-09 06:50 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2013-09-04 03:05 - 2013-04-09 06:50 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2013-09-04 03:05 - 2013-04-09 06:50 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2013-09-04 03:05 - 2013-04-09 06:49 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-09-04 03:05 - 2013-04-09 06:49 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2013-09-04 03:05 - 2013-04-09 06:49 - 00281088 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2013-09-04 03:05 - 2013-04-09 06:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\fhengine.dll
2013-09-04 03:05 - 2013-04-09 06:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\iuilp.dll
2013-09-04 03:05 - 2013-04-09 06:49 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\dmvdsitf.dll
2013-09-04 03:05 - 2013-04-09 06:49 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\dwmredir.dll
2013-09-04 03:05 - 2013-04-09 06:49 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\fmifs.dll
2013-09-04 03:05 - 2013-04-09 06:48 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2013-09-04 03:05 - 2013-04-09 04:34 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2013-09-04 03:05 - 2013-04-09 04:34 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-09-04 03:05 - 2013-04-09 04:34 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2013-09-04 03:05 - 2013-04-09 04:33 - 00623104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2013-09-04 03:05 - 2013-04-09 04:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2013-09-04 03:05 - 2013-04-09 04:32 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2013-09-04 03:05 - 2013-04-09 04:31 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2013-09-04 03:05 - 2013-04-09 04:31 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2013-09-04 03:05 - 2013-04-09 01:44 - 00123880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2013-09-04 03:05 - 2013-04-09 01:39 - 01408896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-04 03:05 - 2013-04-09 01:37 - 00426024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2013-09-04 03:05 - 2013-04-09 01:37 - 00324368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2013-09-04 03:05 - 2013-04-08 23:52 - 00670208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2013-09-04 03:05 - 2013-04-08 23:52 - 00302592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2013-09-04 03:05 - 2013-04-08 23:52 - 00171008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2013-09-04 03:05 - 2013-04-08 23:52 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2013-09-04 03:05 - 2013-04-08 23:51 - 00659456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2013-09-04 03:05 - 2013-04-08 23:51 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-09-04 03:05 - 2013-04-08 23:51 - 00411136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2013-09-04 03:05 - 2013-04-08 23:51 - 00403968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2013-09-04 03:05 - 2013-04-08 23:51 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2013-09-04 03:05 - 2013-04-08 23:51 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-09-04 03:05 - 2013-04-08 23:51 - 00214528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2013-09-04 03:05 - 2013-04-08 23:51 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2013-09-04 03:05 - 2013-04-08 23:51 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll
2013-09-04 03:05 - 2013-04-08 23:51 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fmifs.dll
2013-09-04 03:05 - 2013-04-08 23:51 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2013-09-04 03:05 - 2013-04-08 23:51 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2013-09-04 03:05 - 2013-04-05 01:30 - 00503080 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2013-09-04 03:05 - 2013-03-16 00:05 - 00298456 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2013-09-04 03:05 - 2013-03-16 00:05 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2013-09-04 03:05 - 2013-03-02 12:39 - 00069864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2013-09-04 03:05 - 2013-03-02 04:43 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2013-09-04 03:05 - 2013-02-07 03:33 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2013-09-04 03:05 - 2013-02-02 10:40 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2013-09-04 03:05 - 2013-02-02 10:23 - 00228352 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2013-09-04 03:05 - 2013-01-10 03:40 - 00303848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-09-04 03:05 - 2012-12-13 06:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-09-04 03:05 - 2012-12-13 05:59 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-09-04 03:05 - 2012-11-20 06:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidi2c.sys
2013-09-04 03:05 - 2012-11-06 09:33 - 00522640 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2013-09-04 03:05 - 2012-11-06 07:00 - 00463768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2013-09-04 03:05 - 2012-11-06 06:18 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2013-09-04 03:05 - 2012-10-11 07:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2013-09-04 03:05 - 2012-10-11 07:44 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2013-09-04 03:05 - 2012-10-11 07:06 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2013-09-04 03:05 - 2012-10-11 07:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2013-09-04 03:03 - 2013-04-16 04:34 - 01455368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-09-04 03:01 - 2013-05-04 09:58 - 00120736 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2013-09-04 03:01 - 2013-05-04 09:34 - 00446720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2013-09-04 03:01 - 2013-05-04 09:34 - 00284416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2013-09-04 03:01 - 2013-05-04 08:59 - 13644288 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2013-09-04 03:01 - 2013-05-04 08:59 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2013-09-04 03:01 - 2013-05-04 08:59 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\Magnify.exe
2013-09-04 03:01 - 2013-05-04 08:58 - 10116096 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2013-09-04 03:01 - 2013-05-04 08:58 - 01332736 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2013-09-04 03:01 - 2013-05-04 08:58 - 00470528 _____ (Microsoft Corporation) C:\Windows\system32\netprofmsvc.dll
2013-09-04 03:01 - 2013-05-04 08:58 - 00330240 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2013-09-04 03:01 - 2013-05-04 08:58 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2013-09-04 03:01 - 2013-05-04 08:58 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\netplwiz.dll
2013-09-04 03:01 - 2013-05-04 08:58 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\netprofm.dll
2013-09-04 03:01 - 2013-05-04 08:58 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2013-09-04 03:01 - 2013-05-04 08:57 - 02305024 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-09-04 03:01 - 2013-05-04 08:57 - 01131520 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2013-09-04 03:01 - 2013-05-04 08:57 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2013-09-04 03:01 - 2013-05-04 08:57 - 00560640 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2013-09-04 03:01 - 2013-05-04 08:57 - 00501760 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
2013-09-04 03:01 - 2013-05-04 08:57 - 00389120 _____ (Microsoft Corporation) C:\Windows\system32\BCP47Langs.dll
2013-09-04 03:01 - 2013-05-04 08:57 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2013-09-04 03:01 - 2013-05-04 08:57 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\biwinrt.dll
2013-09-04 03:01 - 2013-05-04 08:57 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\muifontsetup.dll
2013-09-04 03:01 - 2013-05-04 08:56 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
2013-09-04 03:01 - 2013-05-04 06:58 - 00758784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Magnify.exe
2013-09-04 03:01 - 2013-05-04 06:57 - 10788864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-09-04 03:01 - 2013-05-04 06:57 - 08857088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-09-04 03:01 - 2013-05-04 06:57 - 00303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2013-09-04 03:01 - 2013-05-04 06:57 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-09-04 03:01 - 2013-05-04 06:57 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netplwiz.dll
2013-09-04 03:01 - 2013-05-04 06:57 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netprofm.dll
2013-09-04 03:01 - 2013-05-04 06:57 - 00018432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\npmproxy.dll
2013-09-04 03:01 - 2013-05-04 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\muifontsetup.dll
2013-09-04 03:01 - 2013-05-04 06:56 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-09-04 03:01 - 2013-05-04 06:56 - 00449536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2013-09-04 03:01 - 2013-05-04 06:56 - 00411136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2013-09-04 03:01 - 2013-05-04 06:56 - 00309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BCP47Langs.dll
2013-09-04 03:01 - 2013-05-04 06:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\biwinrt.dll
2013-09-04 03:01 - 2013-05-04 06:55 - 00389632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2013-09-04 03:01 - 2013-05-04 06:51 - 00014848 _____ (Microsoft) C:\Windows\system32\rars.rs
2013-09-04 03:01 - 2013-05-04 06:47 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2013-09-04 03:01 - 2013-05-04 06:10 - 00014848 _____ (Microsoft) C:\Windows\SysWOW64\rars.rs
2013-09-04 03:01 - 2013-03-02 04:45 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-09-04 03:01 - 2013-03-02 04:45 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\taskhostex.exe
2013-09-04 03:01 - 2013-02-02 10:39 - 00015872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlmproxy.dll
2013-09-04 03:01 - 2013-02-02 10:39 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlmsprep.dll
2013-09-04 03:01 - 2012-11-06 06:20 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2013-09-04 03:01 - 2012-11-06 06:00 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wushareduxresources.dll
2013-09-04 02:59 - 2013-07-09 08:07 - 02233168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-04 02:59 - 2013-05-31 01:24 - 01257472 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-04 02:59 - 2013-05-31 01:08 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-04 02:59 - 2013-05-15 04:25 - 00888320 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe
2013-09-04 02:59 - 2013-05-15 04:25 - 00542208 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2013-09-04 02:59 - 2013-05-15 04:24 - 00793088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe
2013-09-04 02:59 - 2013-05-15 04:24 - 00482816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2013-09-04 02:59 - 2013-04-24 01:13 - 01013248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-09-04 02:59 - 2013-04-24 01:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-09-04 02:59 - 2013-04-24 00:56 - 01255936 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-09-04 02:59 - 2013-04-24 00:55 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-09-04 02:59 - 2013-03-02 11:59 - 00411880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-09-04 02:59 - 2012-10-10 09:04 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2013-09-04 02:59 - 2012-10-10 08:31 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-09-04 02:58 - 2013-03-02 12:57 - 00332520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2013-09-04 02:58 - 2013-03-02 12:57 - 00077544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storahci.sys
2013-09-04 02:58 - 2013-03-02 12:45 - 00148712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2013-09-04 02:58 - 2013-03-02 12:39 - 00495336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2013-09-04 02:58 - 2013-03-02 10:23 - 01338880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-09-04 02:58 - 2013-03-02 10:23 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2013-09-04 02:58 - 2013-03-02 10:23 - 00601088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2013-09-04 02:58 - 2013-03-02 10:23 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2013-09-04 02:58 - 2013-03-02 10:23 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2013-09-04 02:58 - 2013-03-02 10:23 - 00100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncInfo.dll
2013-09-04 02:58 - 2013-03-02 10:22 - 05091840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-09-04 02:58 - 2013-03-02 10:22 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2013-09-04 02:58 - 2013-03-02 10:21 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvstore.dll
2013-09-04 02:58 - 2013-03-02 10:21 - 00145408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powercfg.cpl
2013-09-04 02:58 - 2013-03-02 10:21 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevDispItemProvider.dll
2013-09-04 02:58 - 2013-03-02 04:45 - 01627648 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-09-04 02:58 - 2013-03-02 04:45 - 01149952 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2013-09-04 02:58 - 2013-03-02 04:45 - 01101824 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2013-09-04 02:58 - 2013-03-02 04:45 - 00951808 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2013-09-04 02:58 - 2013-03-02 04:45 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2013-09-04 02:58 - 2013-03-02 04:45 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\usbmon.dll
2013-09-04 02:58 - 2013-03-02 04:45 - 00240640 _____ (Microsoft Corporation) C:\Windows\system32\fsquirt.exe
2013-09-04 02:58 - 2013-03-02 04:45 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2013-09-04 02:58 - 2013-03-02 04:45 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\TimeBrokerServer.dll
2013-09-04 02:58 - 2013-03-02 04:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2013-09-04 02:58 - 2013-03-02 04:45 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\WSDPrintProxy.DLL
2013-09-04 02:58 - 2013-03-02 04:44 - 05978624 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-09-04 02:58 - 2013-03-02 04:44 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\drvstore.dll
2013-09-04 02:58 - 2013-03-02 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2013-09-04 02:58 - 2013-03-02 04:44 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2013-09-04 02:58 - 2013-03-02 04:44 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\discan.dll
2013-09-04 02:58 - 2013-03-02 04:44 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll
2013-09-04 02:58 - 2013-03-02 04:44 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\NdisImPlatform.dll
2013-09-04 02:58 - 2013-03-02 04:44 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\DevDispItemProvider.dll
2013-09-04 02:58 - 2013-03-02 04:43 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\powercfg.cpl
2013-09-04 02:58 - 2013-03-02 04:15 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2013-09-04 02:58 - 2013-03-01 06:56 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys
2013-09-04 02:58 - 2013-03-01 06:56 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys
2013-09-04 02:58 - 2013-03-01 06:55 - 01175040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2013-09-04 02:57 - 2013-01-09 05:59 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2013-09-04 02:57 - 2013-01-09 05:58 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2013-09-04 02:56 - 2012-11-26 06:21 - 00071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2013-09-04 02:56 - 2012-11-26 06:20 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2013-09-04 02:52 - 2013-07-02 02:44 - 00036288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2013-09-04 02:52 - 2013-07-02 00:08 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2013-09-04 02:50 - 2013-04-12 00:30 - 01421312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-09-04 02:50 - 2013-04-12 00:22 - 01838080 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-09-04 02:49 - 2013-05-04 08:59 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-09-04 02:49 - 2013-05-04 06:57 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-09-04 02:48 - 2012-11-03 07:26 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2013-09-04 02:48 - 2012-11-03 07:26 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
2013-09-04 02:48 - 2012-11-03 07:24 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2013-09-04 02:48 - 2012-11-03 07:24 - 00375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-09-04 02:48 - 2012-11-03 07:24 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll
2013-09-04 02:48 - 2012-11-03 07:24 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnathlp.dll
2013-09-04 02:48 - 2012-11-03 07:24 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\dpnhupnp.dll
2013-09-04 02:48 - 2012-11-03 07:24 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\dpnhpast.dll
2013-09-04 02:48 - 2012-11-03 07:24 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhupnp.dll
2013-09-04 02:48 - 2012-11-03 07:24 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhpast.dll
2013-09-04 02:48 - 2012-11-03 07:04 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dpnlobby.dll
2013-09-04 02:48 - 2012-11-03 07:04 - 00003584 _____ (Microsoft Corporation) C:\Windows\system32\dpnaddr.dll
2013-09-04 02:48 - 2012-11-03 07:00 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnlobby.dll
2013-09-04 02:48 - 2012-11-03 07:00 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnaddr.dll
2013-09-04 02:48 - 2012-11-01 06:41 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-09-04 02:48 - 2012-11-01 06:41 - 01438720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-09-04 02:48 - 2012-11-01 06:40 - 02361344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-09-04 02:48 - 2012-11-01 06:40 - 01836032 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2013-09-04 02:48 - 2012-11-01 06:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2013-09-04 02:48 - 2012-11-01 06:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2013-09-04 02:48 - 2012-11-01 06:20 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2013-09-04 02:48 - 2012-11-01 06:20 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2013-09-04 02:48 - 2012-10-24 05:25 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2013-09-04 02:48 - 2012-10-24 05:24 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2013-09-04 02:48 - 2012-10-24 05:24 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2013-09-04 02:48 - 2012-10-24 05:05 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2013-09-04 02:47 - 2013-06-01 11:25 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-09-04 02:47 - 2013-06-01 11:21 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-09-04 02:46 - 2013-07-13 08:18 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-09-04 02:46 - 2013-07-13 08:16 - 01889280 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-09-04 02:46 - 2013-07-13 08:16 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-09-04 02:46 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2013-09-04 02:46 - 2013-07-13 08:15 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2013-09-04 02:46 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-09-04 02:46 - 2013-07-13 06:23 - 01568256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-09-04 02:46 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2013-09-04 02:46 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2013-09-04 02:46 - 2013-02-02 13:19 - 00496872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-09-04 02:46 - 2013-02-02 13:19 - 00061672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2013-09-04 02:46 - 2013-02-02 12:54 - 01933544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-09-04 02:46 - 2013-02-02 10:40 - 00410624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlroamextension.dll
2013-09-04 02:46 - 2013-02-02 10:40 - 00370688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWanAPI.dll
2013-09-04 02:46 - 2013-02-02 10:40 - 00197632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2013-09-04 02:46 - 2013-02-02 10:40 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tasklist.exe
2013-09-04 02:46 - 2013-02-02 10:40 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskkill.exe
2013-09-04 02:46 - 2013-02-02 10:39 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2013-09-04 02:46 - 2013-02-02 10:39 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-09-04 02:46 - 2013-02-02 10:38 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\duser.dll
2013-09-04 02:46 - 2013-02-02 10:24 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\taskkill.exe
2013-09-04 02:46 - 2013-02-02 10:24 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\tasklist.exe
2013-09-04 02:46 - 2013-02-02 10:23 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2013-09-04 02:46 - 2013-02-02 10:23 - 00543232 _____ (Microsoft Corporation) C:\Windows\system32\wlroamextension.dll
2013-09-04 02:46 - 2013-02-02 10:23 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\WWanAPI.dll
2013-09-04 02:46 - 2013-02-02 10:23 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Connectivity.dll
2013-09-04 02:46 - 2013-02-02 10:23 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll
2013-09-04 02:46 - 2013-02-02 10:21 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2013-09-04 02:46 - 2013-02-02 10:21 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2013-09-04 02:46 - 2013-02-02 10:20 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\duser.dll
2013-09-04 02:46 - 2013-02-02 10:20 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\hotspotauth.dll
2013-09-04 02:46 - 2013-02-02 09:25 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2013-09-04 02:46 - 2012-11-27 05:57 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BtaMPM.sys
2013-09-04 02:46 - 2012-11-27 05:55 - 00029952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthhfHid.sys
2013-09-04 02:46 - 2012-11-20 06:56 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-09-04 02:45 - 2013-04-27 07:20 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-09-04 02:45 - 2013-02-06 00:29 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2013-09-04 02:45 - 2013-02-06 00:28 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2013-09-04 02:45 - 2013-02-02 07:41 - 01437184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2013-09-04 02:45 - 2013-02-02 07:31 - 01690624 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2013-09-04 02:44 - 2013-04-03 01:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-09-04 02:44 - 2013-04-03 01:12 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-09-04 02:44 - 2013-03-15 02:17 - 00861184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2013-09-04 02:44 - 2013-02-12 02:17 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-09-04 02:44 - 2012-12-16 10:28 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-09-04 02:44 - 2012-12-16 10:20 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-09-04 02:44 - 2012-12-16 10:08 - 00362496 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-09-04 02:44 - 2012-12-16 09:57 - 00300032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-09-04 02:44 - 2012-11-08 06:24 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-09-04 02:44 - 2012-11-08 06:24 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-09-04 02:44 - 2012-11-08 06:20 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-09-04 02:44 - 2012-11-08 06:20 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-09-04 02:44 - 2012-11-08 06:02 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-09-04 02:44 - 2012-11-08 06:01 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-09-04 02:40 - 2013-03-06 08:31 - 19758592 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-04 02:40 - 2013-03-06 07:03 - 17561600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-04 02:40 - 2012-11-10 06:23 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2013-09-04 02:40 - 2012-11-10 06:23 - 00132608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2013-09-04 02:40 - 2012-11-10 06:22 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\RDWebAI.dll
2013-09-04 02:40 - 2012-11-10 06:22 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\VmHostAI.dll
2013-09-04 02:40 - 2012-11-10 06:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\appserverai.dll
2013-09-04 02:39 - 2013-03-06 09:10 - 00112872 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-09-04 02:39 - 2013-03-06 08:31 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-04 02:39 - 2013-03-06 08:29 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-09-04 02:39 - 2013-03-06 07:03 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-04 02:39 - 2012-10-24 05:25 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\ReAgentc.exe
2013-09-04 02:39 - 2012-10-24 04:48 - 00024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgentc.exe
2013-09-04 02:38 - 2013-03-22 05:49 - 02382336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2013-09-04 02:38 - 2013-03-22 00:47 - 02851840 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2013-09-04 02:38 - 2013-03-02 10:23 - 00375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2013-09-04 02:38 - 2013-03-02 04:44 - 01011200 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2013-09-04 02:38 - 2012-12-15 06:55 - 00443392 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2013-09-04 02:38 - 2012-11-03 07:26 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\sysreset.exe
2013-09-04 02:38 - 2012-11-03 07:25 - 00945152 _____ (Microsoft Corporation) C:\Windows\system32\resetengmig.dll
2013-09-04 02:25 - 2013-09-19 00:32 - 00000000 ____D C:\Users\Tobi\AppData\Local\Mozilla
2013-09-04 02:25 - 2013-09-09 14:19 - 00056016 _____ C:\Windows\system32\Drivers\fsbts.sys
2013-09-04 02:25 - 2013-09-04 02:25 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Mozilla
2013-09-04 02:24 - 2013-09-19 00:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-04 02:24 - 2013-09-04 02:24 - 00000000 ____D C:\ProgramData\Mozilla
2013-09-04 01:49 - 2013-09-27 18:00 - 00000644 _____ C:\Windows\Tasks\Scheduled scanning task.job
2013-09-04 01:46 - 2013-09-09 14:12 - 07415559 _____ C:\Windows\FSISU.log
2013-09-04 01:46 - 2013-09-09 14:12 - 01631610 _____ C:\Windows\FSSFM.log
2013-09-04 01:46 - 2013-09-09 14:12 - 01321915 _____ C:\Windows\FSSETUP.log
2013-09-04 01:46 - 2013-09-09 14:12 - 00234051 _____ C:\Windows\FSPROD.log
2013-09-04 01:46 - 2013-09-09 14:12 - 00217007 _____ C:\Windows\RunSetup.log
2013-09-04 01:46 - 2013-09-09 14:12 - 00199096 _____ C:\Windows\FSDEPH.log
2013-09-04 01:46 - 2013-09-09 14:12 - 00141337 _____ C:\Windows\FSAVINST.LOG
2013-09-04 01:46 - 2013-09-09 14:12 - 00019785 _____ C:\Windows\prodsett_copy.ini
2013-09-04 01:46 - 2013-09-09 14:12 - 00012243 _____ C:\Windows\FSAVCSIN.LOG
2013-09-04 01:46 - 2013-09-09 14:12 - 00008044 _____ C:\Windows\FSGKIAIN.log
2013-09-04 01:46 - 2013-09-09 14:12 - 00003650 _____ C:\Windows\FSLDIN.LOG
2013-09-04 01:46 - 2013-09-09 14:12 - 00002937 _____ C:\Windows\fsavunin.log
2013-09-04 01:46 - 2013-09-09 14:12 - 00002380 _____ C:\Windows\DAASINST.LOG
2013-09-04 01:46 - 2013-09-09 14:12 - 00001314 _____ C:\Windows\fsav_db_setup.log
2013-09-04 01:46 - 2013-09-09 14:11 - 00032887 _____ C:\Windows\fspplugin.log
2013-09-04 01:46 - 2013-09-04 01:46 - 00041024 _____ C:\Windows\SysWOW64\Drivers\fsbts.sys
2013-09-04 01:46 - 2013-09-04 01:46 - 00020333 _____ C:\Windows\fsmainst.log
2013-09-04 01:46 - 2013-09-04 01:46 - 00018223 _____ C:\Windows\FSGUIINS.LOG
2013-09-04 01:46 - 2013-09-04 01:46 - 00004258 _____ C:\Windows\fstnbins.LOG
2013-09-04 01:46 - 2013-09-04 01:46 - 00003616 _____ C:\Windows\FSGemini.LOG
2013-09-04 01:46 - 2013-09-04 01:46 - 00000881 _____ C:\Windows\fsgadget.log
2013-09-04 01:46 - 2013-09-04 01:46 - 00000770 _____ C:\Windows\fstsutil.log
2013-09-04 01:23 - 2013-09-04 01:23 - 00001945 _____ C:\Users\Public\Desktop\F-Secure.lnk
2013-09-04 01:05 - 2013-09-04 01:05 - 00000000 ____D C:\sources
2013-09-04 01:02 - 2013-09-19 13:57 - 00000000 ____D C:\Program Files (x86)\F-Secure
2013-09-04 01:00 - 2013-09-04 01:46 - 00000000 ____D C:\ProgramData\F-Secure
2013-09-04 00:54 - 2013-09-04 00:54 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Macromedia
2013-09-03 21:27 - 2013-09-04 15:34 - 00000000 ____D C:\Users\Tobi\Desktop\Tobis Daten
2013-09-03 19:09 - 2013-09-03 19:09 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2013-09-03 17:13 - 2013-09-03 17:13 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-09-03 16:56 - 2013-09-03 16:56 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\NVIDIA
2013-09-03 16:55 - 2013-09-04 03:56 - 00000000 ____D C:\Users\Tobi\AppData\Local\Adobe
2013-09-03 16:53 - 2013-09-03 16:53 - 00000000 ____D C:\Users\Tobi\Documents\ASUS
2013-09-03 16:53 - 2013-09-03 16:53 - 00000000 ____D C:\ProgramData\ASUS
2013-09-03 16:44 - 2013-09-05 14:03 - 00000000 ___RD C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-03 16:44 - 2013-09-05 14:03 - 00000000 ___RD C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-03 16:44 - 2013-09-03 16:54 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\ASUS
2013-09-03 16:44 - 2013-09-03 16:44 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\ASUS WebStorage
2013-09-03 16:43 - 2013-09-03 16:55 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Adobe
2013-09-03 16:43 - 2013-09-03 16:43 - 00001444 _____ C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-03 16:43 - 2013-09-03 16:43 - 00000188 _____ C:\Windows\FixPatch.log
2013-09-03 16:43 - 2013-09-03 16:43 - 00000135 _____ C:\Windows\SysWOW64\mcmarkclean.log
2013-09-03 16:43 - 2013-09-03 16:43 - 00000000 __RSD C:\Users\Public\Desktop\ASUS
2013-09-03 16:43 - 2013-09-03 16:43 - 00000000 ____D C:\ProgramData\FolderView
2013-09-03 16:42 - 2013-09-27 14:39 - 00000062 _____ C:\Users\Tobi\AppData\Roaming\sp_data.sys
2013-09-03 16:41 - 2013-09-18 16:28 - 00000000 ____D C:\Users\Tobi
2013-09-03 16:41 - 2013-09-05 14:02 - 00000000 ____D C:\Users\Tobi\AppData\Local\Packages
2013-09-03 16:41 - 2013-09-05 00:54 - 00000000 ____D C:\Users\Tobi\AppData\Local\VirtualStore
2013-09-03 16:41 - 2013-09-03 16:53 - 00000000 ____D C:\Users\Tobi\AppData\Local\ASUS
2013-09-03 16:41 - 2013-09-03 16:41 - 00000020 ___SH C:\Users\Tobi\ntuser.ini
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\Vorlagen
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\Startmenü
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\Netzwerkumgebung
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\Lokale Einstellungen
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\Eigene Dateien
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\Druckumgebung
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\Documents\Eigene Musik
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\Documents\Eigene Bilder
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\AppData\Local\Verlauf
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\AppData\Local\Anwendungsdaten
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\Anwendungsdaten
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Intel
2013-09-03 16:41 - 2013-05-07 04:14 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS Video Magic
2013-09-03 16:41 - 2012-11-27 06:09 - 00002098 _____ C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2013-09-03 16:41 - 2012-07-26 10:13 - 00000000 ___RD C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-09-03 16:41 - 2012-07-26 10:13 - 00000000 ___RD C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-09-03 16:41 - 2012-07-26 10:13 - 00000000 ___RD C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-09-03 16:41 - 2012-07-26 10:13 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified Files and Folders =======

2013-09-27 20:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-09-27 19:59 - 2013-09-27 19:59 - 00000000 ____D C:\FRST
2013-09-27 19:58 - 2013-09-27 19:58 - 00377856 _____ C:\Users\Tobi\Downloads\tjrbk90r.exe
2013-09-27 19:58 - 2013-09-27 19:57 - 01953854 _____ (Farbar) C:\Users\Tobi\Desktop\FRST64.exe
2013-09-27 19:51 - 2013-09-27 19:51 - 00000542 _____ C:\Users\Tobi\Desktop\defogger_disable.log
2013-09-27 19:51 - 2013-09-19 11:13 - 00000000 ____D C:\Users\Admin
2013-09-27 19:48 - 2013-09-27 19:49 - 00050477 _____ C:\Users\Tobi\Desktop\Defogger.exe
2013-09-27 19:43 - 2013-09-19 00:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-27 19:27 - 2013-09-04 03:42 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Spotify
2013-09-27 19:23 - 2013-09-27 18:00 - 00000276 _____ C:\error.fstmp
2013-09-27 18:00 - 2013-09-27 18:00 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\F-Secure
2013-09-27 18:00 - 2013-09-27 18:00 - 00000000 _____ C:\infect.fstmp
2013-09-27 18:00 - 2013-09-04 01:49 - 00000644 _____ C:\Windows\Tasks\Scheduled scanning task.job
2013-09-27 17:32 - 2013-09-27 17:32 - 00001444 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-27 17:32 - 2013-09-27 17:32 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-27 17:32 - 2013-09-27 17:32 - 00000000 ____D C:\Program Files\iTunes
2013-09-27 17:32 - 2013-09-27 17:32 - 00000000 ____D C:\Program Files\iPod
2013-09-27 14:53 - 2013-05-07 03:56 - 01685915 _____ C:\Windows\WindowsUpdate.log
2013-09-27 14:39 - 2013-09-03 16:42 - 00000062 _____ C:\Users\Tobi\AppData\Roaming\sp_data.sys
2013-09-26 15:28 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-09-26 13:16 - 2013-09-26 13:16 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-26 13:15 - 2013-09-26 13:15 - 00000000 ____D C:\ProgramData\Adobe
2013-09-26 13:15 - 2013-09-26 13:15 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-24 15:32 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-09-24 13:11 - 2013-09-04 03:43 - 00000000 ____D C:\Users\Tobi\AppData\Local\Spotify
2013-09-22 02:41 - 2013-09-04 19:54 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Skype
2013-09-21 00:11 - 2013-09-12 13:39 - 00000000 ____D C:\Users\Tobi\Documents\TmForever
2013-09-19 13:57 - 2013-09-04 01:02 - 00000000 ____D C:\Program Files (x86)\F-Secure
2013-09-19 01:26 - 2013-09-12 19:11 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 01:26 - 2013-09-12 19:11 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-19 00:41 - 2013-09-19 00:41 - 00000000 ____D C:\Users\Tobi\AppData\Local\Secunia PSI
2013-09-19 00:40 - 2013-09-19 00:40 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-09-19 00:33 - 2013-09-19 00:33 - 00000000 ____D C:\Users\Tobi\Downloads\Firefox Add Ons
2013-09-19 00:32 - 2013-09-19 00:32 - 00000000 ____D C:\Users\Tobi\Downloads\Handy
2013-09-19 00:32 - 2013-09-04 02:25 - 00000000 ____D C:\Users\Tobi\AppData\Local\Mozilla
2013-09-19 00:32 - 2013-09-04 02:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-18 17:39 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\LiveKernelReports
2013-09-18 17:12 - 2013-09-18 16:27 - 00000000 ____D C:\Users\Tobi\.gimp-2.8
2013-09-18 17:09 - 2013-09-18 17:09 - 00003967 _____ C:\Users\Tobi\AppData\Local\recently-used.xbel
2013-09-18 16:28 - 2013-09-18 16:28 - 00000000 ____D C:\Users\Tobi\.thumbnails
2013-09-18 16:28 - 2013-09-03 16:41 - 00000000 ____D C:\Users\Tobi
2013-09-18 16:27 - 2013-09-18 16:27 - 00000000 ____D C:\Users\Tobi\AppData\Local\gegl-0.2
2013-09-18 15:51 - 2013-09-18 15:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-18 15:43 - 2012-08-03 01:02 - 00753134 _____ C:\Windows\system32\perfh007.dat
2013-09-18 15:43 - 2012-08-03 01:02 - 00155826 _____ C:\Windows\system32\perfc007.dat
2013-09-18 15:43 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-12 19:19 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-09-12 19:09 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-12 19:08 - 2012-08-02 15:24 - 00006244 _____ C:\Windows\PFRO.log
2013-09-12 15:24 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore
2013-09-12 15:24 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-09-12 15:23 - 2012-07-26 11:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-09-12 15:23 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\SysWOW64\winrm
2013-09-12 15:23 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\SysWOW64\sysprep
2013-09-12 15:23 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2013-09-12 15:23 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\en-GB
2013-09-12 15:23 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-09-12 15:23 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2013-09-12 15:23 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-09-12 15:23 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-09-12 15:23 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Common Files\System
2013-09-12 15:23 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-09-12 15:23 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-09-12 15:23 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-09-12 15:23 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe
2013-09-12 15:23 - 2012-07-26 07:37 - 00000000 ____D C:\Windows\servicing
2013-09-12 15:22 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\SysWOW64\WCN
2013-09-12 15:22 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2013-09-12 15:22 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\system32\winrm
2013-09-12 15:22 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\system32\slmgr
2013-09-12 15:22 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2013-09-12 15:22 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\SysWOW64\MUI
2013-09-12 15:22 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\SysWOW64\Com
2013-09-12 15:22 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\migwiz
2013-09-12 15:22 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\en-GB
2013-09-12 15:22 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-09-12 15:22 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\Sysprep
2013-09-12 15:19 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\system32\WCN
2013-09-12 15:19 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\MUI
2013-09-12 15:19 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\Dism
2013-09-12 15:18 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2013-09-12 15:18 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2013-09-12 15:18 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\Com
2013-09-12 14:33 - 2013-09-12 13:39 - 00000000 ____D C:\ProgramData\TmForever
2013-09-12 00:51 - 2013-09-12 00:51 - 00000000 ____D C:\Users\Tobi\Downloads\__MACOSX
2013-09-11 23:50 - 2013-09-11 23:50 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-09-11 23:50 - 2013-09-11 23:50 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\OpenOffice
2013-09-11 23:49 - 2013-09-11 23:49 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-09-11 23:01 - 2012-11-27 06:09 - 00087759 _____ C:\Windows\DirectX.log
2013-09-11 23:00 - 2013-09-11 23:00 - 00000631 _____ C:\Users\Public\Desktop\TmNationsForever.lnk
2013-09-11 10:34 - 2013-09-04 03:55 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 10:32 - 2013-09-04 03:55 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-10 23:39 - 2013-09-10 23:39 - 00495557 _____ C:\Users\Tobi\Downloads\WLAN_ATHEROS_V7.6.0.164_VISTA64_CA41534-1967.EXE
2013-09-10 22:45 - 2013-09-10 22:45 - 00000000 ____D C:\Users\Tobi\Documents\Meine empfangenen Dateien
2013-09-10 17:21 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF
2013-09-09 14:19 - 2013-09-04 02:25 - 00056016 _____ C:\Windows\system32\Drivers\fsbts.sys
2013-09-09 14:12 - 2013-09-04 01:46 - 07415559 _____ C:\Windows\FSISU.log
2013-09-09 14:12 - 2013-09-04 01:46 - 01631610 _____ C:\Windows\FSSFM.log
2013-09-09 14:12 - 2013-09-04 01:46 - 01321915 _____ C:\Windows\FSSETUP.log
2013-09-09 14:12 - 2013-09-04 01:46 - 00234051 _____ C:\Windows\FSPROD.log
2013-09-09 14:12 - 2013-09-04 01:46 - 00217007 _____ C:\Windows\RunSetup.log
2013-09-09 14:12 - 2013-09-04 01:46 - 00199096 _____ C:\Windows\FSDEPH.log
2013-09-09 14:12 - 2013-09-04 01:46 - 00141337 _____ C:\Windows\FSAVINST.LOG
2013-09-09 14:12 - 2013-09-04 01:46 - 00019785 _____ C:\Windows\prodsett_copy.ini
2013-09-09 14:12 - 2013-09-04 01:46 - 00012243 _____ C:\Windows\FSAVCSIN.LOG
2013-09-09 14:12 - 2013-09-04 01:46 - 00008044 _____ C:\Windows\FSGKIAIN.log
2013-09-09 14:12 - 2013-09-04 01:46 - 00003650 _____ C:\Windows\FSLDIN.LOG
2013-09-09 14:12 - 2013-09-04 01:46 - 00002937 _____ C:\Windows\fsavunin.log
2013-09-09 14:12 - 2013-09-04 01:46 - 00002380 _____ C:\Windows\DAASINST.LOG
2013-09-09 14:12 - 2013-09-04 01:46 - 00001314 _____ C:\Windows\fsav_db_setup.log
2013-09-09 14:11 - 2013-09-04 01:46 - 00032887 _____ C:\Windows\fspplugin.log
2013-09-09 01:19 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData
2013-09-05 14:03 - 2013-09-03 16:44 - 00000000 ___RD C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-05 14:03 - 2013-09-03 16:44 - 00000000 ___RD C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-05 14:02 - 2013-09-05 13:45 - 00000000 ___RD C:\Windows\BrowserChoice
2013-09-05 14:02 - 2013-09-03 16:41 - 00000000 ____D C:\Users\Tobi\AppData\Local\Packages
2013-09-05 14:02 - 2012-08-02 15:28 - 00000000 ____D C:\ProgramData\PRICache
2013-09-05 13:46 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-09-05 13:46 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-09-05 13:46 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-09-05 13:40 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-09-05 13:40 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-09-05 00:54 - 2013-09-03 16:41 - 00000000 ____D C:\Users\Tobi\AppData\Local\VirtualStore
2013-09-05 00:32 - 2013-09-05 00:32 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-09-05 00:32 - 2013-09-05 00:32 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-09-05 00:32 - 2013-09-05 00:32 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-05 00:32 - 2013-09-05 00:32 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-05 00:32 - 2013-09-05 00:32 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-05 00:32 - 2013-09-05 00:32 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-05 00:32 - 2013-09-05 00:32 - 00000000 ____D C:\ProgramData\Sun
2013-09-04 20:03 - 2013-09-04 20:02 - 00000000 ____D C:\Users\Tobi\Downloads\Seven VG Skin
2013-09-04 19:54 - 2013-09-04 19:54 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk
2013-09-04 19:54 - 2013-09-04 19:54 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-09-04 19:54 - 2013-09-04 19:54 - 00000000 ____D C:\ProgramData\Skype
2013-09-04 15:34 - 2013-09-03 21:27 - 00000000 ____D C:\Users\Tobi\Desktop\Tobis Daten
2013-09-04 15:33 - 2013-09-04 15:33 - 00000877 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-09-04 15:33 - 2013-09-04 15:32 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\DVDVideoSoft
2013-09-04 14:48 - 2013-09-04 14:48 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Apple Computer
2013-09-04 14:48 - 2013-09-04 14:48 - 00000000 ____D C:\Users\Tobi\AppData\Local\Apple Computer
2013-09-04 14:47 - 2013-09-04 14:47 - 00000000 ____D C:\ProgramData\Apple Computer
2013-09-04 14:46 - 2013-09-04 14:46 - 00000000 ____D C:\Users\Tobi\AppData\Local\Apple
2013-09-04 14:46 - 2013-09-04 14:46 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-04 14:46 - 2013-09-04 14:46 - 00000000 ____D C:\Program Files\Bonjour
2013-09-04 14:46 - 2013-09-04 14:46 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-09-04 14:46 - 2013-09-04 14:46 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-04 14:46 - 2013-09-04 14:45 - 00000000 ____D C:\ProgramData\Apple
2013-09-04 14:43 - 2012-07-26 09:21 - 00035109 _____ C:\Windows\setupact.log
2013-09-04 03:56 - 2013-09-03 16:55 - 00000000 ____D C:\Users\Tobi\AppData\Local\Adobe
2013-09-04 03:48 - 2013-09-04 03:48 - 00000000 ____D C:\Users\Tobi\AppData\Local\Macromedia
2013-09-04 03:43 - 2013-09-04 03:43 - 00001764 _____ C:\Users\Tobi\Desktop\Spotify.lnk
2013-09-04 03:43 - 2013-09-04 03:43 - 00001750 _____ C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-09-04 02:25 - 2013-09-04 02:25 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Mozilla
2013-09-04 02:24 - 2013-09-04 02:24 - 00000000 ____D C:\ProgramData\Mozilla
2013-09-04 01:55 - 2012-11-27 06:08 - 07021266 _____ C:\Windows\AsDebug.log
2013-09-04 01:46 - 2013-09-04 01:46 - 00041024 _____ C:\Windows\SysWOW64\Drivers\fsbts.sys
2013-09-04 01:46 - 2013-09-04 01:46 - 00020333 _____ C:\Windows\fsmainst.log
2013-09-04 01:46 - 2013-09-04 01:46 - 00018223 _____ C:\Windows\FSGUIINS.LOG
2013-09-04 01:46 - 2013-09-04 01:46 - 00004258 _____ C:\Windows\fstnbins.LOG
2013-09-04 01:46 - 2013-09-04 01:46 - 00003616 _____ C:\Windows\FSGemini.LOG
2013-09-04 01:46 - 2013-09-04 01:46 - 00000881 _____ C:\Windows\fsgadget.log
2013-09-04 01:46 - 2013-09-04 01:46 - 00000770 _____ C:\Windows\fstsutil.log
2013-09-04 01:46 - 2013-09-04 01:00 - 00000000 ____D C:\ProgramData\F-Secure
2013-09-04 01:38 - 2012-11-27 06:11 - 00000000 ____D C:\ProgramData\McAfee
2013-09-04 01:38 - 2012-11-27 06:11 - 00000000 ____D C:\Program Files\mcafee
2013-09-04 01:23 - 2013-09-04 01:23 - 00001945 _____ C:\Users\Public\Desktop\F-Secure.lnk
2013-09-04 01:18 - 2012-08-03 01:01 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2013-09-04 01:05 - 2013-09-04 01:05 - 00000000 ____D C:\sources
2013-09-04 00:54 - 2013-09-04 00:54 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Macromedia
2013-09-03 19:11 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\restore
2013-09-03 19:09 - 2013-09-03 19:09 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2013-09-03 18:51 - 2012-11-27 06:08 - 01427768 _____ C:\Windows\AsCDProc.log
2013-09-03 17:13 - 2013-09-03 17:13 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-09-03 16:56 - 2013-09-03 16:56 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\NVIDIA
2013-09-03 16:55 - 2013-09-03 16:43 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Adobe
2013-09-03 16:54 - 2013-09-03 16:44 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\ASUS
2013-09-03 16:53 - 2013-09-03 16:53 - 00000000 ____D C:\Users\Tobi\Documents\ASUS
2013-09-03 16:53 - 2013-09-03 16:53 - 00000000 ____D C:\ProgramData\ASUS
2013-09-03 16:53 - 2013-09-03 16:41 - 00000000 ____D C:\Users\Tobi\AppData\Local\ASUS
2013-09-03 16:46 - 2012-11-27 06:09 - 00000000 ____D C:\ProgramData\ChangeFolderView
2013-09-03 16:44 - 2013-09-03 16:44 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\ASUS WebStorage
2013-09-03 16:43 - 2013-09-03 16:43 - 00001444 _____ C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-03 16:43 - 2013-09-03 16:43 - 00000188 _____ C:\Windows\FixPatch.log
2013-09-03 16:43 - 2013-09-03 16:43 - 00000135 _____ C:\Windows\SysWOW64\mcmarkclean.log
2013-09-03 16:43 - 2013-09-03 16:43 - 00000000 __RSD C:\Users\Public\Desktop\ASUS
2013-09-03 16:43 - 2013-09-03 16:43 - 00000000 ____D C:\ProgramData\FolderView
2013-09-03 16:43 - 2012-08-02 15:33 - 00000000 ____D C:\Windows\Log
2013-09-03 16:41 - 2013-09-03 16:41 - 00000020 ___SH C:\Users\Tobi\ntuser.ini
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\Vorlagen
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\Startmenü
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\Netzwerkumgebung
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\Lokale Einstellungen
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\Eigene Dateien
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\Druckumgebung
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\Documents\Eigene Musik
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\Documents\Eigene Bilder
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\AppData\Local\Verlauf
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\AppData\Local\Anwendungsdaten
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\Anwendungsdaten
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Intel

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe


Some content of TEMP:
====================
C:\Users\Tobi\AppData\Local\Temp\fsc626C.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---

--- --- ---

[/CODE]

Konomono 28.09.2013 18:16
Addition:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-09-2013
Ran by Tobi at 2013-09-27 20:00:50
Running from C:\Users\Tobi\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Anti-Virus (Enabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Anti-Virus (Enabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader X (10.1.8) - Deutsch (x32 Version: 10.1.8)
Alcor Micro USB Card Reader (x32 Version: 3.9.142.62248)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
ASUS Instant Connect (x32 Version: 1.2.8)
ASUS Instant Key (x32 Version: 1.0.5)
ASUS InstantOn (x32 Version: 3.0.5)
ASUS LifeFrame3 (x32 Version: 3.1.13)
ASUS Live Update (x32 Version: 3.1.9)
ASUS N Series Demo (x32 Version: 1.0.0003)
ASUS Power4Gear Hybrid (Version: 2.1.7)
ASUS Screen Saver (Version: 1.0.1)
ASUS Smart Gesture (x32 Version: 1.1.3)
ASUS Splendid Video Enhancement Technology (x32 Version: 2.01.0002)
ASUS Tutor (x32 Version: 1.0.8)
ASUS USB Charger Plus (x32 Version: 2.1.5)
ASUS Video Magic (x32 Version: 6.0.4713)
ASUS WebStorage Sync Agent (x32 Version: 1.1.10.123)
ASUSDVD (x32 Version: 10.0.4126.52)
ATK Package (x32 Version: 1.0.0027)
Bonjour (Version: 3.0.0.10)
Classic Shell (Version: 3.6.8)
Computer Security 12.83.104.0 (release) (x32 Version: 12.83.104.0)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3019_44673)
CyberLink PowerDirector (x32 Version: 8.0.5817a)
D3DX10 (x32 Version: 15.4.2368.0902)
Fotogalerie (x32 Version: 16.4.3505.0912)
Free YouTube to MP3 Converter version 3.12.12.827 (x32 Version: 3.12.12.827)
F-Secure (x32 Version: 1.83.311.0)
F-Secure CCF Reputation (x32 Version: 1.0.25.1877)
F-Secure CCF Scanning 1.23.124.8831 (release) (x32 Version: 1.23.124.8831)
F-Secure Network CCF 1.02.128 (x32 Version: 1.02.128)
Galerie de photos (x32 Version: 16.4.3505.0912)
GIMP 2.8.4 (Version: 2.8.4)
Intel PROSet Wireless
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2884)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.5.5.0480)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 2.6.1211.0294)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel(R) WiDi (Version: 3.5.41.0)
Intel® PROSet/Wireless WiFi Software (Version: 15.05.7000.1709)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
iTunes (Version: 11.1.0.126)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
McAfee Internet Security (x32 Version: 11.6.385)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office (x32 Version: 15.0.4420.1017)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Maker (x32 Version: 16.4.3505.0912)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MyBitCast 2.0 (x32 Version: 2.0)
NVIDIA Control Panel 311.00 (Version: 311.00)
NVIDIA Graphics Driver 311.00 (Version: 311.00)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA Optimus 1.11.3 (Version: 1.11.3)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OpenOffice 4.0.0 (x32 Version: 4.00.9702)
Photo Common (x32 Version: 16.4.3505.0912)
Photo Gallery (x32 Version: 16.4.3505.0912)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.12)
Raccolta foto (x32 Version: 16.4.3505.0912)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6828)
Secunia PSI (3.0.0.7011) (x32 Version: 3.0.0.7011)
Shared C Run-time for x64 (Version: 10.0.0)
Skype™ 6.7 (x32 Version: 6.7.102)
Spotify (HKCU Version: 0.9.4.169.gc0399df6)
TmNationsForever (x32)
Windows Driver Package - ASUS (ATP) Mouse  (01/10/2013 1.0.0.170) (Version: 01/10/2013 1.0.0.170)
Windows Live (x32 Version: 16.4.3505.0912)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
WinFlash (x32 Version: 2.41.1)
Xiph.Org Open Codecs 0.85.17777 (x32 Version: 0.85.17777)

==================== Restore Points  =========================

Could not list Restore Points.


==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\Scheduled scanning task.job => ?

==================== Loaded Modules (whitelisted) =============

2013-01-28 12:44 - 2012-11-21 10:58 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/27/2013 07:19:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1485

Error: (09/27/2013 07:19:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1485

Error: (09/27/2013 06:13:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/27/2013 04:25:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1250

Error: (09/27/2013 04:25:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1250

Error: (09/27/2013 04:25:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/27/2013 04:01:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2577250

Error: (09/27/2013 04:01:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2577250

Error: (09/27/2013 04:01:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/26/2013 08:09:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14969


System errors:
=============
Error: (09/27/2013 05:30:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/26/2013 01:39:22 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0x8000002a171\??\Volume{6271fb00-b661-4146-9b61-09fab44b02f9}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{6542C2C8-0FD7-4E3E-985C-2AA63876670A}

Error: (09/26/2013 01:39:14 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0x8000002a78\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy6\Windows\system32\config\SYSTEM

Error: (09/19/2013 11:12:33 AM) (Source: DCOM) (User: Tobis-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (09/19/2013 11:12:33 AM) (Source: DCOM) (User: Tobis-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (09/19/2013 11:12:33 AM) (Source: DCOM) (User: Tobis-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (09/19/2013 11:12:33 AM) (Source: DCOM) (User: Tobis-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (09/19/2013 11:12:30 AM) (Source: DCOM) (User: Tobis-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (09/19/2013 11:12:30 AM) (Source: DCOM) (User: Tobis-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (09/19/2013 11:12:29 AM) (Source: DCOM) (User: Tobis-PC)
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}


Microsoft Office Sessions:
=========================
Error: (09/27/2013 07:19:59 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1485

Error: (09/27/2013 07:19:59 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1485

Error: (09/27/2013 06:13:23 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/27/2013 04:25:45 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1250

Error: (09/27/2013 04:25:45 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1250

Error: (09/27/2013 04:25:45 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/27/2013 04:01:22 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2577250

Error: (09/27/2013 04:01:22 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2577250

Error: (09/27/2013 04:01:22 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/26/2013 08:09:33 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14969


==================== Memory info ===========================

Percentage of memory in use: 52%
Total physical RAM: 3981.81 MB
Available physical RAM: 1873.64 MB
Total Pagefile: 4685.81 MB
Available Pagefile: 2207.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:121.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:258.15 GB) (Free:256.65 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================
Gmer:

Code:

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-27 20:08:51
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000003c ST500LT012-9WS142 rev.0001SDM1 465,76GB
Running: tjrbk90r.exe; Driver: C:\Users\Admin\AppData\Local\Temp\fgloipod.sys


---- Kernel code sections - GMER 2.1 ----

.text  C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                    fffff96000093200 7 bytes [40, 3B, 82, 01, 00, 53, F2]
.text  C:\Windows\System32\win32k.sys!W32pServiceTable + 8                                                                                fffff96000093208 7 bytes [01, 63, C0, FF, 00, 17, DB]

---- User code sections - GMER 2.1 ----

.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                              000007fb5d7230b0 5 bytes JMP 000007fbdd731018
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                000007fb5d723691 5 bytes JMP 000007fbdd730018
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                                            000007fb5d723751 5 bytes JMP 000007fbdd732018
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\system32\KERNEL32.DLL!OpenMutexA                                                  000007fb5caefd28 5 bytes JMP 000007fbdd73b018
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                              000007fb5a9e3410 2 bytes JMP 000007fbdd739018
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 3                                          000007fb5a9e3413 2 bytes [D5, 82]
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\system32\KERNELBASE.dll!GetFileSize                                                000007fb5a9e6370 5 bytes JMP 000007fbda9f0018
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW                                            000007fb5a9ec3e4 5 bytes JMP 000007fbdd73a018
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW                                          000007fb5a9f2854 5 bytes JMP 000007fbdd73f018
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\system32\KERNELBASE.dll!TerminateThread                                            000007fb5a9fed8c 5 bytes JMP 000007fbdaa22018
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx                                      000007fb5aa00af0 5 bytes JMP 000007fbdaa21018
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\system32\KERNELBASE.dll!CopyFileExW                                                000007fb5aa09770 5 bytes JMP 000007fbdd73d018
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\system32\KERNELBASE.dll!OpenMutexW                                                000007fb5aa0b6dc 5 bytes JMP 000007fbdd73c018
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx                                              000007fb5aa17fa4 5 bytes JMP 000007fbdaa20018
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                        000007fb5aa45c00 5 bytes JMP 000007fbdaa50018
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryExW                                        000007fb5aa669a0 5 bytes JMP 000007fbdd73e018
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle                                            000007fb5d533ad0 5 bytes JMP 000007fbdd736018
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                  000007fb5d5341a0 5 bytes JMP 000007fbdd734018
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                000007fb5d5375d0 5 bytes JMP 000007fbdd737018
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                  000007fb5d537880 5 bytes JMP 000007fbdd733018
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\sechost.dll!ControlService                                                000007fb5d538030 5 bytes JMP 000007fbdd735018
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                000007fb5d55b034 5 bytes JMP 000007fbdd738018
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                  000007fb5d15177a 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                  000007fb5d151782 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\system32\nvvsvc.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                000007fb5d7230b0 5 bytes JMP 000007fbdd731018
.text  C:\Windows\system32\nvvsvc.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                  000007fb5d723691 5 bytes JMP 000007fbdd730018
.text  C:\Windows\system32\nvvsvc.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                                              000007fb5d723751 5 bytes JMP 000007fbdd732018
.text  C:\Windows\system32\nvvsvc.exe[848] C:\Windows\system32\KERNEL32.DLL!OpenMutexA                                                    000007fb5caefd28 5 bytes JMP 000007fbdd73d018
.text  C:\Windows\system32\nvvsvc.exe[848] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                000007fb5a9e3410 5 bytes JMP 000007fbdd73b018
.text  C:\Windows\system32\nvvsvc.exe[848] C:\Windows\system32\KERNELBASE.dll!GetFileSize                                                000007fb5a9e6370 5 bytes JMP 000007fbdaa72018
.text  C:\Windows\system32\nvvsvc.exe[848] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW                                              000007fb5a9ec3e4 5 bytes JMP 000007fbdd73c018
.text  C:\Windows\system32\nvvsvc.exe[848] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW                                            000007fb5a9f2854 5 bytes JMP 000007fbdaa71018
.text  C:\Windows\system32\nvvsvc.exe[848] C:\Windows\system32\KERNELBASE.dll!TerminateThread                                            000007fb5a9fed8c 5 bytes JMP 000007fbdaa76018
.text  C:\Windows\system32\nvvsvc.exe[848] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx                                        000007fb5aa00af0 5 bytes JMP 000007fbdaa75018
.text  C:\Windows\system32\nvvsvc.exe[848] C:\Windows\system32\KERNELBASE.dll!CopyFileExW                                                000007fb5aa09770 5 bytes JMP 000007fbdd73f018
.text  C:\Windows\system32\nvvsvc.exe[848] C:\Windows\system32\KERNELBASE.dll!OpenMutexW                                                  000007fb5aa0b6dc 5 bytes JMP 000007fbdd73e018
.text  C:\Windows\system32\nvvsvc.exe[848] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx                                              000007fb5aa17fa4 5 bytes JMP 000007fbdaa73018
.text  C:\Windows\system32\nvvsvc.exe[848] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                          000007fb5aa45c00 5 bytes JMP 000007fbdaa74018
.text  C:\Windows\system32\nvvsvc.exe[848] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryExW                                          000007fb5aa669a0 5 bytes JMP 000007fbdaa70018
.text  C:\Windows\system32\nvvsvc.exe[848] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                              000007fb5d16bee0 5 bytes JMP 000007fbdd734018
.text  C:\Windows\system32\nvvsvc.exe[848] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                              000007fb5d191850 5 bytes JMP 000007fbdd733018
.text  C:\Windows\system32\nvvsvc.exe[848] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle                                            000007fb5d533ad0 5 bytes JMP 000007fbdd738018
.text  C:\Windows\system32\nvvsvc.exe[848] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                  000007fb5d5341a0 5 bytes JMP 000007fbdd736018
.text  C:\Windows\system32\nvvsvc.exe[848] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                000007fb5d5375d0 5 bytes JMP 000007fbdd739018
.text  C:\Windows\system32\nvvsvc.exe[848] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                  000007fb5d537880 5 bytes JMP 000007fbdd735018
.text  C:\Windows\system32\nvvsvc.exe[848] C:\Windows\SYSTEM32\sechost.dll!ControlService                                                000007fb5d538030 5 bytes JMP 000007fbdd737018
.text  C:\Windows\system32\nvvsvc.exe[848] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                000007fb5d55b034 5 bytes JMP 000007fbdd73a018
.text  C:\Windows\system32\nvvsvc.exe[848] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                  000007fb5d15177a 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\system32\nvvsvc.exe[848] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                  000007fb5d151782 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                              000007fb5d7230b0 5 bytes JMP 000007fbdd731018
.text  C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                000007fb5d723691 5 bytes JMP 000007fbdd730018
.text  C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                                            000007fb5d723751 5 bytes JMP 000007fbdd732018
.text  C:\Windows\system32\svchost.exe[876] C:\Windows\system32\KERNEL32.DLL!OpenMutexA                                                  000007fb5caefd28 5 bytes JMP 000007fbdd73d018
.text  C:\Windows\system32\svchost.exe[876] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                              000007fb5a9e3410 5 bytes JMP 000007fbdd73b018
.text  C:\Windows\system32\svchost.exe[876] C:\Windows\system32\KERNELBASE.dll!GetFileSize                                                000007fb5a9e6370 5 bytes JMP 000007fbdaa72018
.text  C:\Windows\system32\svchost.exe[876] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW                                            000007fb5a9ec3e4 5 bytes JMP 000007fbdd73c018
.text  C:\Windows\system32\svchost.exe[876] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW                                          000007fb5a9f2854 5 bytes JMP 000007fbdaa71018
.text  C:\Windows\system32\svchost.exe[876] C:\Windows\system32\KERNELBASE.dll!TerminateThread                                            000007fb5a9fed8c 5 bytes JMP 000007fbdaa76018
.text  C:\Windows\system32\svchost.exe[876] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx                                      000007fb5aa00af0 5 bytes JMP 000007fbdaa75018
.text  C:\Windows\system32\svchost.exe[876] C:\Windows\system32\KERNELBASE.dll!CopyFileExW                                                000007fb5aa09770 5 bytes JMP 000007fbdd73f018
.text  C:\Windows\system32\svchost.exe[876] C:\Windows\system32\KERNELBASE.dll!OpenMutexW                                                000007fb5aa0b6dc 5 bytes JMP 000007fbdd73e018
.text  C:\Windows\system32\svchost.exe[876] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx                                              000007fb5aa17fa4 5 bytes JMP 000007fbdaa73018
.text  C:\Windows\system32\svchost.exe[876] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                        000007fb5aa45c00 5 bytes JMP 000007fbdaa74018
.text  C:\Windows\system32\svchost.exe[876] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryExW                                        000007fb5aa669a0 5 bytes JMP 000007fbdaa70018
.text  C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle                                            000007fb5d533ad0 5 bytes JMP 000007fbdd736018
.text  C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                  000007fb5d5341a0 5 bytes JMP 000007fbdd734018
.text  C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                000007fb5d5375d0 5 bytes JMP 000007fbdd737018
.text  C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                  000007fb5d537880 5 bytes JMP 000007fbdd733018
.text  C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\sechost.dll!ControlService                                                000007fb5d538030 5 bytes JMP 000007fbdd735018
.text  C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                000007fb5d55b034 5 bytes JMP 000007fbdd738018
.text  C:\Windows\system32\svchost.exe[876] C:\Windows\system32\WS2_32.dll!recv                                                          000007fb5b291f40 5 bytes JMP 000007fbdd739018
.text  C:\Windows\system32\svchost.exe[876] C:\Windows\system32\WS2_32.dll!send                                                          000007fb5b293050 5 bytes JMP 000007fbdd73a018
.text  C:\Windows\system32\svchost.exe[876] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                  000007fb5d15177a 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\system32\svchost.exe[876] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                  000007fb5d151782 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                              000007fb5d7230b0 5 bytes JMP 000007fbdd731018
.text  C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                000007fb5d723691 5 bytes JMP 000007fbdd730018
.text  C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                                            000007fb5d723751 5 bytes JMP 000007fbdd732018
.text  C:\Windows\System32\svchost.exe[936] C:\Windows\system32\KERNEL32.DLL!OpenMutexA                                                  000007fb5caefd28 5 bytes JMP 000007fbdd73f018
.text  C:\Windows\System32\svchost.exe[936] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                              000007fb5a9e3410 5 bytes JMP 000007fbdd73d018
.text  C:\Windows\System32\svchost.exe[936] C:\Windows\system32\KERNELBASE.dll!GetFileSize                                                000007fb5a9e6370 5 bytes JMP 000007fbdaa13018
.text  C:\Windows\System32\svchost.exe[936] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW                                            000007fb5a9ec3e4 5 bytes JMP 000007fbdd73e018
.text  C:\Windows\System32\svchost.exe[936] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW                                          000007fb5a9f2854 5 bytes JMP 000007fbdaa12018
.text  C:\Windows\System32\svchost.exe[936] C:\Windows\system32\KERNELBASE.dll!TerminateThread                                            000007fb5a9fed8c 5 bytes JMP 000007fbdaa15018
.text  C:\Windows\System32\svchost.exe[936] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx                                      000007fb5aa00af0 5 bytes JMP 000007fbdaa14018
.text  C:\Windows\System32\svchost.exe[936] C:\Windows\system32\KERNELBASE.dll!CopyFileExW                                                000007fb5aa09770 5 bytes JMP 000007fbdaa11018
.text  C:\Windows\System32\svchost.exe[936] C:\Windows\system32\KERNELBASE.dll!OpenMutexW                                                000007fb5aa0b6dc 5 bytes JMP 000007fbdaa10018
.text  C:\Windows\System32\svchost.exe[936] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx                                              000007fb5aa17fa4 5 bytes JMP 000007fbdaa71018
.text  C:\Windows\System32\svchost.exe[936] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                        000007fb5aa45c00 5 bytes JMP 000007fbdaa72018
.text  C:\Windows\System32\svchost.exe[936] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryExW                                        000007fb5aa669a0 5 bytes JMP 000007fbdaa70018
.text  C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle                                            000007fb5d533ad0 5 bytes JMP 000007fbdd738018
.text  C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                  000007fb5d5341a0 5 bytes JMP 000007fbdd736018
.text  C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                000007fb5d5375d0 5 bytes JMP 000007fbdd739018
.text  C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                  000007fb5d537880 5 bytes JMP 000007fbdd735018
.text  C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\sechost.dll!ControlService                                                000007fb5d538030 5 bytes JMP 000007fbdd737018
.text  C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                000007fb5d55b034 5 bytes JMP 000007fbdd73a018
.text  C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW                                              000007fb5d16bee0 5 bytes JMP 000007fbdd734018
.text  C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA                                              000007fb5d191850 5 bytes JMP 000007fbdd733018
.text  C:\Windows\System32\svchost.exe[936] C:\Windows\system32\WS2_32.dll!recv                                                          000007fb5b291f40 5 bytes JMP 000007fbdd73b018
.text  C:\Windows\System32\svchost.exe[936] C:\Windows\system32\WS2_32.dll!send                                                          000007fb5b293050 5 bytes JMP 000007fbdd73c018
.text  C:\Windows\System32\svchost.exe[936] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                  000007fb5d15177a 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\System32\svchost.exe[936] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                  000007fb5d151782 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                              000007fb5d7230b0 5 bytes JMP 000007fbdd731018
.text  C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                000007fb5d723691 5 bytes JMP 000007fbdd730018
.text  C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                                            000007fb5d723751 5 bytes JMP 000007fbdd732018
.text  C:\Windows\system32\svchost.exe[960] C:\Windows\system32\KERNEL32.DLL!OpenMutexA                                                  000007fb5caefd28 5 bytes JMP 000007fbdd73f018
.text  C:\Windows\system32\svchost.exe[960] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                              000007fb5a9e3410 5 bytes JMP 000007fbdd73d018
.text  C:\Windows\system32\svchost.exe[960] C:\Windows\system32\KERNELBASE.dll!GetFileSize                                                000007fb5a9e6370 5 bytes JMP 000007fbdaa13018
.text  C:\Windows\system32\svchost.exe[960] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW                                            000007fb5a9ec3e4 5 bytes JMP 000007fbdd73e018
.text  C:\Windows\system32\svchost.exe[960] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW                                          000007fb5a9f2854 5 bytes JMP 000007fbdaa12018
.text  C:\Windows\system32\svchost.exe[960] C:\Windows\system32\KERNELBASE.dll!TerminateThread                                            000007fb5a9fed8c 5 bytes JMP 000007fbdaa15018
.text  C:\Windows\system32\svchost.exe[960] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx                                      000007fb5aa00af0 5 bytes JMP 000007fbdaa14018
.text  C:\Windows\system32\svchost.exe[960] C:\Windows\system32\KERNELBASE.dll!CopyFileExW                                                000007fb5aa09770 5 bytes JMP 000007fbdaa11018
.text  C:\Windows\system32\svchost.exe[960] C:\Windows\system32\KERNELBASE.dll!OpenMutexW                                                000007fb5aa0b6dc 5 bytes JMP 000007fbdaa10018
.text  C:\Windows\system32\svchost.exe[960] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx                                              000007fb5aa17fa4 5 bytes JMP 000007fbdaa71018
.text  C:\Windows\system32\svchost.exe[960] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                        000007fb5aa45c00 5 bytes JMP 000007fbdaa72018
.text  C:\Windows\system32\svchost.exe[960] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryExW                                        000007fb5aa669a0 5 bytes JMP 000007fbdaa70018
.text  C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle                                            000007fb5d533ad0 5 bytes JMP 000007fbdd738018
.text  C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                  000007fb5d5341a0 5 bytes JMP 000007fbdd736018
.text  C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                000007fb5d5375d0 5 bytes JMP 000007fbdd739018
.text  C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                  000007fb5d537880 5 bytes JMP 000007fbdd735018
.text  C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\sechost.dll!ControlService                                                000007fb5d538030 5 bytes JMP 000007fbdd737018
.text  C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                000007fb5d55b034 5 bytes JMP 000007fbdd73a018
.text  C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW                                              000007fb5d16bee0 5 bytes JMP 000007fbdd734018
.text  C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA                                              000007fb5d191850 5 bytes JMP 000007fbdd733018
.text  C:\Windows\system32\svchost.exe[960] C:\Windows\system32\WS2_32.dll!recv                                                          000007fb5b291f40 5 bytes JMP 000007fbdd73b018
.text  C:\Windows\system32\svchost.exe[960] C:\Windows\system32\WS2_32.dll!send                                                          000007fb5b293050 5 bytes JMP 000007fbdd73c018
.text  C:\Windows\system32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                              000007fb5d7230b0 5 bytes JMP 000007fbdd731018
.text  C:\Windows\system32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                000007fb5d723691 5 bytes JMP 000007fbdd730018
.text  C:\Windows\system32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                                            000007fb5d723751 5 bytes JMP 000007fbdd732018
.text  C:\Windows\system32\svchost.exe[128] C:\Windows\system32\KERNEL32.DLL!OpenMutexA                                                  000007fb5caefd28 5 bytes JMP 000007fbdd73f018
.text  C:\Windows\system32\svchost.exe[128] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                              000007fb5a9e3410 5 bytes JMP 000007fbdd73d018
.text  C:\Windows\system32\svchost.exe[128] C:\Windows\system32\KERNELBASE.dll!GetFileSize                                                000007fb5a9e6370 5 bytes JMP 000007fbdaa13018
.text  C:\Windows\system32\svchost.exe[128] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW                                            000007fb5a9ec3e4 5 bytes JMP 000007fbdd73e018
.text  C:\Windows\system32\svchost.exe[128] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW                                          000007fb5a9f2854 5 bytes JMP 000007fbdaa12018
.text  C:\Windows\system32\svchost.exe[128] C:\Windows\system32\KERNELBASE.dll!TerminateThread                                            000007fb5a9fed8c 5 bytes JMP 000007fbdaa15018
.text  C:\Windows\system32\svchost.exe[128] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx                                      000007fb5aa00af0 5 bytes JMP 000007fbdaa14018
.text  C:\Windows\system32\svchost.exe[128] C:\Windows\system32\KERNELBASE.dll!CopyFileExW                                                000007fb5aa09770 5 bytes JMP 000007fbdaa11018
.text  C:\Windows\system32\svchost.exe[128] C:\Windows\system32\KERNELBASE.dll!OpenMutexW                                                000007fb5aa0b6dc 5 bytes JMP 000007fbdaa10018
.text  C:\Windows\system32\svchost.exe[128] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx                                              000007fb5aa17fa4 5 bytes JMP 000007fbdaa71018
.text  C:\Windows\system32\svchost.exe[128] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                        000007fb5aa45c00 5 bytes JMP 000007fbdaa72018
.text  C:\Windows\system32\svchost.exe[128] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryExW                                        000007fb5aa669a0 5 bytes JMP 000007fbdaa70018
.text  C:\Windows\system32\svchost.exe[128] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle                                            000007fb5d533ad0 5 bytes JMP 000007fbdd738018
.text  C:\Windows\system32\svchost.exe[128] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                  000007fb5d5341a0 5 bytes JMP 000007fbdd736018
.text  C:\Windows\system32\svchost.exe[128] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                000007fb5d5375d0 5 bytes JMP 000007fbdd739018
.text  C:\Windows\system32\svchost.exe[128] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                  000007fb5d537880 5 bytes JMP 000007fbdd735018
.text  C:\Windows\system32\svchost.exe[128] C:\Windows\SYSTEM32\sechost.dll!ControlService                                                000007fb5d538030 5 bytes JMP 000007fbdd737018
.text  C:\Windows\system32\svchost.exe[128] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                000007fb5d55b034 5 bytes JMP 000007fbdd73a018
.text  C:\Windows\system32\svchost.exe[128] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW                                              000007fb5d16bee0 5 bytes JMP 000007fbdd734018
.text  C:\Windows\system32\svchost.exe[128] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA                                              000007fb5d191850 5 bytes JMP 000007fbdd733018
.text  C:\Windows\system32\svchost.exe[128] C:\Windows\system32\WS2_32.dll!recv                                                          000007fb5b291f40 5 bytes JMP 000007fbdd73b018
.text  C:\Windows\system32\svchost.exe[128] C:\Windows\system32\WS2_32.dll!send                                                          000007fb5b293050 5 bytes JMP 000007fbdd73c018
.text  C:\Windows\system32\svchost.exe[128] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                  000007fb5d15177a 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\system32\svchost.exe[128] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                  000007fb5d151782 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                              000007fb5d7230b0 5 bytes JMP 000007fbdd731018
.text  C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                000007fb5d723691 5 bytes JMP 000007fbdd730018
.text  C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                                            000007fb5d723751 5 bytes JMP 000007fbdd732018
.text  C:\Windows\System32\svchost.exe[536] C:\Windows\system32\KERNEL32.DLL!OpenMutexA                                                  000007fb5caefd28 5 bytes JMP 000007fbdd73f018
.text  C:\Windows\System32\svchost.exe[536] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                              000007fb5a9e3410 5 bytes JMP 000007fbdd73d018
.text  C:\Windows\System32\svchost.exe[536] C:\Windows\system32\KERNELBASE.dll!GetFileSize                                                000007fb5a9e6370 5 bytes JMP 000007fbdaa13018
.text  C:\Windows\System32\svchost.exe[536] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW                                            000007fb5a9ec3e4 5 bytes JMP 000007fbdd73e018
.text  C:\Windows\System32\svchost.exe[536] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW                                          000007fb5a9f2854 5 bytes JMP 000007fbdaa12018
.text  C:\Windows\System32\svchost.exe[536] C:\Windows\system32\KERNELBASE.dll!TerminateThread                                            000007fb5a9fed8c 5 bytes JMP 000007fbdaa15018
.text  C:\Windows\System32\svchost.exe[536] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx                                      000007fb5aa00af0 5 bytes JMP 000007fbdaa14018
.text  C:\Windows\System32\svchost.exe[536] C:\Windows\system32\KERNELBASE.dll!CopyFileExW                                                000007fb5aa09770 5 bytes JMP 000007fbdaa11018
.text  C:\Windows\System32\svchost.exe[536] C:\Windows\system32\KERNELBASE.dll!OpenMutexW                                                000007fb5aa0b6dc 5 bytes JMP 000007fbdaa10018
.text  C:\Windows\System32\svchost.exe[536] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx                                              000007fb5aa17fa4 5 bytes JMP 000007fbdaa71018
.text  C:\Windows\System32\svchost.exe[536] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                        000007fb5aa45c00 5 bytes JMP 000007fbdaa72018
.text  C:\Windows\System32\svchost.exe[536] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryExW                                        000007fb5aa669a0 5 bytes JMP 000007fbdaa70018
.text  C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle                                            000007fb5d533ad0 5 bytes JMP 000007fbdd738018
.text  C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                  000007fb5d5341a0 5 bytes JMP 000007fbdd736018
.text  C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                000007fb5d5375d0 5 bytes JMP 000007fbdd739018
.text  C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                  000007fb5d537880 5 bytes JMP 000007fbdd735018
.text  C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\sechost.dll!ControlService                                                000007fb5d538030 5 bytes JMP 000007fbdd737018
.text  C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                000007fb5d55b034 5 bytes JMP 000007fbdd73a018
.text  C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW                                              000007fb5d16bee0 5 bytes JMP 000007fbdd734018
.text  C:\Windows\System32\svchost.exe[536] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA                                              000007fb5d191850 5 bytes JMP 000007fbdd733018
.text  C:\Windows\System32\svchost.exe[536] C:\Windows\system32\WS2_32.dll!recv                                                          000007fb5b291f40 5 bytes JMP 000007fbdd73b018
.text  C:\Windows\System32\svchost.exe[536] C:\Windows\system32\WS2_32.dll!send                                                          000007fb5b293050 5 bytes JMP 000007fbdd73c018
.text  C:\Windows\System32\svchost.exe[536] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                  000007fb5d15177a 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\System32\svchost.exe[536] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                  000007fb5d151782 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                              000007fb5d7230b0 5 bytes JMP 000007fbdd731018
.text  C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                000007fb5d723691 5 bytes JMP 000007fbdd730018
.text  C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                                            000007fb5d723751 5 bytes JMP 000007fbdd732018
.text  C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\KERNEL32.DLL!OpenMutexA                                                  000007fb5caefd28 5 bytes JMP 000007fbdd73f018
.text  C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                              000007fb5a9e3410 5 bytes JMP 000007fbdd73d018
.text  C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\KERNELBASE.dll!GetFileSize                                              000007fb5a9e6370 5 bytes JMP 000007fbdaa13018
.text  C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW                                            000007fb5a9ec3e4 5 bytes JMP 000007fbdd73e018
.text  C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW                                          000007fb5a9f2854 5 bytes JMP 000007fbdaa12018
.text  C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\KERNELBASE.dll!TerminateThread                                          000007fb5a9fed8c 5 bytes JMP 000007fbdaa15018
.text  C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx                                      000007fb5aa00af0 5 bytes JMP 000007fbdaa14018
.text  C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\KERNELBASE.dll!CopyFileExW                                              000007fb5aa09770 5 bytes JMP 000007fbdaa11018
.text  C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\KERNELBASE.dll!OpenMutexW                                                000007fb5aa0b6dc 5 bytes JMP 000007fbdaa10018
.text  C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx                                            000007fb5aa17fa4 5 bytes JMP 000007fbdaa71018
.text  C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                        000007fb5aa45c00 5 bytes JMP 000007fbdaa72018
.text  C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryExW                                        000007fb5aa669a0 5 bytes JMP 000007fbdaa70018
.text  C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle                                          000007fb5d533ad0 5 bytes JMP 000007fbdd738018
.text  C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                000007fb5d5341a0 5 bytes JMP 000007fbdd736018
.text  C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                              000007fb5d5375d0 5 bytes JMP 000007fbdd739018
.text  C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                000007fb5d537880 5 bytes JMP 000007fbdd735018
.text  C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\sechost.dll!ControlService                                              000007fb5d538030 5 bytes JMP 000007fbdd737018
.text  C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                              000007fb5d55b034 5 bytes JMP 000007fbdd73a018
.text  C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW                                            000007fb5d16bee0 5 bytes JMP 000007fbdd734018
.text  C:\Windows\system32\svchost.exe[1216] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA                                            000007fb5d191850 5 bytes JMP 000007fbdd733018
.text  C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\WS2_32.dll!recv                                                          000007fb5b291f40 5 bytes JMP 000007fbdd73b018
.text  C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\WS2_32.dll!send                                                          000007fb5b293050 5 bytes JMP 000007fbdd73c018
.text  C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                000007fb5d15177a 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                000007fb5d151782 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\system32\WLANExt.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                              000007fb5d7230b0 5 bytes JMP 000007fbdd731018
.text  C:\Windows\system32\WLANExt.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                000007fb5d723691 5 bytes JMP 000007fbdd730018
.text  C:\Windows\system32\WLANExt.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                                            000007fb5d723751 5 bytes JMP 000007fbdd732018
.text  C:\Windows\system32\WLANExt.exe[1304] C:\Windows\system32\KERNEL32.DLL!OpenMutexA                                                  000007fb5caefd28 5 bytes JMP 000007fbdd73f018
.text  C:\Windows\system32\WLANExt.exe[1304] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                              000007fb5a9e3410 5 bytes JMP 000007fbdd73d018
.text  C:\Windows\system32\WLANExt.exe[1304] C:\Windows\system32\KERNELBASE.dll!GetFileSize                                              000007fb5a9e6370 5 bytes JMP 000007fbdaa13018
.text  C:\Windows\system32\WLANExt.exe[1304] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW                                            000007fb5a9ec3e4 5 bytes JMP 000007fbdd73e018
.text  C:\Windows\system32\WLANExt.exe[1304] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW                                          000007fb5a9f2854 5 bytes JMP 000007fbdaa12018
.text  C:\Windows\system32\WLANExt.exe[1304] C:\Windows\system32\KERNELBASE.dll!TerminateThread                                          000007fb5a9fed8c 5 bytes JMP 000007fbdaa15018
.text  C:\Windows\system32\WLANExt.exe[1304] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx                                      000007fb5aa00af0 5 bytes JMP 000007fbdaa14018
.text  C:\Windows\system32\WLANExt.exe[1304] C:\Windows\system32\KERNELBASE.dll!CopyFileExW                                              000007fb5aa09770 5 bytes JMP 000007fbdaa11018
.text  C:\Windows\system32\WLANExt.exe[1304] C:\Windows\system32\KERNELBASE.dll!OpenMutexW                                                000007fb5aa0b6dc 5 bytes JMP 000007fbdaa10018
.text  C:\Windows\system32\WLANExt.exe[1304] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx                                            000007fb5aa17fa4 5 bytes JMP 000007fbdaa71018
.text  C:\Windows\system32\WLANExt.exe[1304] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                        000007fb5aa45c00 5 bytes JMP 000007fbdaa72018
.text  C:\Windows\system32\WLANExt.exe[1304] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryExW                                        000007fb5aa669a0 5 bytes JMP 000007fbdaa70018
.text  C:\Windows\system32\WLANExt.exe[1304] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                            000007fb5d16bee0 5 bytes JMP 000007fbdd734018
.text  C:\Windows\system32\WLANExt.exe[1304] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                            000007fb5d191850 5 bytes JMP 000007fbdd733018
.text  C:\Windows\system32\WLANExt.exe[1304] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle                                          000007fb5d533ad0 5 bytes JMP 000007fbdd738018
.text  C:\Windows\system32\WLANExt.exe[1304] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                000007fb5d5341a0 5 bytes JMP 000007fbdd736018
.text  C:\Windows\system32\WLANExt.exe[1304] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                              000007fb5d5375d0 5 bytes JMP 000007fbdd739018
.text  C:\Windows\system32\WLANExt.exe[1304] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                000007fb5d537880 5 bytes JMP 000007fbdd735018
.text  C:\Windows\system32\WLANExt.exe[1304] C:\Windows\SYSTEM32\sechost.dll!ControlService                                              000007fb5d538030 5 bytes JMP 000007fbdd737018
.text  C:\Windows\system32\WLANExt.exe[1304] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                              000007fb5d55b034 5 bytes JMP 000007fbdd73a018
.text  C:\Windows\system32\WLANExt.exe[1304] C:\Windows\system32\WS2_32.dll!recv                                                          000007fb5b291f40 5 bytes JMP 000007fbdd73b018
.text  C:\Windows\system32\WLANExt.exe[1304] C:\Windows\system32\WS2_32.dll!send                                                          000007fb5b293050 5 bytes JMP 000007fbdd73c018
.text  C:\Windows\system32\WLANExt.exe[1304] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                000007fb5d15177a 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\system32\WLANExt.exe[1304] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                000007fb5d151782 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\system32\WLANExt.exe[1304] C:\Windows\system32\MSIMG32.dll!GradientFill + 690                                          000007fb54701532 4 bytes [70, 54, FB, 07]
.text  C:\Windows\system32\WLANExt.exe[1304] C:\Windows\system32\MSIMG32.dll!GradientFill + 698                                          000007fb5470153a 4 bytes [70, 54, FB, 07]
.text  C:\Windows\system32\WLANExt.exe[1304] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246                                        000007fb5470165a 4 bytes [70, 54, FB, 07]
.text  C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                              000007fb5d7230b0 5 bytes JMP 000007fbdd731018
.text  C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                000007fb5d723691 5 bytes JMP 000007fbdd730018
.text  C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                                            000007fb5d723751 5 bytes JMP 000007fbdd732018
.text  C:\Windows\system32\svchost.exe[1552] C:\Windows\system32\KERNEL32.DLL!OpenMutexA                                                  000007fb5caefd28 5 bytes JMP 000007fbdd73f018
.text  C:\Windows\system32\svchost.exe[1552] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                              000007fb5a9e3410 5 bytes JMP 000007fbdd73d018
.text  C:\Windows\system32\svchost.exe[1552] C:\Windows\system32\KERNELBASE.dll!GetFileSize                                              000007fb5a9e6370 5 bytes JMP 000007fbdaa13018
.text  C:\Windows\system32\svchost.exe[1552] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW                                            000007fb5a9ec3e4 5 bytes JMP 000007fbdd73e018
.text  C:\Windows\system32\svchost.exe[1552] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW                                          000007fb5a9f2854 5 bytes JMP 000007fbdaa12018
.text  C:\Windows\system32\svchost.exe[1552] C:\Windows\system32\KERNELBASE.dll!TerminateThread                                          000007fb5a9fed8c 5 bytes JMP 000007fbdaa15018
.text  C:\Windows\system32\svchost.exe[1552] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx                                      000007fb5aa00af0 5 bytes JMP 000007fbdaa14018
.text  C:\Windows\system32\svchost.exe[1552] C:\Windows\system32\KERNELBASE.dll!CopyFileExW                                              000007fb5aa09770 5 bytes JMP 000007fbdaa11018
.text  C:\Windows\system32\svchost.exe[1552] C:\Windows\system32\KERNELBASE.dll!OpenMutexW                                                000007fb5aa0b6dc 5 bytes JMP 000007fbdaa10018
.text  C:\Windows\system32\svchost.exe[1552] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx                                            000007fb5aa17fa4 5 bytes JMP 000007fbdaa71018
.text  C:\Windows\system32\svchost.exe[1552] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                        000007fb5aa45c00 5 bytes JMP 000007fbdaa72018
.text  C:\Windows\system32\svchost.exe[1552] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryExW                                        000007fb5aa669a0 5 bytes JMP 000007fbdaa70018
.text  C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle                                          000007fb5d533ad0 5 bytes JMP 000007fbdd738018
.text  C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                000007fb5d5341a0 5 bytes JMP 000007fbdd736018
.text  C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                              000007fb5d5375d0 5 bytes JMP 000007fbdd739018
.text  C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                000007fb5d537880 5 bytes JMP 000007fbdd735018
.text  C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\sechost.dll!ControlService                                              000007fb5d538030 5 bytes JMP 000007fbdd737018
.text  C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                              000007fb5d55b034 5 bytes JMP 000007fbdd73a018
.text  C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW                                            000007fb5d16bee0 5 bytes JMP 000007fbdd734018
.text  C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA                                            000007fb5d191850 5 bytes JMP 000007fbdd733018
.text  C:\Windows\system32\svchost.exe[1552] C:\Windows\system32\WS2_32.dll!recv                                                          000007fb5b291f40 5 bytes JMP 000007fbdd73b018
.text  C:\Windows\system32\svchost.exe[1552] C:\Windows\system32\WS2_32.dll!send                                                          000007fb5b293050 5 bytes JMP 000007fbdd73c018
.text  C:\Windows\system32\svchost.exe[1552] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                000007fb5d15177a 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\system32\svchost.exe[1552] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                000007fb5d151782 4 bytes [15, 5D, FB, 07]
.text  C:\Program Files\Bonjour\mDNSResponder.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                  000007fb5d7230b0 5 bytes JMP 000007fbdd731018
.text  C:\Program Files\Bonjour\mDNSResponder.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                    000007fb5d723691 5 bytes JMP 000007fbdd730018
.text  C:\Program Files\Bonjour\mDNSResponder.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                                000007fb5d723751 5 bytes JMP 000007fbdd732018
.text  C:\Program Files\Bonjour\mDNSResponder.exe[1768] C:\Windows\system32\KERNEL32.DLL!OpenMutexA                                      000007fb5caefd28 5 bytes JMP 000007fbdd73f018
.text  C:\Program Files\Bonjour\mDNSResponder.exe[1768] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                  000007fb5a9e3410 5 bytes JMP 000007fbdd73d018
.text  C:\Program Files\Bonjour\mDNSResponder.exe[1768] C:\Windows\system32\KERNELBASE.dll!GetFileSize                                    000007fb5a9e6370 5 bytes JMP 000007fbdaa13018
.text  C:\Program Files\Bonjour\mDNSResponder.exe[1768] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW                                000007fb5a9ec3e4 5 bytes JMP 000007fbdd73e018
.text  C:\Program Files\Bonjour\mDNSResponder.exe[1768] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW                              000007fb5a9f2854 5 bytes JMP 000007fbdaa12018
.text  C:\Program Files\Bonjour\mDNSResponder.exe[1768] C:\Windows\system32\KERNELBASE.dll!TerminateThread                                000007fb5a9fed8c 5 bytes JMP 000007fbdaa15018
.text  C:\Program Files\Bonjour\mDNSResponder.exe[1768] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx                          000007fb5aa00af0 5 bytes JMP 000007fbdaa14018
.text  C:\Program Files\Bonjour\mDNSResponder.exe[1768] C:\Windows\system32\KERNELBASE.dll!CopyFileExW                                    000007fb5aa09770 5 bytes JMP 000007fbdaa11018
.text  C:\Program Files\Bonjour\mDNSResponder.exe[1768] C:\Windows\system32\KERNELBASE.dll!OpenMutexW                                    000007fb5aa0b6dc 5 bytes JMP 000007fbdaa10018
.text  C:\Program Files\Bonjour\mDNSResponder.exe[1768] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx                                  000007fb5aa17fa4 5 bytes JMP 000007fbdaa71018
.text  C:\Program Files\Bonjour\mDNSResponder.exe[1768] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                            000007fb5aa45c00 5 bytes JMP 000007fbdaa72018
.text  C:\Program Files\Bonjour\mDNSResponder.exe[1768] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryExW                            000007fb5aa669a0 5 bytes JMP 000007fbdaa70018
.text  C:\Program Files\Bonjour\mDNSResponder.exe[1768] C:\Windows\system32\WS2_32.dll!recv                                              000007fb5b291f40 5 bytes JMP 000007fbdd73b018
.text  C:\Program Files\Bonjour\mDNSResponder.exe[1768] C:\Windows\system32\WS2_32.dll!send                                              000007fb5b293050 5 bytes JMP 000007fbdd73c018
.text  C:\Program Files\Bonjour\mDNSResponder.exe[1768] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                  000007fb5d16bee0 5 bytes JMP 000007fbdd734018
.text  C:\Program Files\Bonjour\mDNSResponder.exe[1768] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                  000007fb5d191850 5 bytes JMP 000007fbdd733018
.text  C:\Program Files\Bonjour\mDNSResponder.exe[1768] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle                                000007fb5d533ad0 5 bytes JMP 000007fbdd738018
.text  C:\Program Files\Bonjour\mDNSResponder.exe[1768] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                      000007fb5d5341a0 5 bytes JMP 000007fbdd736018
.text  C:\Program Files\Bonjour\mDNSResponder.exe[1768] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                    000007fb5d5375d0 5 bytes JMP 000007fbdd739018
.text  C:\Program Files\Bonjour\mDNSResponder.exe[1768] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                      000007fb5d537880 5 bytes JMP 000007fbdd735018
.text  C:\Program Files\Bonjour\mDNSResponder.exe[1768] C:\Windows\SYSTEM32\sechost.dll!ControlService                                    000007fb5d538030 5 bytes JMP 000007fbdd737018
.text  C:\Program Files\Bonjour\mDNSResponder.exe[1768] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                    000007fb5d55b034 5 bytes JMP 000007fbdd73a018
.text  C:\Program Files\Bonjour\mDNSResponder.exe[1768] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                      000007fb5d15177a 4 bytes [15, 5D, FB, 07]
.text  C:\Program Files\Bonjour\mDNSResponder.exe[1768] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                      000007fb5d151782 4 bytes [15, 5D, FB, 07]
.text  C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                  000007fb5d7230b0 5 bytes JMP 000007fbdd731018
.text  C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                    000007fb5d723691 5 bytes JMP 000007fbdd730018
.text  C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                                000007fb5d723751 5 bytes JMP 000007fbdd732018
.text  C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1820] C:\Windows\system32\KERNEL32.DLL!OpenMutexA                                      000007fb5caefd28 5 bytes JMP 000007fbdd73f018
.text  C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1820] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                  000007fb5a9e3410 5 bytes JMP 000007fbdd73d018
.text  C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1820] C:\Windows\system32\KERNELBASE.dll!GetFileSize                                    000007fb5a9e6370 5 bytes JMP 000007fbdaa13018
.text  C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1820] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW                                000007fb5a9ec3e4 5 bytes JMP 000007fbdd73e018
.text  C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1820] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW                              000007fb5a9f2854 5 bytes JMP 000007fbdaa12018
.text  C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1820] C:\Windows\system32\KERNELBASE.dll!TerminateThread                                000007fb5a9fed8c 5 bytes JMP 000007fbdaa15018
.text  C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1820] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx                          000007fb5aa00af0 5 bytes JMP 000007fbdaa14018
.text  C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1820] C:\Windows\system32\KERNELBASE.dll!CopyFileExW                                    000007fb5aa09770 5 bytes JMP 000007fbdaa11018
.text  C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1820] C:\Windows\system32\KERNELBASE.dll!OpenMutexW                                    000007fb5aa0b6dc 5 bytes JMP 000007fbdaa10018
.text  C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1820] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx                                  000007fb5aa17fa4 5 bytes JMP 000007fbdaa71018
.text  C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1820] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                            000007fb5aa45c00 5 bytes JMP 000007fbdaa72018
.text  C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1820] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryExW                            000007fb5aa669a0 5 bytes JMP 000007fbdaa70018
.text  C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1820] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                  000007fb5d16bee0 5 bytes JMP 000007fbdd734018
.text  C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1820] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                  000007fb5d191850 5 bytes JMP 000007fbdd733018
.text  C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1820] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                000007fb54701532 4 bytes [70, 54, FB, 07]
.text  C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1820] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                000007fb5470153a 4 bytes [70, 54, FB, 07]
.text  C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1820] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                              000007fb5470165a 4 bytes [70, 54, FB, 07]
.text  C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1820] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle                                000007fb5d533ad0 5 bytes JMP 000007fbdd738018
.text  C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1820] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                      000007fb5d5341a0 5 bytes JMP 000007fbdd736018
.text  C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1820] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                    000007fb5d5375d0 5 bytes JMP 000007fbdd739018
.text  C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1820] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                      000007fb5d537880 5 bytes JMP 000007fbdd735018
.text  C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1820] C:\Windows\SYSTEM32\sechost.dll!ControlService                                    000007fb5d538030 5 bytes JMP 000007fbdd737018
.text  C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1820] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                    000007fb5d55b034 5 bytes JMP 000007fbdd73a018
.text  C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1820] C:\Windows\system32\WS2_32.dll!recv                                              000007fb5b291f40 5 bytes JMP 000007fbdd73b018
.text  C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1820] C:\Windows\system32\WS2_32.dll!send                                              000007fb5b293050 5 bytes JMP 000007fbdd73c018
.text  C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1820] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                      000007fb5d15177a 4 bytes [15, 5D, FB, 07]
.text  C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1820] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                      000007fb5d151782 4 bytes [15, 5D, FB, 07]
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                            000007fb5d7230b0 5 bytes JMP 000007fbdd731018
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                              000007fb5d723691 5 bytes JMP 000007fbdd730018
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                          000007fb5d723751 5 bytes JMP 000007fbdd732018
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[796] C:\Windows\system32\KERNEL32.DLL!OpenMutexA                                000007fb5caefd28 5 bytes JMP 000007fbdd73d018
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[796] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                            000007fb5a9e3410 5 bytes JMP 000007fbdd73b018
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[796] C:\Windows\system32\KERNELBASE.dll!GetFileSize                              000007fb5a9e6370 5 bytes JMP 000007fbdaa72018
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[796] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW                          000007fb5a9ec3e4 5 bytes JMP 000007fbdd73c018
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[796] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW                        000007fb5a9f2854 5 bytes JMP 000007fbdaa71018
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[796] C:\Windows\system32\KERNELBASE.dll!TerminateThread                          000007fb5a9fed8c 5 bytes JMP 000007fbdaa76018
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[796] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx                    000007fb5aa00af0 5 bytes JMP 000007fbdaa75018
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[796] C:\Windows\system32\KERNELBASE.dll!CopyFileExW                              000007fb5aa09770 5 bytes JMP 000007fbdd73f018
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[796] C:\Windows\system32\KERNELBASE.dll!OpenMutexW                              000007fb5aa0b6dc 5 bytes JMP 000007fbdd73e018
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[796] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx                            000007fb5aa17fa4 5 bytes JMP 000007fbdaa73018
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[796] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                      000007fb5aa45c00 5 bytes JMP 000007fbdaa74018
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[796] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryExW                      000007fb5aa669a0 5 bytes JMP 000007fbdaa70018
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[796] C:\Windows\system32\USER32.dll!SetWindowsHookExW                            000007fb5d16bee0 5 bytes JMP 000007fbdd734018
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[796] C:\Windows\system32\USER32.dll!SetWindowsHookExA                            000007fb5d191850 5 bytes JMP 000007fbdd733018
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[796] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle                          000007fb5d533ad0 5 bytes JMP 000007fbdd738018
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[796] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                000007fb5d5341a0 5 bytes JMP 000007fbdd736018
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[796] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                              000007fb5d5375d0 5 bytes JMP 000007fbdd739018
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[796] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                000007fb5d537880 5 bytes JMP 000007fbdd735018
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[796] C:\Windows\SYSTEM32\sechost.dll!ControlService                              000007fb5d538030 5 bytes JMP 000007fbdd737018
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[796] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                              000007fb5d55b034 5 bytes JMP 000007fbdd73a018
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[796] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                000007fb5d15177a 4 bytes [15, 5D, FB, 07]
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[796] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                000007fb5d151782 4 bytes [15, 5D, FB, 07]
.text  C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx              000007fb5d7230b0 5 bytes JMP 000007fbdd731018
.text  C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                000007fb5d723691 5 bytes JMP 000007fbdd730018
.text  C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess            000007fb5d723751 5 bytes JMP 000007fbdd732018
.text  C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2184] C:\Windows\system32\KERNEL32.DLL!OpenMutexA                  000007fb5caefd28 5 bytes JMP 000007fbdd73d018
.text  C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2184] C:\Windows\system32\KERNELBASE.dll!CreateMutexW              000007fb5a9e3410 5 bytes JMP 000007fbdd73b018
.text  C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2184] C:\Windows\system32\KERNELBASE.dll!GetFileSize                000007fb5a9e6370 5 bytes JMP 000007fbdaa72018
.text  C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2184] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW            000007fb5a9ec3e4 5 bytes JMP 000007fbdd73c018
.text  C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2184] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW          000007fb5a9f2854 5 bytes JMP 000007fbdaa71018
.text  C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2184] C:\Windows\system32\KERNELBASE.dll!TerminateThread            000007fb5a9fed8c 5 bytes JMP 000007fbdaa76018
.text  C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2184] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx      000007fb5aa00af0 5 bytes JMP 000007fbdaa75018
.text  C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2184] C:\Windows\system32\KERNELBASE.dll!CopyFileExW                000007fb5aa09770 5 bytes JMP 000007fbdd73f018
.text  C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2184] C:\Windows\system32\KERNELBASE.dll!OpenMutexW                000007fb5aa0b6dc 5 bytes JMP 000007fbdd73e018
.text  C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2184] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx              000007fb5aa17fa4 5 bytes JMP 000007fbdaa73018
.text  C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2184] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory        000007fb5aa45c00 5 bytes JMP 000007fbdaa74018
.text  C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2184] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryExW        000007fb5aa669a0 5 bytes JMP 000007fbdaa70018
.text  C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2184] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306  000007fb5d15177a 4 bytes [15, 5D, FB, 07]
.text  C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2184] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314  000007fb5d151782 4 bytes [15, 5D, FB, 07]
.text  C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2184] C:\Windows\system32\USER32.dll!SetWindowsHookExW              000007fb5d16bee0 5 bytes JMP 000007fbdd734018
.text  C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2184] C:\Windows\system32\USER32.dll!SetWindowsHookExA              000007fb5d191850 5 bytes JMP 000007fbdd733018
.text  C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2184] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle            000007fb5d533ad0 5 bytes JMP 000007fbdd738018
.text  C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2184] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                  000007fb5d5341a0 5 bytes JMP 000007fbdd736018
.text  C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2184] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                000007fb5d5375d0 5 bytes JMP 000007fbdd739018
.text  C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2184] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                  000007fb5d537880 5 bytes JMP 000007fbdd735018
.text  C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2184] C:\Windows\SYSTEM32\sechost.dll!ControlService                000007fb5d538030 5 bytes JMP 000007fbdd737018
.text  C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2184] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                000007fb5d55b034 5 bytes JMP 000007fbdd73a018
.text  C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2184] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690            000007fb54701532 4 bytes [70, 54, FB, 07]
.text  C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2184] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698            000007fb5470153a 4 bytes [70, 54, FB, 07]
.text  C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2184] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246          000007fb5470165a 4 bytes [70, 54, FB, 07]
.text  C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                        000007fb5d7230b0 5 bytes JMP 000007fbdd731018
.text  C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                          000007fb5d723691 5 bytes JMP 000007fbdd730018
.text  C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                      000007fb5d723751 5 bytes JMP 000007fbdd732018
.text  C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2412] C:\Windows\system32\KERNEL32.DLL!OpenMutexA                            000007fb5caefd28 5 bytes JMP 000007fbdd73f018
.text  C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2412] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                        000007fb5a9e3410 5 bytes JMP 000007fbdd73d018
.text  C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2412] C:\Windows\system32\KERNELBASE.dll!GetFileSize                        000007fb5a9e6370 5 bytes JMP 000007fbdaa13018
.text  C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2412] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW                      000007fb5a9ec3e4 5 bytes JMP 000007fbdd73e018
.text  C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2412] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW                    000007fb5a9f2854 5 bytes JMP 000007fbdaa12018
.text  C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2412] C:\Windows\system32\KERNELBASE.dll!TerminateThread                    000007fb5a9fed8c 5 bytes JMP 000007fbdaa15018
.text  C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2412] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx                000007fb5aa00af0 5 bytes JMP 000007fbdaa14018
.text  C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2412] C:\Windows\system32\KERNELBASE.dll!CopyFileExW                        000007fb5aa09770 5 bytes JMP 000007fbdaa11018
.text  C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2412] C:\Windows\system32\KERNELBASE.dll!OpenMutexW                          000007fb5aa0b6dc 5 bytes JMP 000007fbdaa10018
.text  C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2412] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx                      000007fb5aa17fa4 5 bytes JMP 000007fbdaa71018
.text  C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2412] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                  000007fb5aa45c00 5 bytes JMP 000007fbdaa72018
.text  C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2412] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryExW                  000007fb5aa669a0 5 bytes JMP 000007fbdaa70018
.text  C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2412] C:\Windows\system32\USER32.dll!SetWindowsHookExW                      000007fb5d16bee0 5 bytes JMP 000007fbdd734018
.text  C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2412] C:\Windows\system32\USER32.dll!SetWindowsHookExA                      000007fb5d191850 5 bytes JMP 000007fbdd733018
.text  C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2412] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle                    000007fb5d533ad0 5 bytes JMP 000007fbdd738018
.text  C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2412] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                          000007fb5d5341a0 5 bytes JMP 000007fbdd736018
.text  C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2412] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                        000007fb5d5375d0 5 bytes JMP 000007fbdd739018
.text  C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2412] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                          000007fb5d537880 5 bytes JMP 000007fbdd735018
.text  C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2412] C:\Windows\SYSTEM32\sechost.dll!ControlService                        000007fb5d538030 5 bytes JMP 000007fbdd737018
.text  C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2412] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                        000007fb5d55b034 5 bytes JMP 000007fbdd73a018
.text  C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2412] C:\Windows\system32\WS2_32.dll!recv                                    000007fb5b291f40 5 bytes JMP 000007fbdd73b018
.text  C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2412] C:\Windows\system32\WS2_32.dll!send                                    000007fb5b293050 5 bytes JMP 000007fbdd73c018
.text  C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2412] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                    000007fb54701532 4 bytes [70, 54, FB, 07]
.text  C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2412] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                    000007fb5470153a 4 bytes [70, 54, FB, 07]
.text  C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2412] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                  000007fb5470165a 4 bytes [70, 54, FB, 07]
.text  C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2412] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306          000007fb5d15177a 4 bytes [15, 5D, FB, 07]
.text  C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2412] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314          000007fb5d151782 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\system32\wbem\unsecapp.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                        000007fb5d7230b0 5 bytes JMP 000007fbdd731018
.text  C:\Windows\system32\wbem\unsecapp.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                          000007fb5d723691 5 bytes JMP 000007fbdd730018
.text  C:\Windows\system32\wbem\unsecapp.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                                      000007fb5d723751 5 bytes JMP 000007fbdd732018
.text  C:\Windows\system32\wbem\unsecapp.exe[3048] C:\Windows\system32\KERNEL32.DLL!OpenMutexA                                            000007fb5caefd28 5 bytes JMP 000007fbdd73f018
.text  C:\Windows\system32\wbem\unsecapp.exe[3048] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                        000007fb5a9e3410 5 bytes JMP 000007fbdd73d018
.text  C:\Windows\system32\wbem\unsecapp.exe[3048] C:\Windows\system32\KERNELBASE.dll!GetFileSize                                        000007fb5a9e6370 5 bytes JMP 000007fbdaa13018
.text  C:\Windows\system32\wbem\unsecapp.exe[3048] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW                                      000007fb5a9ec3e4 5 bytes JMP 000007fbdd73e018
.text  C:\Windows\system32\wbem\unsecapp.exe[3048] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW                                    000007fb5a9f2854 5 bytes JMP 000007fbdaa12018
.text  C:\Windows\system32\wbem\unsecapp.exe[3048] C:\Windows\system32\KERNELBASE.dll!TerminateThread                                    000007fb5a9fed8c 5 bytes JMP 000007fbdaa15018
.text  C:\Windows\system32\wbem\unsecapp.exe[3048] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx                                000007fb5aa00af0 5 bytes JMP 000007fbdaa14018
.text  C:\Windows\system32\wbem\unsecapp.exe[3048] C:\Windows\system32\KERNELBASE.dll!CopyFileExW                                        000007fb5aa09770 5 bytes JMP 000007fbdaa11018
.text  C:\Windows\system32\wbem\unsecapp.exe[3048] C:\Windows\system32\KERNELBASE.dll!OpenMutexW                                          000007fb5aa0b6dc 5 bytes JMP 000007fbdaa10018
.text  C:\Windows\system32\wbem\unsecapp.exe[3048] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx                                      000007fb5aa17fa4 5 bytes JMP 000007fbdaa71018
.text  C:\Windows\system32\wbem\unsecapp.exe[3048] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                  000007fb5aa45c00 5 bytes JMP 000007fbdaa72018
.text  C:\Windows\system32\wbem\unsecapp.exe[3048] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryExW                                  000007fb5aa669a0 5 bytes JMP 000007fbdaa70018
.text  C:\Windows\system32\wbem\unsecapp.exe[3048] C:\Windows\system32\WS2_32.dll!recv                                                    000007fb5b291f40 5 bytes JMP 000007fbdd73b018
.text  C:\Windows\system32\wbem\unsecapp.exe[3048] C:\Windows\system32\WS2_32.dll!send                                                    000007fb5b293050 5 bytes JMP 000007fbdd73c018
.text  C:\Windows\system32\wbem\unsecapp.exe[3048] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW                                      000007fb5d16bee0 5 bytes JMP 000007fbdd734018
.text  C:\Windows\system32\wbem\unsecapp.exe[3048] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA                                      000007fb5d191850 5 bytes JMP 000007fbdd733018
.text  C:\Windows\system32\wbem\unsecapp.exe[3048] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                          000007fb5d15177a 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\system32\wbem\unsecapp.exe[3048] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                          000007fb5d151782 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\system32\svchost.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                              000007fb5d7230b0 5 bytes JMP 000007fbdd731018
.text  C:\Windows\system32\svchost.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                000007fb5d723691 5 bytes JMP 000007fbdd730018
.text  C:\Windows\system32\svchost.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                                            000007fb5d723751 5 bytes JMP 000007fbdd732018
.text  C:\Windows\system32\svchost.exe[3200] C:\Windows\system32\KERNEL32.DLL!OpenMutexA                                                  000007fb5caefd28 5 bytes JMP 000007fbdd73d018
.text  C:\Windows\system32\svchost.exe[3200] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                              000007fb5a9e3410 5 bytes JMP 000007fbdd73b018
.text  C:\Windows\system32\svchost.exe[3200] C:\Windows\system32\KERNELBASE.dll!GetFileSize                                              000007fb5a9e6370 5 bytes JMP 000007fbdaa72018
.text  C:\Windows\system32\svchost.exe[3200] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW                                            000007fb5a9ec3e4 5 bytes JMP 000007fbdd73c018
.text  C:\Windows\system32\svchost.exe[3200] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW                                          000007fb5a9f2854 5 bytes JMP 000007fbdaa71018
.text  C:\Windows\system32\svchost.exe[3200] C:\Windows\system32\KERNELBASE.dll!TerminateThread                                          000007fb5a9fed8c 5 bytes JMP 000007fbdaa76018
.text  C:\Windows\system32\svchost.exe[3200] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx                                      000007fb5aa00af0 5 bytes JMP 000007fbdaa75018
.text  C:\Windows\system32\svchost.exe[3200] C:\Windows\system32\KERNELBASE.dll!CopyFileExW                                              000007fb5aa09770 5 bytes JMP 000007fbdd73f018
.text  C:\Windows\system32\svchost.exe[3200] C:\Windows\system32\KERNELBASE.dll!OpenMutexW                                                000007fb5aa0b6dc 5 bytes JMP 000007fbdd73e018
.text  C:\Windows\system32\svchost.exe[3200] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx                                            000007fb5aa17fa4 5 bytes JMP 000007fbdaa73018
.text  C:\Windows\system32\svchost.exe[3200] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                        000007fb5aa45c00 5 bytes JMP 000007fbdaa74018
.text  C:\Windows\system32\svchost.exe[3200] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryExW                                        000007fb5aa669a0 5 bytes JMP 000007fbdaa70018
.text  C:\Windows\system32\svchost.exe[3200] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle                                          000007fb5d533ad0 5 bytes JMP 000007fbdd736018
.text  C:\Windows\system32\svchost.exe[3200] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                000007fb5d5341a0 5 bytes JMP 000007fbdd734018
.text  C:\Windows\system32\svchost.exe[3200] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                              000007fb5d5375d0 5 bytes JMP 000007fbdd737018
.text  C:\Windows\system32\svchost.exe[3200] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                000007fb5d537880 5 bytes JMP 000007fbdd733018
.text  C:\Windows\system32\svchost.exe[3200] C:\Windows\SYSTEM32\sechost.dll!ControlService                                              000007fb5d538030 5 bytes JMP 000007fbdd735018
.text  C:\Windows\system32\svchost.exe[3200] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                              000007fb5d55b034 5 bytes JMP 000007fbdd738018
.text  C:\Windows\system32\svchost.exe[3200] C:\Windows\system32\WS2_32.dll!recv                                                          000007fb5b291f40 5 bytes JMP 000007fbdd739018
.text  C:\Windows\system32\svchost.exe[3200] C:\Windows\system32\WS2_32.dll!send                                                          000007fb5b293050 5 bytes JMP 000007fbdd73a018
.text  C:\Windows\system32\svchost.exe[3200] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                000007fb5d15177a 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\system32\svchost.exe[3200] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                000007fb5d151782 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\system32\wbem\wmiprvse.exe[3320] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                          000007fb5d15177a 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\system32\wbem\wmiprvse.exe[3320] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                          000007fb5d151782 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\system32\wbem\wmiprvse.exe[3320] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                    000007fb54701532 4 bytes [70, 54, FB, 07]
.text  C:\Windows\system32\wbem\wmiprvse.exe[3320] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                    000007fb5470153a 4 bytes [70, 54, FB, 07]
.text  C:\Windows\system32\wbem\wmiprvse.exe[3320] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                  000007fb5470165a 4 bytes [70, 54, FB, 07]
.text  C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                    000007fb5d7230b0 5 bytes JMP 000007fbdd731018
.text  C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                      000007fb5d723691 5 bytes JMP 000007fbdd730018
.text  C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                  000007fb5d723751 5 bytes JMP 000007fbdd732018
.text  C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1712] C:\Windows\system32\KERNEL32.DLL!OpenMutexA                        000007fb5caefd28 5 bytes JMP 000007fbdd73d018
.text  C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1712] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                    000007fb5a9e3410 5 bytes JMP 000007fbdd73b018
.text  C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1712] C:\Windows\system32\KERNELBASE.dll!GetFileSize                      000007fb5a9e6370 5 bytes JMP 000007fbdaa72018
.text  C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1712] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW                  000007fb5a9ec3e4 5 bytes JMP 000007fbdd73c018
.text  C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1712] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW                000007fb5a9f2854 5 bytes JMP 000007fbdaa71018
.text  C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1712] C:\Windows\system32\KERNELBASE.dll!TerminateThread                  000007fb5a9fed8c 5 bytes JMP 000007fbdaa76018
.text  C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1712] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx            000007fb5aa00af0 5 bytes JMP 000007fbdaa75018
.text  C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1712] C:\Windows\system32\KERNELBASE.dll!CopyFileExW                      000007fb5aa09770 5 bytes JMP 000007fbdd73f018
.text  C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1712] C:\Windows\system32\KERNELBASE.dll!OpenMutexW                      000007fb5aa0b6dc 5 bytes JMP 000007fbdd73e018
.text  C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1712] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx                    000007fb5aa17fa4 5 bytes JMP 000007fbdaa73018
.text  C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1712] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory              000007fb5aa45c00 5 bytes JMP 000007fbdaa74018
.text  C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1712] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryExW              000007fb5aa669a0 5 bytes JMP 000007fbdaa70018
.text  C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1712] C:\Windows\system32\USER32.dll!SetWindowsHookExW                    000007fb5d16bee0 5 bytes JMP 000007fbdd734018
.text  C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1712] C:\Windows\system32\USER32.dll!SetWindowsHookExA                    000007fb5d191850 5 bytes JMP 000007fbdd733018
.text  C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1712] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle                  000007fb5d533ad0 5 bytes JMP 000007fbdd738018
.text  C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1712] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                        000007fb5d5341a0 5 bytes JMP 000007fbdd736018
.text  C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1712] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                      000007fb5d5375d0 5 bytes JMP 000007fbdd739018
.text  C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1712] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                        000007fb5d537880 5 bytes JMP 000007fbdd735018
.text  C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1712] C:\Windows\SYSTEM32\sechost.dll!ControlService                      000007fb5d538030 5 bytes JMP 000007fbdd737018
.text  C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1712] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                      000007fb5d55b034 5 bytes JMP 000007fbdd73a018
.text  C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1712] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306        000007fb5d15177a 4 bytes [15, 5D, FB, 07]
.text  C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1712] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314        000007fb5d151782 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                              000007fb5d7230b0 5 bytes JMP 000007fbdd731018
.text  C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                000007fb5d723691 5 bytes JMP 000007fbdd730018
.text  C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                                            000007fb5d723751 5 bytes JMP 000007fbdd732018
.text  C:\Windows\system32\svchost.exe[3828] C:\Windows\system32\KERNEL32.DLL!OpenMutexA                                                  000007fb5caefd28 5 bytes JMP 000007fbdd73f018
.text  C:\Windows\system32\svchost.exe[3828] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                              000007fb5a9e3410 5 bytes JMP 000007fbdd73d018
.text  C:\Windows\system32\svchost.exe[3828] C:\Windows\system32\KERNELBASE.dll!GetFileSize                                              000007fb5a9e6370 5 bytes JMP 000007fbdaa13018
.text  C:\Windows\system32\svchost.exe[3828] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW                                            000007fb5a9ec3e4 5 bytes JMP 000007fbdd73e018
.text  C:\Windows\system32\svchost.exe[3828] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW                                          000007fb5a9f2854 5 bytes JMP 000007fbdaa12018
.text  C:\Windows\system32\svchost.exe[3828] C:\Windows\system32\KERNELBASE.dll!TerminateThread                                          000007fb5a9fed8c 5 bytes JMP 000007fbdaa15018
.text  C:\Windows\system32\svchost.exe[3828] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx                                      000007fb5aa00af0 5 bytes JMP 000007fbdaa14018
.text  C:\Windows\system32\svchost.exe[3828] C:\Windows\system32\KERNELBASE.dll!CopyFileExW                                              000007fb5aa09770 5 bytes JMP 000007fbdaa11018
.text  C:\Windows\system32\svchost.exe[3828] C:\Windows\system32\KERNELBASE.dll!OpenMutexW                                                000007fb5aa0b6dc 5 bytes JMP 000007fbdaa10018
.text  C:\Windows\system32\svchost.exe[3828] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx                                            000007fb5aa17fa4 5 bytes JMP 000007fbdaa71018
.text  C:\Windows\system32\svchost.exe[3828] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                        000007fb5aa45c00 5 bytes JMP 000007fbdaa72018
.text  C:\Windows\system32\svchost.exe[3828] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryExW                                        000007fb5aa669a0 5 bytes JMP 000007fbdaa70018
.text  C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle                                          000007fb5d533ad0 5 bytes JMP 000007fbdd738018
.text  C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                000007fb5d5341a0 5 bytes JMP 000007fbdd736018
.text  C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                              000007fb5d5375d0 5 bytes JMP 000007fbdd739018
.text  C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                000007fb5d537880 5 bytes JMP 000007fbdd735018
.text  C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\sechost.dll!ControlService                                              000007fb5d538030 5 bytes JMP 000007fbdd737018
.text  C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                              000007fb5d55b034 5 bytes JMP 000007fbdd73a018
.text  C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW                                            000007fb5d16bee0 5 bytes JMP 000007fbdd734018
.text  C:\Windows\system32\svchost.exe[3828] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA                                            000007fb5d191850 5 bytes JMP 000007fbdd733018
.text  C:\Windows\system32\svchost.exe[3828] C:\Windows\system32\WS2_32.dll!recv                                                          000007fb5b291f40 5 bytes JMP 000007fbdd73b018
.text  C:\Windows\system32\svchost.exe[3828] C:\Windows\system32\WS2_32.dll!send                                                          000007fb5b293050 5 bytes JMP 000007fbdd73c018
.text  C:\Windows\system32\svchost.exe[3828] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                000007fb5d15177a 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\system32\svchost.exe[3828] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                000007fb5d151782 4 bytes [15, 5D, FB, 07]
.text  C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                      000007fb5d7230b0 5 bytes JMP 000007fbdd731018
.text  C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                        000007fb5d723691 5 bytes JMP 000007fbdd730018
.text  C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                    000007fb5d723751 5 bytes JMP 000007fbdd732018
.text  C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3992] C:\Windows\system32\KERNEL32.DLL!OpenMutexA                          000007fb5caefd28 5 bytes JMP 000007fbdd73f018
.text  C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3992] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                      000007fb5a9e3410 5 bytes JMP 000007fbdd73d018
.text  C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3992] C:\Windows\system32\KERNELBASE.dll!GetFileSize                        000007fb5a9e6370 5 bytes JMP 000007fbdaa13018
.text  C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3992] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW                    000007fb5a9ec3e4 5 bytes JMP 000007fbdd73e018
.text  C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3992] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW                  000007fb5a9f2854 5 bytes JMP 000007fbdaa12018
.text  C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3992] C:\Windows\system32\KERNELBASE.dll!TerminateThread                    000007fb5a9fed8c 5 bytes JMP 000007fbdaa15018
.text  C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3992] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx              000007fb5aa00af0 5 bytes JMP 000007fbdaa14018
.text  C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3992] C:\Windows\system32\KERNELBASE.dll!CopyFileExW                        000007fb5aa09770 5 bytes JMP 000007fbdaa11018
.text  C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3992] C:\Windows\system32\KERNELBASE.dll!OpenMutexW                        000007fb5aa0b6dc 5 bytes JMP 000007fbdaa10018
.text  C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3992] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx                      000007fb5aa17fa4 5 bytes JMP 000007fbdaa71018
.text  C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3992] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                000007fb5aa45c00 5 bytes JMP 000007fbdaa72018
.text  C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3992] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryExW                000007fb5aa669a0 5 bytes JMP 000007fbdaa70018
.text  C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3992] C:\Windows\system32\USER32.dll!SetWindowsHookExW                      000007fb5d16bee0 5 bytes JMP 000007fbdd734018
.text  C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3992] C:\Windows\system32\USER32.dll!SetWindowsHookExA                      000007fb5d191850 5 bytes JMP 000007fbdd733018
.text  C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3992] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle                    000007fb5d533ad0 5 bytes JMP 000007fbdd738018
.text  C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3992] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                          000007fb5d5341a0 5 bytes JMP 000007fbdd736018
.text  C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3992] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                        000007fb5d5375d0 5 bytes JMP 000007fbdd739018
.text  C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3992] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                          000007fb5d537880 5 bytes JMP 000007fbdd735018
.text  C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3992] C:\Windows\SYSTEM32\sechost.dll!ControlService                        000007fb5d538030 5 bytes JMP 000007fbdd737018
.text  C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3992] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                        000007fb5d55b034 5 bytes JMP 000007fbdd73a018
.text  C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3992] C:\Windows\system32\WS2_32.dll!recv                                  000007fb5b291f40 5 bytes JMP 000007fbdd73b018
.text  C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3992] C:\Windows\system32\WS2_32.dll!send                                  000007fb5b293050 5 bytes JMP 000007fbdd73c018
.text  C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3992] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306          000007fb5d15177a 4 bytes [15, 5D, FB, 07]
.text  C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3992] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314          000007fb5d151782 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\System32\WinLogon.exe[11596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                            000007fb5d7230b0 5 bytes JMP 000007fbdd731018
.text  C:\Windows\System32\WinLogon.exe[11596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                              000007fb5d723691 5 bytes JMP 000007fbdd730018
.text  C:\Windows\System32\WinLogon.exe[11596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                                          000007fb5d723751 5 bytes JMP 000007fbdd732018
.text  C:\Windows\System32\WinLogon.exe[11596] C:\Windows\system32\KERNEL32.DLL!OpenMutexA                                                000007fb5caefd28 5 bytes JMP 000007fbdd73d018
.text  C:\Windows\System32\WinLogon.exe[11596] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                            000007fb5a9e3410 5 bytes JMP 000007fbdd73b018
.text  C:\Windows\System32\WinLogon.exe[11596] C:\Windows\system32\KERNELBASE.dll!GetFileSize                                            000007fb5a9e6370 5 bytes JMP 000007fbdaa72018
.text

Konomono 28.09.2013 19:12
Gmer 2:

Code:

  C:\Windows\System32\WinLogon.exe[11596] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW                                          000007fb5a9ec3e4 5 bytes JMP 000007fbdd73c018
.text  C:\Windows\System32\WinLogon.exe[11596] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW                                        000007fb5a9f2854 5 bytes JMP 000007fbdaa71018
.text  C:\Windows\System32\WinLogon.exe[11596] C:\Windows\system32\KERNELBASE.dll!TerminateThread                                        000007fb5a9fed8c 5 bytes JMP 000007fbdaa76018
.text  C:\Windows\System32\WinLogon.exe[11596] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx                                    000007fb5aa00af0 5 bytes JMP 000007fbdaa75018
.text  C:\Windows\System32\WinLogon.exe[11596] C:\Windows\system32\KERNELBASE.dll!CopyFileExW                                            000007fb5aa09770 5 bytes JMP 000007fbdd73f018
.text  C:\Windows\System32\WinLogon.exe[11596] C:\Windows\system32\KERNELBASE.dll!OpenMutexW                                              000007fb5aa0b6dc 5 bytes JMP 000007fbdd73e018
.text  C:\Windows\System32\WinLogon.exe[11596] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx                                          000007fb5aa17fa4 5 bytes JMP 000007fbdaa73018
.text  C:\Windows\System32\WinLogon.exe[11596] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                      000007fb5aa45c00 5 bytes JMP 000007fbdaa74018
.text  C:\Windows\System32\WinLogon.exe[11596] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryExW                                      000007fb5aa669a0 5 bytes JMP 000007fbdaa70018
.text  C:\Windows\System32\WinLogon.exe[11596] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                          000007fb5d16bee0 5 bytes JMP 000007fbdd734018
.text  C:\Windows\System32\WinLogon.exe[11596] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                          000007fb5d191850 5 bytes JMP 000007fbdd733018
.text  C:\Windows\System32\WinLogon.exe[11596] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle                                        000007fb5d533ad0 5 bytes JMP 000007fbdd738018
.text  C:\Windows\System32\WinLogon.exe[11596] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                              000007fb5d5341a0 5 bytes JMP 000007fbdd736018
.text  C:\Windows\System32\WinLogon.exe[11596] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                            000007fb5d5375d0 5 bytes JMP 000007fbdd739018
.text  C:\Windows\System32\WinLogon.exe[11596] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                              000007fb5d537880 5 bytes JMP 000007fbdd735018
.text  C:\Windows\System32\WinLogon.exe[11596] C:\Windows\SYSTEM32\sechost.dll!ControlService                                            000007fb5d538030 5 bytes JMP 000007fbdd737018
.text  C:\Windows\System32\WinLogon.exe[11596] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                            000007fb5d55b034 5 bytes JMP 000007fbdd73a018
.text  C:\Windows\System32\WinLogon.exe[11596] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                              000007fb5d15177a 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\System32\WinLogon.exe[11596] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                              000007fb5d151782 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\system32\winlogon.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                            000007fb5d7230b0 5 bytes JMP 000007fbdd731018
.text  C:\Windows\system32\winlogon.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                              000007fb5d723691 5 bytes JMP 000007fbdd730018
.text  C:\Windows\system32\winlogon.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                                          000007fb5d723751 5 bytes JMP 000007fbdd732018
.text  C:\Windows\system32\winlogon.exe[1056] C:\Windows\system32\KERNEL32.DLL!OpenMutexA                                                000007fb5caefd28 5 bytes JMP 000007fbdd73d018
.text  C:\Windows\system32\winlogon.exe[1056] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                            000007fb5a9e3410 5 bytes JMP 000007fbdd73b018
.text  C:\Windows\system32\winlogon.exe[1056] C:\Windows\system32\KERNELBASE.dll!GetFileSize                                              000007fb5a9e6370 5 bytes JMP 000007fbdaa72018
.text  C:\Windows\system32\winlogon.exe[1056] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW                                          000007fb5a9ec3e4 5 bytes JMP 000007fbdd73c018
.text  C:\Windows\system32\winlogon.exe[1056] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW                                        000007fb5a9f2854 5 bytes JMP 000007fbdaa71018
.text  C:\Windows\system32\winlogon.exe[1056] C:\Windows\system32\KERNELBASE.dll!TerminateThread                                          000007fb5a9fed8c 5 bytes JMP 000007fbdaa76018
.text  C:\Windows\system32\winlogon.exe[1056] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx                                    000007fb5aa00af0 5 bytes JMP 000007fbdaa75018
.text  C:\Windows\system32\winlogon.exe[1056] C:\Windows\system32\KERNELBASE.dll!CopyFileExW                                              000007fb5aa09770 5 bytes JMP 000007fbdd73f018
.text  C:\Windows\system32\winlogon.exe[1056] C:\Windows\system32\KERNELBASE.dll!OpenMutexW                                              000007fb5aa0b6dc 5 bytes JMP 000007fbdd73e018
.text  C:\Windows\system32\winlogon.exe[1056] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx                                            000007fb5aa17fa4 5 bytes JMP 000007fbdaa73018
.text  C:\Windows\system32\winlogon.exe[1056] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                      000007fb5aa45c00 5 bytes JMP 000007fbdaa74018
.text  C:\Windows\system32\winlogon.exe[1056] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryExW                                      000007fb5aa669a0 5 bytes JMP 000007fbdaa70018
.text  C:\Windows\system32\winlogon.exe[1056] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                            000007fb5d16bee0 5 bytes JMP 000007fbdd734018
.text  C:\Windows\system32\winlogon.exe[1056] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                            000007fb5d191850 5 bytes JMP 000007fbdd733018
.text  C:\Windows\system32\winlogon.exe[1056] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle                                          000007fb5d533ad0 5 bytes JMP 000007fbdd738018
.text  C:\Windows\system32\winlogon.exe[1056] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                000007fb5d5341a0 5 bytes JMP 000007fbdd736018
.text  C:\Windows\system32\winlogon.exe[1056] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                              000007fb5d5375d0 5 bytes JMP 000007fbdd739018
.text  C:\Windows\system32\winlogon.exe[1056] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                000007fb5d537880 5 bytes JMP 000007fbdd735018
.text  C:\Windows\system32\winlogon.exe[1056] C:\Windows\SYSTEM32\sechost.dll!ControlService                                              000007fb5d538030 5 bytes JMP 000007fbdd737018
.text  C:\Windows\system32\winlogon.exe[1056] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                              000007fb5d55b034 5 bytes JMP 000007fbdd73a018
.text  C:\Windows\system32\winlogon.exe[1056] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                000007fb5d15177a 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\system32\winlogon.exe[1056] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                000007fb5d151782 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\System32\LogonUI.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                              000007fb5d7230b0 5 bytes JMP 000007fbdd731018
.text  C:\Windows\System32\LogonUI.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                000007fb5d723691 5 bytes JMP 000007fbdd730018
.text  C:\Windows\System32\LogonUI.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                                            000007fb5d723751 5 bytes JMP 000007fbdd732018
.text  C:\Windows\System32\LogonUI.exe[4812] C:\Windows\system32\KERNEL32.DLL!OpenMutexA                                                  000007fb5caefd28 5 bytes JMP 000007fbdd73f018
.text  C:\Windows\System32\LogonUI.exe[4812] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                              000007fb5a9e3410 5 bytes JMP 000007fbdd73d018
.text  C:\Windows\System32\LogonUI.exe[4812] C:\Windows\system32\KERNELBASE.dll!GetFileSize                                              000007fb5a9e6370 5 bytes JMP 000007fbdaa13018
.text  C:\Windows\System32\LogonUI.exe[4812] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW                                            000007fb5a9ec3e4 5 bytes JMP 000007fbdd73e018
.text  C:\Windows\System32\LogonUI.exe[4812] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW                                          000007fb5a9f2854 5 bytes JMP 000007fbdaa12018
.text  C:\Windows\System32\LogonUI.exe[4812] C:\Windows\system32\KERNELBASE.dll!TerminateThread                                          000007fb5a9fed8c 5 bytes JMP 000007fbdaa15018
.text  C:\Windows\System32\LogonUI.exe[4812] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx                                      000007fb5aa00af0 5 bytes JMP 000007fbdaa14018
.text  C:\Windows\System32\LogonUI.exe[4812] C:\Windows\system32\KERNELBASE.dll!CopyFileExW                                              000007fb5aa09770 5 bytes JMP 000007fbdaa11018
.text  C:\Windows\System32\LogonUI.exe[4812] C:\Windows\system32\KERNELBASE.dll!OpenMutexW                                                000007fb5aa0b6dc 5 bytes JMP 000007fbdaa10018
.text  C:\Windows\System32\LogonUI.exe[4812] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx                                            000007fb5aa17fa4 5 bytes JMP 000007fbdaa71018
.text  C:\Windows\System32\LogonUI.exe[4812] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                        000007fb5aa45c00 5 bytes JMP 000007fbdaa72018
.text  C:\Windows\System32\LogonUI.exe[4812] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryExW                                        000007fb5aa669a0 5 bytes JMP 000007fbdaa70018
.text  C:\Windows\System32\LogonUI.exe[4812] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW                                            000007fb5d16bee0 5 bytes JMP 000007fbdd734018
.text  C:\Windows\System32\LogonUI.exe[4812] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA                                            000007fb5d191850 5 bytes JMP 000007fbdd733018
.text  C:\Windows\System32\LogonUI.exe[4812] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle                                          000007fb5d533ad0 5 bytes JMP 000007fbdd738018
.text  C:\Windows\System32\LogonUI.exe[4812] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                000007fb5d5341a0 5 bytes JMP 000007fbdd736018
.text  C:\Windows\System32\LogonUI.exe[4812] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                              000007fb5d5375d0 5 bytes JMP 000007fbdd739018
.text  C:\Windows\System32\LogonUI.exe[4812] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                000007fb5d537880 5 bytes JMP 000007fbdd735018
.text  C:\Windows\System32\LogonUI.exe[4812] C:\Windows\SYSTEM32\sechost.dll!ControlService                                              000007fb5d538030 5 bytes JMP 000007fbdd737018
.text  C:\Windows\System32\LogonUI.exe[4812] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                              000007fb5d55b034 5 bytes JMP 000007fbdd73a018
.text  C:\Windows\System32\LogonUI.exe[4812] C:\Windows\system32\WS2_32.dll!recv                                                          000007fb5b291f40 5 bytes JMP 000007fbdd73b018
.text  C:\Windows\System32\LogonUI.exe[4812] C:\Windows\system32\WS2_32.dll!send                                                          000007fb5b293050 5 bytes JMP 000007fbdd73c018
.text  C:\Windows\System32\LogonUI.exe[4812] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                000007fb5d15177a 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\System32\LogonUI.exe[4812] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                000007fb5d151782 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\System32\dwm.exe[7264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                  000007fb5d7230b0 5 bytes JMP 000007fbdd731018
.text  C:\Windows\System32\dwm.exe[7264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                    000007fb5d723691 5 bytes JMP 000007fbdd730018
.text  C:\Windows\System32\dwm.exe[7264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                                                000007fb5d723751 5 bytes JMP 000007fbdd732018
.text  C:\Windows\System32\dwm.exe[7264] C:\Windows\system32\KERNEL32.DLL!OpenMutexA                                                      000007fb5caefd28 5 bytes JMP 000007fbdd73d018
.text  C:\Windows\System32\dwm.exe[7264] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                  000007fb5a9e3410 5 bytes JMP 000007fbdd73b018
.text  C:\Windows\System32\dwm.exe[7264] C:\Windows\system32\KERNELBASE.dll!GetFileSize                                                  000007fb5a9e6370 5 bytes JMP 000007fbdaa72018
.text  C:\Windows\System32\dwm.exe[7264] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW                                                000007fb5a9ec3e4 5 bytes JMP 000007fbdd73c018
.text  C:\Windows\System32\dwm.exe[7264] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW                                              000007fb5a9f2854 5 bytes JMP 000007fbdaa71018
.text  C:\Windows\System32\dwm.exe[7264] C:\Windows\system32\KERNELBASE.dll!TerminateThread                                              000007fb5a9fed8c 5 bytes JMP 000007fbdaa76018
.text  C:\Windows\System32\dwm.exe[7264] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx                                          000007fb5aa00af0 5 bytes JMP 000007fbdaa75018
.text  C:\Windows\System32\dwm.exe[7264] C:\Windows\system32\KERNELBASE.dll!CopyFileExW                                                  000007fb5aa09770 5 bytes JMP 000007fbdd73f018
.text  C:\Windows\System32\dwm.exe[7264] C:\Windows\system32\KERNELBASE.dll!OpenMutexW                                                    000007fb5aa0b6dc 5 bytes JMP 000007fbdd73e018
.text  C:\Windows\System32\dwm.exe[7264] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx                                                000007fb5aa17fa4 5 bytes JMP 000007fbdaa73018
.text  C:\Windows\System32\dwm.exe[7264] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                            000007fb5aa45c00 5 bytes JMP 000007fbdaa74018
.text  C:\Windows\System32\dwm.exe[7264] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryExW                                            000007fb5aa669a0 5 bytes JMP 000007fbdaa70018
.text  C:\Windows\System32\dwm.exe[7264] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                                000007fb5d16bee0 5 bytes JMP 000007fbdd734018
.text  C:\Windows\System32\dwm.exe[7264] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                                000007fb5d191850 5 bytes JMP 000007fbdd733018
.text  C:\Windows\System32\dwm.exe[7264] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle                                              000007fb5d533ad0 5 bytes JMP 000007fbdd738018
.text  C:\Windows\System32\dwm.exe[7264] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                    000007fb5d5341a0 5 bytes JMP 000007fbdd736018
.text  C:\Windows\System32\dwm.exe[7264] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                  000007fb5d5375d0 5 bytes JMP 000007fbdd739018
.text  C:\Windows\System32\dwm.exe[7264] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                    000007fb5d537880 5 bytes JMP 000007fbdd735018
.text  C:\Windows\System32\dwm.exe[7264] C:\Windows\SYSTEM32\sechost.dll!ControlService                                                  000007fb5d538030 5 bytes JMP 000007fbdd737018
.text  C:\Windows\System32\dwm.exe[7264] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                  000007fb5d55b034 5 bytes JMP 000007fbdd73a018
.text  C:\Windows\System32\dwm.exe[7264] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                    000007fb5d15177a 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\System32\dwm.exe[7264] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                    000007fb5d151782 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\system32\dwm.exe[10452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                000007fb5d7230b0 5 bytes JMP 000007fbdd731018
.text  C:\Windows\system32\dwm.exe[10452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                  000007fb5d723691 5 bytes JMP 000007fbdd730018
.text  C:\Windows\system32\dwm.exe[10452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                                              000007fb5d723751 5 bytes JMP 000007fbdd732018
.text  C:\Windows\system32\dwm.exe[10452] C:\Windows\system32\KERNEL32.DLL!OpenMutexA                                                    000007fb5caefd28 5 bytes JMP 000007fbdd73d018
.text  C:\Windows\system32\dwm.exe[10452] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                000007fb5a9e3410 5 bytes JMP 000007fbdd73b018
.text  C:\Windows\system32\dwm.exe[10452] C:\Windows\system32\KERNELBASE.dll!GetFileSize                                                  000007fb5a9e6370 5 bytes JMP 000007fbdaa72018
.text  C:\Windows\system32\dwm.exe[10452] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW                                              000007fb5a9ec3e4 5 bytes JMP 000007fbdd73c018
.text  C:\Windows\system32\dwm.exe[10452] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW                                            000007fb5a9f2854 5 bytes JMP 000007fbdaa71018
.text  C:\Windows\system32\dwm.exe[10452] C:\Windows\system32\KERNELBASE.dll!TerminateThread                                              000007fb5a9fed8c 5 bytes JMP 000007fbdaa76018
.text  C:\Windows\system32\dwm.exe[10452] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx                                        000007fb5aa00af0 5 bytes JMP 000007fbdaa75018
.text  C:\Windows\system32\dwm.exe[10452] C:\Windows\system32\KERNELBASE.dll!CopyFileExW                                                  000007fb5aa09770 5 bytes JMP 000007fbdd73f018
.text  C:\Windows\system32\dwm.exe[10452] C:\Windows\system32\KERNELBASE.dll!OpenMutexW                                                  000007fb5aa0b6dc 5 bytes JMP 000007fbdd73e018
.text  C:\Windows\system32\dwm.exe[10452] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx                                                000007fb5aa17fa4 5 bytes JMP 000007fbdaa73018
.text  C:\Windows\system32\dwm.exe[10452] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                          000007fb5aa45c00 5 bytes JMP 000007fbdaa74018
.text  C:\Windows\system32\dwm.exe[10452] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryExW                                          000007fb5aa669a0 5 bytes JMP 000007fbdaa70018
.text  C:\Windows\system32\dwm.exe[10452] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                                000007fb5d16bee0 5 bytes JMP 000007fbdd734018
.text  C:\Windows\system32\dwm.exe[10452] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                                000007fb5d191850 5 bytes JMP 000007fbdd733018
.text  C:\Windows\system32\dwm.exe[10452] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle                                              000007fb5d533ad0 5 bytes JMP 000007fbdd738018
.text  C:\Windows\system32\dwm.exe[10452] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                    000007fb5d5341a0 5 bytes JMP 000007fbdd736018
.text  C:\Windows\system32\dwm.exe[10452] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                  000007fb5d5375d0 5 bytes JMP 000007fbdd739018
.text  C:\Windows\system32\dwm.exe[10452] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                    000007fb5d537880 5 bytes JMP 000007fbdd735018
.text  C:\Windows\system32\dwm.exe[10452] C:\Windows\SYSTEM32\sechost.dll!ControlService                                                  000007fb5d538030 5 bytes JMP 000007fbdd737018
.text  C:\Windows\system32\dwm.exe[10452] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                  000007fb5d55b034 5 bytes JMP 000007fbdd73a018
.text  C:\Windows\system32\dwm.exe[10452] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                    000007fb5d15177a 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\system32\dwm.exe[10452] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                    000007fb5d151782 4 bytes [15, 5D, FB, 07]
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[11692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                    000007fb5d7230b0 5 bytes JMP 000007fbdd731018
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[11692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                      000007fb5d723691 5 bytes JMP 000007fbdd730018
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[11692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                  000007fb5d723751 5 bytes JMP 000007fbdd732018
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[11692] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306      000007fb5d15177a 4 bytes [15, 5D, FB, 07]
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[11692] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314      000007fb5d151782 4 bytes [15, 5D, FB, 07]
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[11692] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                000007fb54701532 4 bytes [70, 54, FB, 07]
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[11692] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                000007fb5470153a 4 bytes [70, 54, FB, 07]
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[11692] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246              000007fb5470165a 4 bytes [70, 54, FB, 07]
.text  C:\Windows\system32\nvvsvc.exe[11064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                              000007fb5d7230b0 5 bytes JMP 000007fbdd731018
.text  C:\Windows\system32\nvvsvc.exe[11064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                000007fb5d723691 5 bytes JMP 000007fbdd730018
.text  C:\Windows\system32\nvvsvc.exe[11064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                                            000007fb5d723751 5 bytes JMP 000007fbdd732018
.text  C:\Windows\system32\nvvsvc.exe[11064] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                000007fb5d15177a 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\system32\nvvsvc.exe[11064] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                000007fb5d151782 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\system32\nvvsvc.exe[11064] C:\Windows\system32\MSIMG32.dll!GradientFill + 690                                          000007fb54701532 4 bytes [70, 54, FB, 07]
.text  C:\Windows\system32\nvvsvc.exe[11064] C:\Windows\system32\MSIMG32.dll!GradientFill + 698                                          000007fb5470153a 4 bytes [70, 54, FB, 07]
.text  C:\Windows\system32\nvvsvc.exe[11064] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246                                        000007fb5470165a 4 bytes [70, 54, FB, 07]
.text  C:\Windows\Explorer.EXE[6272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                      000007fb5d7230b0 5 bytes JMP 000007fbdd731018
.text  C:\Windows\Explorer.EXE[6272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                        000007fb5d723691 5 bytes JMP 000007fbdd730018
.text  C:\Windows\Explorer.EXE[6272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                                                    000007fb5d723751 5 bytes JMP 000007fbdd732018
.text  C:\Windows\Explorer.EXE[6272] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                        000007fb5d15177a 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\Explorer.EXE[6272] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                        000007fb5d151782 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\Explorer.EXE[6272] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                  000007fb54701532 4 bytes [70, 54, FB, 07]
.text  C:\Windows\Explorer.EXE[6272] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                  000007fb5470153a 4 bytes [70, 54, FB, 07]
.text  C:\Windows\Explorer.EXE[6272] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                000007fb5470165a 4 bytes [70, 54, FB, 07]
.text  D:\Classic Shell\ClassicStartMenu.exe[9596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                        000007fb5d7230b0 5 bytes JMP 000007fbdd731018
.text  D:\Classic Shell\ClassicStartMenu.exe[9596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                          000007fb5d723691 5 bytes JMP 000007fbdd730018
.text  D:\Classic Shell\ClassicStartMenu.exe[9596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                                      000007fb5d723751 5 bytes JMP 000007fbdd732018
.text  D:\Classic Shell\ClassicStartMenu.exe[9596] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                    000007fb54701532 4 bytes [70, 54, FB, 07]
.text  D:\Classic Shell\ClassicStartMenu.exe[9596] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                    000007fb5470153a 4 bytes [70, 54, FB, 07]
.text  D:\Classic Shell\ClassicStartMenu.exe[9596] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                  000007fb5470165a 4 bytes [70, 54, FB, 07]
.text  D:\Classic Shell\ClassicStartMenu.exe[9596] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                          000007fb5d15177a 4 bytes [15, 5D, FB, 07]
.text  D:\Classic Shell\ClassicStartMenu.exe[9596] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                          000007fb5d151782 4 bytes [15, 5D, FB, 07]
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                      000007fb5d7230b0 5 bytes JMP 000007fbdd731018
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                        000007fb5d723691 5 bytes JMP 000007fbdd730018
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                    000007fb5d723751 5 bytes JMP 000007fbdd732018
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2288] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                    000007fb54701532 4 bytes [70, 54, FB, 07]
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2288] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                    000007fb5470153a 4 bytes [70, 54, FB, 07]
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2288] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                  000007fb5470165a 4 bytes [70, 54, FB, 07]
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2288] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306          000007fb5d15177a 4 bytes [15, 5D, FB, 07]
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2288] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314          000007fb5d151782 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\System32\igfxtray.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                            000007fb5d7230b0 5 bytes JMP 000007fbdd731018
.text  C:\Windows\System32\igfxtray.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                              000007fb5d723691 5 bytes JMP 000007fbdd730018
.text  C:\Windows\System32\igfxtray.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                                          000007fb5d723751 5 bytes JMP 000007fbdd732018
.text  C:\Windows\System32\igfxtray.exe[9560] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                000007fb5d15177a 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\System32\igfxtray.exe[9560] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                000007fb5d151782 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\System32\hkcmd.exe[7216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                000007fb5d7230b0 5 bytes JMP 000007fbdd731018
.text  C:\Windows\System32\hkcmd.exe[7216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                  000007fb5d723691 5 bytes JMP 000007fbdd730018
.text  C:\Windows\System32\hkcmd.exe[7216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                                              000007fb5d723751 5 bytes JMP 000007fbdd732018
.text  C:\Windows\System32\hkcmd.exe[7216] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                  000007fb5d15177a 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\System32\hkcmd.exe[7216] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                  000007fb5d151782 4 bytes [15, 5D, FB, 07]
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[11400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                            000007fb5d7230b0 5 bytes JMP 000007fbdd731018
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[11400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                              000007fb5d723691 5 bytes JMP 000007fbdd730018
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[11400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                          000007fb5d723751 5 bytes JMP 000007fbdd732018
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[11400] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                          000007fb54701532 4 bytes [70, 54, FB, 07]
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[11400] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                          000007fb5470153a 4 bytes [70, 54, FB, 07]
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[11400] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                        000007fb5470165a 4 bytes [70, 54, FB, 07]
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[11400] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                000007fb5d15177a 4 bytes [15, 5D, FB, 07]
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[11400] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                000007fb5d151782 4 bytes [15, 5D, FB, 07]
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[11072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                              000007fb5d7230b0 5 bytes JMP 000007fbdd731018
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[11072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                000007fb5d723691 5 bytes JMP 000007fbdd730018
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[11072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                            000007fb5d723751 5 bytes JMP 000007fbdd732018
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[11072] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                          000007fb54701532 4 bytes [70, 54, FB, 07]
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[11072] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                          000007fb5470153a 4 bytes [70, 54, FB, 07]
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[11072] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                        000007fb5470165a 4 bytes [70, 54, FB, 07]
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[11072] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                000007fb5d15177a 4 bytes [15, 5D, FB, 07]
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[11072] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                000007fb5d151782 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\System32\rundll32.exe[8428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                            000007fb5d7230b0 5 bytes JMP 000007fbdd731018
.text  C:\Windows\System32\rundll32.exe[8428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                              000007fb5d723691 5 bytes JMP 000007fbdd730018
.text  C:\Windows\System32\rundll32.exe[8428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                                          000007fb5d723751 5 bytes JMP 000007fbdd732018
.text  C:\Windows\System32\rundll32.exe[8428] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                000007fb5d15177a 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\System32\rundll32.exe[8428] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                000007fb5d151782 4 bytes [15, 5D, FB, 07]
.text  C:\Windows\System32\rundll32.exe[8428] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                          000007fb54701532 4 bytes [70, 54, FB, 07]
.text  C:\Windows\System32\rundll32.exe[8428] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                          000007fb5470153a 4 bytes [70, 54, FB, 07]
.text  C:\Windows\System32\rundll32.exe[8428] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                        000007fb5470165a 4 bytes [70, 54, FB, 07]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [5408:9024]                                                                                          fffff960008975e8
Thread  C:\Windows\syswow64\wwahost.exe [4372:9612]                                                                                        0000000076574f62
Thread  C:\Windows\syswow64\wwahost.exe [4372:7680]                                                                                        0000000074a95931
Thread  C:\Windows\syswow64\wwahost.exe [4372:10072]                                                                                      0000000076574f62
Thread  C:\Windows\syswow64\wwahost.exe [4372:11444]                                                                                      00000000764c9102
Thread  C:\Windows\syswow64\wwahost.exe [4372:11988]                                                                                      00000000764c9102
Thread  C:\Windows\syswow64\wwahost.exe [4372:8968]                                                                                        00000000764c9102
Thread  C:\Windows\syswow64\wwahost.exe [4372:3260]                                                                                        0000000076574f62
Thread  C:\Windows\syswow64\wwahost.exe [4372:11676]                                                                                      0000000076574f62
Thread  C:\Windows\syswow64\wwahost.exe [4372:4776]                                                                                        00000000764c9102
Thread  C:\Windows\syswow64\wwahost.exe [4372:80]                                                                                          00000000764c9102

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                              unknown MBR code

---- EOF - GMER 2.1 ----
Den musste ich (willkürlich) aufteilen, sorry ..

Völlig vergessen: Ich habe Windows 8 64 bit

schrauber 29.09.2013 17:35
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Konomono 30.09.2013 09:00
Beim ersten Suchlauf von MBAM wurde eine infizierte Datei gefunden, die ich auch gelöscht habe. Danach wurde ein Neustart des Systems gefordert, den ich zuerst durchführen wurde.
Allerdings ist nun das Problem, dass das Logfile irgendwie nicht gespeichert wurde, obowhl die entsprechende Einstellung aktiviert war!?

Habe dann noch einen Scan gemacht, allerdings dann nichts gefunden. Hier das Log File:

Code:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.30.02

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16688
Tobi :: TOBIS-PC [limitiert]

30.09.2013 09:32:30
mbam-log-2013-09-30 (09-32-30).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 152714
Laufzeit: 2 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
AdwCleaner:

AdwCleaner Logfile:
Code:
# AdwCleaner v3.005 - Bericht erstellt am 30/09/2013 um 09:42:18
# Updated 22/09/2013 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Admin - TOBIS-PC
# Gestartet von : C:\Users\Tobi\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\mw992w50.default\foxydeal.sqlite

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16688


*************************

AdwCleaner[R0].txt - [741 octets] - [30/09/2013 09:41:09]
AdwCleaner[S0].txt - [665 octets] - [30/09/2013 09:42:18]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [724 octets] ##########
--- --- ---


[/CODE]

JRT

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows 8 x64
Ran by Admin on 30.09.2013 at  9:51:59,97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1719656268-1954426853-1769409439-1003\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.09.2013 at  9:55:02,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013
Ran by Tobi (ATTENTION: The logged in user is not administrator) on TOBIS-PC on 30-09-2013 09:58:23
Running from C:\Users\Tobi\Desktop\Scanprogramme
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(IvoSoft) D:\Classic Shell\ClassicStartMenu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Spotify Ltd) C:\Users\Tobi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) D:\iTunes\iTunesHelper.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Windows\system32\igfxpers.exe
(Microsoft Corporation) C:\Windows\syswow64\wwahost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13267016 2013-01-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1276488 2013-01-18] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - D:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Tobi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-09-25] (Spotify Ltd)
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-27] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe [3423104 2012-08-31] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [ASUS InstantKey] - C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe [20456 2012-02-20] (ASUS)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [222504 2012-10-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [F-Secure Hoster (666)] - C:\Program Files (x86)\F-Secure\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure Manager] - C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE [310208 2013-08-14] (F-Secure Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - D:\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [245872 2013-01-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [201576 2013-01-10] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\mw992w50.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - D:\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\mw992w50.default\Extensions\ich@maltegoetz.de
FF Extension: WOT - C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\mw992w50.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: No Name - C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\mw992w50.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 ClassicShellService; D:\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft)
R2 fshoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE [216000 2013-08-14] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [60352 2013-09-04] (F-Secure Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [29696 2012-11-27] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-11-15] ()
R2 NlaSvc; C:\Windows\System32\svchost.exe [29696 2012-11-27] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [29696 2012-11-27] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2012-10-31] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-11-15] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-01-16] (ASUS Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [131968 2012-10-30] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1345920 2012-11-06] (Motorola Solutions, Inc.)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [202176 2013-09-09] (F-Secure Corporation)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [202176 2013-09-09] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [68928 2013-09-04] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [68928 2013-09-04] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2013-09-09] ()
R0 fsbts; C:\Windows\SysWow64\Drivers\fsbts.sys [41024 2013-09-04] ()
R3 fsni; C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\fsni64.sys [80832 2013-04-25] (F-Secure Corporation)
R3 fsni; C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\fsni64.sys [80832 2013-04-25] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13248 2013-08-14] ()
R1 fsvista; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13248 2013-08-14] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S4 mfewfpk; C:\Windows\system32\drivers\mfewfpk.sys [335784 2012-06-22] (McAfee, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-11-29] (Windows (R) Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-11-29] (Windows (R) Win 7 DDK provider)
U0 msahci;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-30 09:51 - 2013-09-30 09:51 - 00000000 ____D C:\Windows\ERUNT
2013-09-30 09:49 - 2013-09-30 09:49 - 01030305 _____ (Thisisu) C:\Users\Tobi\Desktop\JRT.exe
2013-09-30 09:41 - 2013-09-30 09:42 - 00000000 ____D C:\AdwCleaner
2013-09-30 09:29 - 2013-09-30 09:29 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Malwarebytes
2013-09-30 09:28 - 2013-09-30 09:29 - 00000000 ____D C:\Users\Tobi\Desktop\Scanprogramme
2013-09-30 09:26 - 2013-09-30 09:26 - 00318592 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-30 09:08 - 2013-09-30 09:08 - 00000640 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-30 09:08 - 2013-09-30 09:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-30 09:08 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-30 09:06 - 2013-09-30 09:06 - 01042066 _____ C:\Users\Tobi\Desktop\adwcleaner.exe
2013-09-30 09:05 - 2013-09-30 09:06 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Tobi\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-28 17:31 - 2013-09-28 17:31 - 01110476 _____ C:\Users\Tobi\Downloads\7z920.exe
2013-09-27 19:59 - 2013-09-27 19:59 - 00000000 ____D C:\FRST
2013-09-27 18:00 - 2013-09-27 18:00 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\F-Secure
2013-09-27 17:32 - 2013-09-27 17:32 - 00001444 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-27 17:32 - 2013-09-27 17:32 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-27 17:32 - 2013-09-27 17:32 - 00000000 ____D C:\Program Files\iTunes
2013-09-27 17:32 - 2013-09-27 17:32 - 00000000 ____D C:\Program Files\iPod
2013-09-26 13:16 - 2013-09-26 13:16 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-26 13:15 - 2013-09-26 13:15 - 00000000 ____D C:\ProgramData\Adobe
2013-09-26 13:15 - 2013-09-26 13:15 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-19 11:13 - 2013-09-27 19:51 - 00000000 ____D C:\Users\Admin
2013-09-19 00:46 - 2013-09-30 09:42 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-19 00:41 - 2013-09-19 00:41 - 00000000 ____D C:\Users\Tobi\AppData\Local\Secunia PSI
2013-09-19 00:40 - 2013-09-19 00:40 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-09-19 00:33 - 2013-09-19 00:33 - 00000000 ____D C:\Users\Tobi\Downloads\Firefox Add Ons
2013-09-19 00:32 - 2013-09-19 00:32 - 00000000 ____D C:\Users\Tobi\Downloads\Handy
2013-09-18 17:09 - 2013-09-18 17:09 - 00003967 _____ C:\Users\Tobi\AppData\Local\recently-used.xbel
2013-09-18 16:28 - 2013-09-18 16:28 - 00000000 ____D C:\Users\Tobi\.thumbnails
2013-09-18 16:27 - 2013-09-18 17:12 - 00000000 ____D C:\Users\Tobi\.gimp-2.8
2013-09-18 16:27 - 2013-09-18 16:27 - 00000000 ____D C:\Users\Tobi\AppData\Local\gegl-0.2
2013-09-18 15:51 - 2013-09-18 15:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-12 19:11 - 2013-09-19 01:26 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-12 19:11 - 2013-09-19 01:26 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-12 13:39 - 2013-09-21 00:11 - 00000000 ____D C:\Users\Tobi\Documents\TmForever
2013-09-12 13:39 - 2013-09-12 14:33 - 00000000 ____D C:\ProgramData\TmForever
2013-09-12 00:51 - 2013-09-12 00:51 - 00000000 ____D C:\Users\Tobi\Downloads\__MACOSX
2013-09-11 23:50 - 2013-09-11 23:50 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-09-11 23:50 - 2013-09-11 23:50 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\OpenOffice
2013-09-11 23:49 - 2013-09-11 23:49 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-09-11 23:01 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2013-09-11 23:01 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2013-09-11 23:01 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2013-09-11 23:01 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2013-09-11 23:01 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2013-09-11 23:01 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2013-09-11 23:01 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2013-09-11 23:01 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2013-09-11 23:01 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2013-09-11 23:01 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2013-09-11 23:01 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2013-09-11 23:01 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2013-09-11 23:00 - 2013-09-11 23:00 - 00000631 _____ C:\Users\Public\Desktop\TmNationsForever.lnk
2013-09-11 23:00 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2013-09-11 23:00 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2013-09-11 23:00 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2013-09-11 23:00 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2013-09-11 23:00 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2013-09-11 23:00 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2013-09-11 23:00 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2013-09-11 23:00 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2013-09-11 23:00 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2013-09-11 23:00 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2013-09-11 23:00 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2013-09-11 23:00 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2013-09-11 20:13 - 2013-08-07 07:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2013-09-10 23:39 - 2013-09-10 23:39 - 00495557 _____ C:\Users\Tobi\Downloads\WLAN_ATHEROS_V7.6.0.164_VISTA64_CA41534-1967.EXE
2013-09-10 22:47 - 2013-08-16 07:41 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2013-09-10 22:47 - 2013-08-16 07:39 - 02371728 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2013-09-10 22:47 - 2013-08-16 07:39 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-09-10 22:47 - 2013-08-16 07:32 - 00209200 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2013-09-10 22:47 - 2013-08-16 07:22 - 04917760 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2013-09-10 22:47 - 2013-08-16 07:22 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-09-10 22:47 - 2013-08-16 07:21 - 03275776 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-09-10 22:47 - 2013-08-16 07:21 - 01621504 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-09-10 22:47 - 2013-08-16 07:21 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2013-09-10 22:47 - 2013-08-16 07:21 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-09-10 22:47 - 2013-08-16 07:21 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2013-09-10 22:47 - 2013-08-16 07:21 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2013-09-10 22:47 - 2013-08-16 07:21 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-09-10 22:47 - 2013-08-16 07:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2013-09-10 22:47 - 2013-08-16 07:21 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2013-09-10 22:47 - 2013-08-16 07:21 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll
2013-09-10 22:47 - 2013-08-16 07:21 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-09-10 22:47 - 2013-08-16 07:21 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-10 22:47 - 2013-08-16 07:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-09-10 22:47 - 2013-08-16 07:21 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2013-09-10 22:47 - 2013-08-16 07:21 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-09-10 22:47 - 2013-08-16 07:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll
2013-09-10 22:47 - 2013-08-16 07:21 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-09-10 22:47 - 2013-08-16 07:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-09-10 22:47 - 2013-08-16 07:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2013-09-10 22:47 - 2013-08-16 00:43 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-09-10 22:47 - 2013-08-16 00:43 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2013-09-10 22:47 - 2013-08-16 00:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2013-09-10 22:47 - 2013-08-16 00:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll
2013-09-10 22:47 - 2013-08-16 00:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2013-09-10 22:47 - 2013-08-16 00:43 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-09-10 22:47 - 2013-08-16 00:43 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-10 22:47 - 2013-08-16 00:43 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-09-10 22:47 - 2013-08-16 00:43 - 00083968 _____ C:\Windows\SysWOW64\OEMLicense.dll
2013-09-10 22:47 - 2013-08-16 00:43 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-09-10 22:47 - 2013-08-16 00:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2013-09-10 22:47 - 2013-08-16 00:42 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2013-09-10 22:47 - 2013-08-16 00:42 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2013-09-10 22:45 - 2013-09-10 22:45 - 00000000 ____D C:\Users\Tobi\Documents\Meine empfangenen Dateien
2013-09-10 22:45 - 2013-08-21 06:12 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-10 22:45 - 2013-08-21 06:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-10 22:45 - 2013-08-21 06:11 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-10 22:45 - 2013-08-21 06:11 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-10 22:45 - 2013-08-21 06:11 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-10 22:45 - 2013-08-21 06:11 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-10 22:45 - 2013-08-21 06:11 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-10 22:45 - 2013-08-21 06:11 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-09-10 22:45 - 2013-08-21 06:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-10 22:45 - 2013-08-21 06:11 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-10 22:45 - 2013-08-21 06:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-10 22:45 - 2013-08-21 06:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-10 22:45 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-09-10 22:45 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-10 22:45 - 2013-08-21 06:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-10 22:45 - 2013-08-21 04:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-10 22:45 - 2013-08-21 04:06 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-10 22:45 - 2013-08-21 04:06 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-10 22:45 - 2013-08-21 04:06 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-09-10 22:45 - 2013-08-21 04:05 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-10 22:45 - 2013-08-21 04:05 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-10 22:45 - 2013-08-21 04:05 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-10 22:45 - 2013-08-21 04:05 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-10 22:45 - 2013-08-21 04:05 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-10 22:45 - 2013-08-21 04:05 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-10 22:45 - 2013-08-21 04:05 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-10 22:45 - 2013-08-21 04:05 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-10 22:45 - 2013-08-21 04:05 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-10 22:45 - 2013-08-21 04:05 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-10 22:45 - 2013-08-21 03:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-10 22:45 - 2013-08-21 01:52 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-09-10 22:44 - 2013-08-03 06:30 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-10 22:44 - 2013-07-09 10:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2013-09-10 22:44 - 2013-07-09 08:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2013-09-10 22:44 - 2013-07-09 06:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2013-09-10 22:44 - 2013-07-09 05:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2013-09-10 22:44 - 2013-07-09 00:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2013-09-10 22:44 - 2013-07-09 00:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2013-09-10 22:44 - 2013-07-09 00:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll
2013-09-10 22:44 - 2013-07-09 00:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2013-09-10 22:44 - 2013-07-06 02:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-09-10 22:44 - 2013-07-03 02:23 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-09-10 22:44 - 2013-07-03 02:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-09-10 22:44 - 2013-07-03 02:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2013-09-10 22:44 - 2013-07-03 02:22 - 01300480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-09-10 22:44 - 2013-07-03 02:11 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-09-10 22:44 - 2013-07-03 02:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-09-10 22:44 - 2013-07-03 02:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2013-09-10 22:44 - 2013-07-02 00:08 - 00387583 _____ C:\Windows\system32\ApnDatabase.xml
2013-09-10 22:44 - 2013-07-01 00:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe
2013-09-10 22:44 - 2013-07-01 00:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe
2013-09-10 22:44 - 2013-06-29 08:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-09-10 22:44 - 2013-06-29 08:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-09-10 22:44 - 2013-06-29 07:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2013-09-10 22:44 - 2013-06-29 03:12 - 01022464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-09-10 22:44 - 2013-06-26 05:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2013-09-10 22:44 - 2013-06-26 04:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2013-09-10 22:44 - 2013-06-25 00:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-09-10 22:44 - 2013-06-25 00:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2013-09-10 22:44 - 2013-06-25 00:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2013-09-10 22:44 - 2013-06-19 07:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2013-09-10 22:44 - 2013-06-19 07:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2013-09-10 22:44 - 2013-06-19 00:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2013-09-10 22:44 - 2013-06-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2013-09-10 22:44 - 2013-06-12 01:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2013-09-10 22:44 - 2013-06-12 01:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2013-09-10 22:44 - 2013-06-10 23:17 - 00096512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-09-10 22:44 - 2013-06-10 21:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-09-10 22:44 - 2013-06-10 21:15 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-09-10 22:44 - 2013-06-10 21:15 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-09-10 22:44 - 2013-06-10 21:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-09-10 22:44 - 2013-06-10 21:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-09-10 22:44 - 2013-06-10 21:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-09-10 22:44 - 2013-06-06 10:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2013-09-05 19:17 - 2012-11-20 07:24 - 01164800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Display.dll
2013-09-05 19:17 - 2012-11-20 07:17 - 01184256 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
2013-09-05 19:17 - 2012-11-20 07:02 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDKURD.DLL
2013-09-05 19:17 - 2012-11-20 06:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDKURD.DLL
2013-09-05 19:16 - 2012-10-12 08:13 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\dskquota.dll
2013-09-05 19:16 - 2012-10-12 07:39 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dskquota.dll
2013-09-05 19:15 - 2012-10-24 06:54 - 00396008 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2013-09-05 19:15 - 2012-10-17 06:32 - 01172992 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2013-09-05 19:15 - 2012-10-17 06:32 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2013-09-05 19:15 - 2012-10-17 06:32 - 00673280 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2013-09-05 19:15 - 2012-10-17 05:57 - 00929792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2013-09-05 19:15 - 2012-10-17 05:57 - 00568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2013-09-05 19:15 - 2012-10-17 05:57 - 00513024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2013-09-05 19:13 - 2012-10-11 07:46 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2013-09-05 19:12 - 2012-10-11 09:47 - 00793200 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2013-09-05 19:12 - 2012-10-11 09:25 - 00056552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdstor.sys
2013-09-05 19:12 - 2012-10-11 09:23 - 00441576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-09-05 19:12 - 2012-10-11 09:18 - 00172264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-09-05 19:12 - 2012-10-11 09:13 - 00033512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\battc.sys
2013-09-05 19:12 - 2012-10-11 09:08 - 00562392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-09-05 19:12 - 2012-10-11 07:46 - 00517120 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2013-09-05 19:12 - 2012-10-11 07:46 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.Compression.dll
2013-09-05 19:12 - 2012-10-11 07:46 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\BdeUISrv.exe
2013-09-05 19:12 - 2012-10-11 07:46 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2013-09-05 19:12 - 2012-10-11 07:45 - 01045504 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2013-09-05 19:12 - 2012-10-11 07:45 - 00590848 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2013-09-05 19:12 - 2012-10-11 07:45 - 00579584 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2013-09-05 19:12 - 2012-10-11 07:45 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\SpaceControl.dll
2013-09-05 19:12 - 2012-10-11 07:45 - 00370176 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2013-09-05 19:12 - 2012-10-11 07:45 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll
2013-09-05 19:12 - 2012-10-11 07:44 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-09-05 19:12 - 2012-10-11 07:44 - 00904192 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2013-09-05 19:12 - 2012-10-11 07:44 - 00355328 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-09-05 19:12 - 2012-10-11 07:44 - 00264704 _____ (Microsoft Corporation) C:\Windows\system32\ListSvc.dll
2013-09-05 19:12 - 2012-10-11 07:44 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2013-09-05 19:12 - 2012-10-11 07:44 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2013-09-05 19:12 - 2012-10-11 07:43 - 01280000 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-09-05 19:12 - 2012-10-11 07:43 - 00757760 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2013-09-05 19:12 - 2012-10-11 07:43 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2013-09-05 19:12 - 2012-10-11 07:43 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2013-09-05 19:12 - 2012-10-11 07:43 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2013-09-05 19:12 - 2012-10-11 07:43 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\AppxSip.dll
2013-09-05 19:12 - 2012-10-11 07:43 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2013-09-05 19:12 - 2012-10-11 07:43 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2013-09-05 19:12 - 2012-10-11 07:42 - 00612416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2013-09-05 19:12 - 2012-10-11 07:23 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-pdc.dll
2013-09-05 19:12 - 2012-10-11 07:16 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-09-05 19:12 - 2012-10-11 07:07 - 01226752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2013-09-05 19:12 - 2012-10-11 07:07 - 00962560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2013-09-05 19:12 - 2012-10-11 07:07 - 00460800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2013-09-05 19:12 - 2012-10-11 07:07 - 00414720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2013-09-05 19:12 - 2012-10-11 07:07 - 00116224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.Compression.dll
2013-09-05 19:12 - 2012-10-11 07:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll
2013-09-05 19:12 - 2012-10-11 07:07 - 00019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2013-09-05 19:12 - 2012-10-11 07:06 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2013-09-05 19:12 - 2012-10-11 07:06 - 00289280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-09-05 19:12 - 2012-10-11 07:06 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2013-09-05 19:12 - 2012-10-11 07:06 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2013-09-05 19:12 - 2012-10-11 07:06 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2013-09-05 19:12 - 2012-10-11 07:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2013-09-05 19:12 - 2012-10-11 07:06 - 00051712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2013-09-05 19:12 - 2012-10-11 07:05 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxSip.dll
2013-09-05 19:12 - 2012-10-11 02:45 - 00478424 _____ C:\Windows\SysWOW64\locale.nls
2013-09-05 19:12 - 2012-10-11 02:44 - 00478424 _____ C:\Windows\system32\locale.nls
2013-09-05 19:11 - 2012-10-11 07:23 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\kbdhebl3.dll
2013-09-05 19:11 - 2012-10-11 07:19 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2013-09-05 19:11 - 2012-10-11 07:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-09-05 19:11 - 2012-10-11 07:15 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2013-09-05 19:11 - 2012-10-11 06:42 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdhebl3.dll
2013-09-05 19:09 - 2012-11-27 08:39 - 01122768 _____ (Microsoft Corporation) C:\Windows\system32\Taskmgr.exe
2013-09-05 19:09 - 2012-11-27 06:49 - 01027152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Taskmgr.exe
2013-09-05 19:09 - 2012-11-27 06:20 - 01217536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2013-09-05 19:09 - 2012-11-27 06:20 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-09-05 19:09 - 2012-11-27 06:20 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-09-05 19:09 - 2012-11-27 06:20 - 00798208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebcamUi.dll
2013-09-05 19:09 - 2012-11-27 06:20 - 00560128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserLanguagesCpl.dll
2013-09-05 19:09 - 2012-11-27 06:20 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2013-09-05 19:09 - 2012-11-27 06:19 - 03245568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-09-05 19:09 - 2012-11-27 06:19 - 01536512 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2013-09-05 19:09 - 2012-11-27 06:19 - 00955904 _____ (Microsoft Corporation) C:\Windows\system32\WebcamUi.dll
2013-09-05 19:09 - 2012-11-27 06:19 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\UserLanguagesCpl.dll
2013-09-05 19:09 - 2012-11-27 06:19 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll
2013-09-05 19:09 - 2012-10-12 10:08 - 00027880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-09-05 19:09 - 2012-10-12 08:14 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2013-09-05 19:09 - 2012-09-11 07:28 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\vdsldr.exe
2013-09-05 19:08 - 2012-11-27 06:20 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vds_ps.dll
2013-09-05 19:08 - 2012-10-12 07:50 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-09-05 19:08 - 2012-09-11 07:27 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\vds_ps.dll
2013-09-05 19:07 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-09-05 19:07 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2013-09-05 19:07 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2013-09-05 19:07 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2013-09-05 19:07 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-05 19:07 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2013-09-05 19:07 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2013-09-05 19:07 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-09-05 19:07 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2013-09-05 19:07 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2013-09-05 19:07 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2013-09-05 19:07 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2013-09-05 19:07 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2013-09-05 19:07 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2013-09-05 19:07 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-09-05 19:07 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2013-09-05 19:07 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MbaeParserTask.exe
2013-09-05 19:07 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2013-09-05 19:07 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2013-09-05 19:07 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2013-09-05 19:07 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2013-09-05 19:07 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2013-09-05 19:07 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2013-09-05 19:07 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2013-09-05 19:07 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupManager.dll
2013-09-05 19:07 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthAvrcpTg.sys
2013-09-05 19:07 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2013-09-05 19:07 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2013-09-05 19:07 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2013-09-05 19:07 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2013-09-05 19:05 - 2012-11-06 09:33 - 01566432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2013-09-05 19:05 - 2012-11-06 06:20 - 00516608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2013-09-05 19:05 - 2012-11-06 06:19 - 08552448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2013-09-05 19:05 - 2012-11-06 06:19 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2013-09-05 19:05 - 2012-11-06 06:18 - 11459584 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2013-09-05 19:05 - 2012-11-06 06:18 - 00976384 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-05 19:04 - 2012-11-06 09:52 - 00277736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2013-09-05 19:04 - 2012-11-06 06:48 - 01150160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2013-09-05 19:04 - 2012-11-06 06:20 - 00883712 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2013-09-05 19:04 - 2012-11-06 06:20 - 00386560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2013-09-05 19:04 - 2012-11-06 06:20 - 00375296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll
2013-09-05 19:04 - 2012-11-06 06:20 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2013-09-05 19:04 - 2012-11-06 06:20 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2013-09-05 19:04 - 2012-11-06 06:20 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnApi.dll
2013-09-05 19:04 - 2012-11-06 06:20 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfdprov.dll
2013-09-05 19:04 - 2012-11-06 06:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2013-09-05 19:04 - 2012-11-06 06:19 - 00470016 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2013-09-05 19:04 - 2012-11-06 06:19 - 00466944 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2013-09-05 19:04 - 2012-11-06 06:19 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2013-09-05 19:04 - 2012-11-06 06:19 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2013-09-05 19:04 - 2012-11-06 06:19 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\WcnApi.dll
2013-09-05 19:04 - 2012-11-06 06:19 - 00126464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
2013-09-05 19:04 - 2012-11-06 06:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\wfdprov.dll
2013-09-05 19:04 - 2012-11-06 06:19 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapPeerProxy.dll
2013-09-05 19:04 - 2012-11-06 06:19 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapAuthProxy.dll
2013-09-05 19:04 - 2012-11-06 06:18 - 00189440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bthprops.cpl
2013-09-05 19:04 - 2012-11-06 06:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll
2013-09-05 19:04 - 2012-11-06 06:18 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\fdWCN.dll
2013-09-05 19:04 - 2012-11-06 06:18 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWCN.dll
2013-09-05 19:04 - 2012-11-06 06:17 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\bthprops.cpl
2013-09-05 19:04 - 2012-11-06 06:17 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\dafWCN.dll
2013-09-05 19:04 - 2012-11-06 05:53 - 00560640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-09-05 19:04 - 2012-11-06 05:51 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-05 19:03 - 2012-11-06 06:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\iscsilog.dll
2013-09-05 19:03 - 2012-11-06 05:58 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2013-09-05 19:03 - 2012-11-06 05:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
2013-09-05 19:03 - 2012-11-06 05:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2013-09-05 19:03 - 2012-11-06 05:55 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2013-09-05 19:03 - 2012-11-06 05:55 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2013-09-05 19:03 - 2012-11-06 05:55 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2013-09-05 19:03 - 2012-11-06 05:55 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fxppm.sys
2013-09-05 13:45 - 2013-09-05 14:02 - 00000000 ___RD C:\Windows\BrowserChoice
2013-09-05 00:32 - 2013-09-05 00:32 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-09-05 00:32 - 2013-09-05 00:32 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-09-05 00:32 - 2013-09-05 00:32 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-05 00:32 - 2013-09-05 00:32 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-05 00:32 - 2013-09-05 00:32 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-05 00:32 - 2013-09-05 00:32 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-05 00:32 - 2013-09-05 00:32 - 00000000 ____D C:\ProgramData\Sun
2013-09-04 20:02 - 2013-09-04 20:03 - 00000000 ____D C:\Users\Tobi\Downloads\Seven VG Skin
2013-09-04 19:54 - 2013-09-22 02:41 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Skype
2013-09-04 19:54 - 2013-09-04 19:54 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk
2013-09-04 19:54 - 2013-09-04 19:54 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-09-04 19:54 - 2013-09-04 19:54 - 00000000 ____D C:\ProgramData\Skype
2013-09-04 15:33 - 2013-09-04 15:33 - 00000877 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-09-04 15:32 - 2013-09-04 15:33 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\DVDVideoSoft
2013-09-04 14:48 - 2013-09-04 14:48 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Apple Computer
2013-09-04 14:48 - 2013-09-04 14:48 - 00000000 ____D C:\Users\Tobi\AppData\Local\Apple Computer
2013-09-04 14:47 - 2013-09-04 14:47 - 00000000 ____D C:\ProgramData\Apple Computer
2013-09-04 14:47 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-09-04 14:46 - 2013-09-04 14:46 - 00000000 ____D C:\Users\Tobi\AppData\Local\Apple
2013-09-04 14:46 - 2013-09-04 14:46 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-04 14:46 - 2013-09-04 14:46 - 00000000 ____D C:\Program Files\Bonjour
2013-09-04 14:46 - 2013-09-04 14:46 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-09-04 14:46 - 2013-09-04 14:46 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-04 14:45 - 2013-09-04 14:46 - 00000000 ____D C:\ProgramData\Apple
2013-09-04 03:55 - 2013-09-11 10:34 - 00000000 ____D C:\Windows\system32\MRT
2013-09-04 03:55 - 2013-09-11 10:32 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-04 03:48 - 2013-09-04 03:48 - 00000000 ____D C:\Users\Tobi\AppData\Local\Macromedia
2013-09-04 03:43 - 2013-09-24 13:11 - 00000000 ____D C:\Users\Tobi\AppData\Local\Spotify
2013-09-04 03:43 - 2013-09-04 03:43 - 00001764 _____ C:\Users\Tobi\Desktop\Spotify.lnk
2013-09-04 03:43 - 2013-09-04 03:43 - 00001750 _____ C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-09-04 03:42 - 2013-09-27 19:27 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Spotify
2013-09-04 03:12 - 2012-08-31 02:52 - 00017888 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2013-09-04 03:11 - 2012-08-31 02:53 - 00017888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2013-09-04 03:09 - 2013-01-10 03:53 - 00028904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpiowin32.sys
2013-09-04 03:09 - 2013-01-10 03:29 - 00785504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-09-04 03:09 - 2013-01-10 03:29 - 00091880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2013-09-04 03:09 - 2013-01-10 01:26 - 01752064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll
2013-09-04 03:09 - 2013-01-10 01:26 - 01611776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe
2013-09-04 03:09 - 2013-01-10 01:26 - 00890880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2013-09-04 03:09 - 2013-01-10 01:26 - 00436736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2013-09-04 03:09 - 2013-01-10 01:26 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2013-09-04 03:09 - 2013-01-10 01:26 - 00083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiaacmgr.exe
2013-09-04 03:09 - 2013-01-10 01:23 - 02094592 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe
2013-09-04 03:09 - 2013-01-10 01:23 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2013-09-04 03:09 - 2013-01-10 01:23 - 01886208 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll
2013-09-04 03:09 - 2013-01-10 01:23 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2013-09-04 03:09 - 2013-01-10 01:23 - 00256000 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2013-09-04 03:09 - 2013-01-10 01:23 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\wiaacmgr.exe
2013-09-04 03:09 - 2013-01-10 01:22 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2013-09-04 03:09 - 2013-01-10 01:22 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2013-09-04 03:09 - 2013-01-10 01:22 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2013-09-04 03:09 - 2013-01-10 01:22 - 00438272 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2013-09-04 03:09 - 2013-01-10 01:22 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2013-09-04 03:09 - 2012-11-02 07:19 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ncbservice.dll
2013-09-04 03:09 - 2012-11-02 07:18 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2013-09-04 03:09 - 2012-11-02 07:18 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2013-09-04 03:09 - 2012-11-02 07:18 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\adhapi.dll
2013-09-04 03:09 - 2012-11-02 07:18 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\httpprxp.dll
2013-09-04 03:09 - 2012-11-02 07:18 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\keepaliveprovider.dll
2013-09-04 03:07 - 2013-05-24 01:02 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-09-04 03:07 - 2013-05-24 00:25 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-09-04 03:06 - 2013-04-09 07:20 - 00306952 _____ (Microsoft Corporation) C:\Windows\system32\kd_02_10ec.dll
2013-09-04 03:06 - 2013-04-09 07:17 - 01829408 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-04 03:06 - 2013-04-09 06:51 - 14267904 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-09-04 03:06 - 2013-04-09 06:51 - 03552768 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2013-09-04 03:06 - 2013-04-09 06:50 - 02107904 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2013-09-04 03:06 - 2013-04-09 06:50 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2013-09-04 03:06 - 2013-04-09 06:49 - 01444864 _____ (Microsoft Corporation) C:\Windows\system32\MSAudDecMFT.dll
2013-09-04 03:06 - 2013-04-08 23:52 - 11878912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-09-04 03:06 - 2013-04-08 23:51 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2013-09-04 03:06 - 2013-04-08 23:51 - 01593344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2013-09-04 03:06 - 2013-04-08 23:51 - 01113600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
2013-09-04 03:05 - 2013-04-09 07:33 - 00489576 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2013-09-04 03:05 - 2013-04-09 07:33 - 00446792 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2013-09-04 03:05 - 2013-04-09 07:33 - 00253544 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2013-09-04 03:05 - 2013-04-09 07:20 - 00086280 _____ (Microsoft Corporation) C:\Windows\system32\kdnet.dll
2013-09-04 03:05 - 2013-04-09 07:18 - 00077960 _____ (Microsoft Corporation) C:\Windows\system32\kdvm.dll
2013-09-04 03:05 - 2013-04-09 06:52 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2013-09-04 03:05 - 2013-04-09 06:52 - 00804352 _____ (Microsoft Corporation) C:\Windows\system32\RecoveryDrive.exe
2013-09-04 03:05 - 2013-04-09 06:52 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2013-09-04 03:05 - 2013-04-09 06:52 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2013-09-04 03:05 - 2013-04-09 06:52 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2013-09-04 03:05 - 2013-04-09 06:51 - 00595456 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.dll
2013-09-04 03:05 - 2013-04-09 06:51 - 00456704 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2013-09-04 03:05 - 2013-04-09 06:51 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-04 03:05 - 2013-04-09 06:51 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2013-09-04 03:05 - 2013-04-09 06:50 - 00745984 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2013-09-04 03:05 - 2013-04-09 06:50 - 00435200 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2013-09-04 03:05 - 2013-04-09 06:50 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-09-04 03:05 - 2013-04-09 06:50 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\GenuineCenter.dll
2013-09-04 03:05 - 2013-04-09 06:50 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2013-09-04 03:05 - 2013-04-09 06:50 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2013-09-04 03:05 - 2013-04-09 06:50 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2013-09-04 03:05 - 2013-04-09 06:49 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-09-04 03:05 - 2013-04-09 06:49 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2013-09-04 03:05 - 2013-04-09 06:49 - 00281088 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2013-09-04 03:05 - 2013-04-09 06:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\fhengine.dll
2013-09-04 03:05 - 2013-04-09 06:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\iuilp.dll
2013-09-04 03:05 - 2013-04-09 06:49 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\dmvdsitf.dll
2013-09-04 03:05 - 2013-04-09 06:49 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\dwmredir.dll
2013-09-04 03:05 - 2013-04-09 06:49 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\fmifs.dll
2013-09-04 03:05 - 2013-04-09 06:48 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2013-09-04 03:05 - 2013-04-09 04:34 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2013-09-04 03:05 - 2013-04-09 04:34 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-09-04 03:05 - 2013-04-09 04:34 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2013-09-04 03:05 - 2013-04-09 04:33 - 00623104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2013-09-04 03:05 - 2013-04-09 04:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2013-09-04 03:05 - 2013-04-09 04:32 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2013-09-04 03:05 - 2013-04-09 04:31 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2013-09-04 03:05 - 2013-04-09 04:31 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2013-09-04 03:05 - 2013-04-09 01:44 - 00123880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2013-09-04 03:05 - 2013-04-09 01:39 - 01408896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-04 03:05 - 2013-04-09 01:37 - 00426024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2013-09-04 03:05 - 2013-04-09 01:37 - 00324368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2013-09-04 03:05 - 2013-04-08 23:52 - 00670208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2013-09-04 03:05 - 2013-04-08 23:52 - 00302592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2013-09-04 03:05 - 2013-04-08 23:52 - 00171008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2013-09-04 03:05 - 2013-04-08 23:52 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2013-09-04 03:05 - 2013-04-08 23:51 - 00659456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2013-09-04 03:05 - 2013-04-08 23:51 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-09-04 03:05 - 2013-04-08 23:51 - 00411136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2013-09-04 03:05 - 2013-04-08 23:51 - 00403968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2013-09-04 03:05 - 2013-04-08 23:51 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2013-09-04 03:05 - 2013-04-08 23:51 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-09-04 03:05 - 2013-04-08 23:51 - 00214528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2013-09-04 03:05 - 2013-04-08 23:51 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2013-09-04 03:05 - 2013-04-08 23:51 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll
2013-09-04 03:05 - 2013-04-08 23:51 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fmifs.dll
2013-09-04 03:05 - 2013-04-08 23:51 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2013-09-04 03:05 - 2013-04-08 23:51 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2013-09-04 03:05 - 2013-04-05 01:30 - 00503080 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2013-09-04 03:05 - 2013-03-16 00:05 - 00298456 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2013-09-04 03:05 - 2013-03-16 00:05 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2013-09-04 03:05 - 2013-03-02 12:39 - 00069864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2013-09-04 03:05 - 2013-03-02 04:43 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2013-09-04 03:05 - 2013-02-07 03:33 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2013-09-04 03:05 - 2013-02-02 10:40 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2013-09-04 03:05 - 2013-02-02 10:23 - 00228352 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2013-09-04 03:05 - 2013-01-10 03:40 - 00303848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-09-04 03:05 - 2012-12-13 06:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-09-04 03:05 - 2012-12-13 05:59 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-09-04 03:05 - 2012-11-20 06:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidi2c.sys
2013-09-04 03:05 - 2012-11-06 09:33 - 00522640 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2013-09-04 03:05 - 2012-11-06 07:00 - 00463768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2013-09-04 03:05 - 2012-11-06 06:18 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2013-09-04 03:05 - 2012-10-11 07:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2013-09-04 03:05 - 2012-10-11 07:44 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2013-09-04 03:05 - 2012-10-11 07:06 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2013-09-04 03:05 - 2012-10-11 07:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2013-09-04 03:03 - 2013-04-16 04:34 - 01455368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-09-04 03:01 - 2013-05-04 09:58 - 00120736 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2013-09-04 03:01 - 2013-05-04 09:34 - 00446720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2013-09-04 03:01 - 2013-05-04 09:34 - 00284416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2013-09-04 03:01 - 2013-05-04 08:59 - 13644288 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2013-09-04 03:01 - 2013-05-04 08:59 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2013-09-04 03:01 - 2013-05-04 08:59 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\Magnify.exe
2013-09-04 03:01 - 2013-05-04 08:58 - 10116096 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2013-09-04 03:01 - 2013-05-04 08:58 - 01332736 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2013-09-04 03:01 - 2013-05-04 08:58 - 00470528 _____ (Microsoft Corporation) C:\Windows\system32\netprofmsvc.dll
2013-09-04 03:01 - 2013-05-04 08:58 - 00330240 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2013-09-04 03:01 - 2013-05-04 08:58 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2013-09-04 03:01 - 2013-05-04 08:58 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\netplwiz.dll
2013-09-04 03:01 - 2013-05-04 08:58 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\netprofm.dll
2013-09-04 03:01 - 2013-05-04 08:58 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2013-09-04 03:01 - 2013-05-04 08:57 - 02305024 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-09-04 03:01 - 2013-05-04 08:57 - 01131520 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2013-09-04 03:01 - 2013-05-04 08:57 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2013-09-04 03:01 - 2013-05-04 08:57 - 00560640 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2013-09-04 03:01 - 2013-05-04 08:57 - 00501760 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
2013-09-04 03:01 - 2013-05-04 08:57 - 00389120 _____ (Microsoft Corporation) C:\Windows\system32\BCP47Langs.dll
2013-09-04 03:01 - 2013-05-04 08:57 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2013-09-04 03:01 - 2013-05-04 08:57 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\biwinrt.dll
2013-09-04 03:01 - 2013-05-04 08:57 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\muifontsetup.dll
2013-09-04 03:01 - 2013-05-04 08:56 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
2013-09-04 03:01 - 2013-05-04 06:58 - 00758784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Magnify.exe
2013-09-04 03:01 - 2013-05-04 06:57 - 10788864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-09-04 03:01 - 2013-05-04 06:57 - 08857088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-09-04 03:01 - 2013-05-04 06:57 - 00303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2013-09-04 03:01 - 2013-05-04 06:57 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-09-04 03:01 - 2013-05-04 06:57 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netplwiz.dll
2013-09-04 03:01 - 2013-05-04 06:57 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netprofm.dll
2013-09-04 03:01 - 2013-05-04 06:57 - 00018432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\npmproxy.dll
2013-09-04 03:01 - 2013-05-04 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\muifontsetup.dll
2013-09-04 03:01 - 2013-05-04 06:56 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-09-04 03:01 - 2013-05-04 06:56 - 00449536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2013-09-04 03:01 - 2013-05-04 06:56 - 00411136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2013-09-04 03:01 - 2013-05-04 06:56 - 00309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BCP47Langs.dll
2013-09-04 03:01 - 2013-05-04 06:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\biwinrt.dll
2013-09-04 03:01 - 2013-05-04 06:55 - 00389632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2013-09-04 03:01 - 2013-05-04 06:51 - 00014848 _____ (Microsoft) C:\Windows\system32\rars.rs
2013-09-04 03:01 - 2013-05-04 06:47 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2013-09-04 03:01 - 2013-05-04 06:10 - 00014848 _____ (Microsoft) C:\Windows\SysWOW64\rars.rs
2013-09-04 03:01 - 2013-03-02 04:45 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-09-04 03:01 - 2013-03-02 04:45 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\taskhostex.exe
2013-09-04 03:01 - 2013-02-02 10:39 - 00015872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlmproxy.dll
2013-09-04 03:01 - 2013-02-02 10:39 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlmsprep.dll
2013-09-04 03:01 - 2012-11-06 06:20 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2013-09-04 03:01 - 2012-11-06 06:00 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wushareduxresources.dll
2013-09-04 02:59 - 2013-07-09 08:07 - 02233168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-04 02:59 - 2013-05-31 01:24 - 01257472 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-04 02:59 - 2013-05-31 01:08 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-04 02:59 - 2013-05-15 04:25 - 00888320 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe
2013-09-04 02:59 - 2013-05-15 04:25 - 00542208 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2013-09-04 02:59 - 2013-05-15 04:24 - 00793088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe
2013-09-04 02:59 - 2013-05-15 04:24 - 00482816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2013-09-04 02:59 - 2013-04-24 01:13 - 01013248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-09-04 02:59 - 2013-04-24 01:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-09-04 02:59 - 2013-04-24 00:56 - 01255936 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-09-04 02:59 - 2013-04-24 00:55 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-09-04 02:59 - 2013-03-02 11:59 - 00411880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-09-04 02:59 - 2012-10-10 09:04 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2013-09-04 02:59 - 2012-10-10 08:31 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-09-04 02:58 - 2013-03-02 12:57 - 00332520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2013-09-04 02:58 - 2013-03-02 12:57 - 00077544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storahci.sys
2013-09-04 02:58 - 2013-03-02 12:45 - 00148712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2013-09-04 02:58 - 2013-03-02 12:39 - 00495336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2013-09-04 02:58 - 2013-03-02 10:23 - 01338880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-09-04 02:58 - 2013-03-02 10:23 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2013-09-04 02:58 - 2013-03-02 10:23 - 00601088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2013-09-04 02:58 - 2013-03-02 10:23 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2013-09-04 02:58 - 2013-03-02 10:23 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2013-09-04 02:58 - 2013-03-02 10:23 - 00100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncInfo.dll
2013-09-04 02:58 - 2013-03-02 10:22 - 05091840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-09-04 02:58 - 2013-03-02 10:22 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2013-09-04 02:58 - 2013-03-02 10:21 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvstore.dll
2013-09-04 02:58 - 2013-03-02 10:21 - 00145408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powercfg.cpl
2013-09-04 02:58 - 2013-03-02 10:21 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevDispItemProvider.dll
2013-09-04 02:58 - 2013-03-02 04:45 - 01627648 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-09-04 02:58 - 2013-03-02 04:45 - 01149952 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2013-09-04 02:58 - 2013-03-02 04:45 - 01101824 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2013-09-04 02:58 - 2013-03-02 04:45 - 00951808 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2013-09-04 02:58 - 2013-03-02 04:45 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2013-09-04 02:58 - 2013-03-02 04:45 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\usbmon.dll
2013-09-04 02:58 - 2013-03-02 04:45 - 00240640 _____ (Microsoft Corporation) C:\Windows\system32\fsquirt.exe
2013-09-04 02:58 - 2013-03-02 04:45 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2013-09-04 02:58 - 2013-03-02 04:45 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\TimeBrokerServer.dll
2013-09-04 02:58 - 2013-03-02 04:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2013-09-04 02:58 - 2013-03-02 04:45 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\WSDPrintProxy.DLL
2013-09-04 02:58 - 2013-03-02 04:44 - 05978624 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-09-04 02:58 - 2013-03-02 04:44 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\drvstore.dll
2013-09-04 02:58 - 2013-03-02 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2013-09-04 02:58 - 2013-03-02 04:44 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2013-09-04 02:58 - 2013-03-02 04:44 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\discan.dll
2013-09-04 02:58 - 2013-03-02 04:44 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll
2013-09-04 02:58 - 2013-03-02 04:44 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\NdisImPlatform.dll
2013-09-04 02:58 - 2013-03-02 04:44 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\DevDispItemProvider.dll
2013-09-04 02:58 - 2013-03-02 04:43 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\powercfg.cpl
2013-09-04 02:58 - 2013-03-02 04:15 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2013-09-04 02:58 - 2013-03-01 06:56 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys
2013-09-04 02:58 - 2013-03-01 06:56 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys
2013-09-04 02:58 - 2013-03-01 06:55 - 01175040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2013-09-04 02:57 - 2013-01-09 05:59 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2013-09-04 02:57 - 2013-01-09 05:58 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2013-09-04 02:56 - 2012-11-26 06:21 - 00071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2013-09-04 02:56 - 2012-11-26 06:20 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2013-09-04 02:52 - 2013-07-02 02:44 - 00036288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2013-09-04 02:52 - 2013-07-02 00:08 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2013-09-04 02:50 - 2013-04-12 00:30 - 01421312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-09-04 02:50 - 2013-04-12 00:22 - 01838080 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-09-04 02:49 - 2013-05-04 08:59 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-09-04 02:49 - 2013-05-04 06:57 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-09-04 02:48 - 2012-11-03 07:26 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2013-09-04 02:48 - 2012-11-03 07:26 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
2013-09-04 02:48 - 2012-11-03 07:24 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2013-09-04 02:48 - 2012-11-03 07:24 - 00375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-09-04 02:48 - 2012-11-03 07:24 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll
2013-09-04 02:48 - 2012-11-03 07:24 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnathlp.dll
2013-09-04 02:48 - 2012-11-03 07:24 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\dpnhupnp.dll
2013-09-04 02:48 - 2012-11-03 07:24 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\dpnhpast.dll
2013-09-04 02:48 - 2012-11-03 07:24 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhupnp.dll
2013-09-04 02:48 - 2012-11-03 07:24 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhpast.dll
2013-09-04 02:48 - 2012-11-03 07:04 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dpnlobby.dll
2013-09-04 02:48 - 2012-11-03 07:04 - 00003584 _____ (Microsoft Corporation) C:\Windows\system32\dpnaddr.dll
2013-09-04 02:48 - 2012-11-03 07:00 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnlobby.dll
2013-09-04 02:48 - 2012-11-03 07:00 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnaddr.dll
2013-09-04 02:48 - 2012-11-01 06:41 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-09-04 02:48 - 2012-11-01 06:41 - 01438720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-09-04 02:48 - 2012-11-01 06:40 - 02361344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-09-04 02:48 - 2012-11-01 06:40 - 01836032 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2013-09-04 02:48 - 2012-11-01 06:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2013-09-04 02:48 - 2012-11-01 06:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2013-09-04 02:48 - 2012-11-01 06:20 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2013-09-04 02:48 - 2012-11-01 06:20 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2013-09-04 02:48 - 2012-10-24 05:25 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2013-09-04 02:48 - 2012-10-24 05:24 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2013-09-04 02:48 - 2012-10-24 05:24 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2013-09-04 02:48 - 2012-10-24 05:05 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2013-09-04 02:47 - 2013-06-01 11:25 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-09-04 02:47 - 2013-06-01 11:21 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-09-04 02:46 - 2013-07-13 08:18 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-09-04 02:46 - 2013-07-13 08:16 - 01889280 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-09-04 02:46 - 2013-07-13 08:16 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-09-04 02:46 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2013-09-04 02:46 - 2013-07-13 08:15 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2013-09-04 02:46 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-09-04 02:46 - 2013-07-13 06:23 - 01568256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-09-04 02:46 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2013-09-04 02:46 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2013-09-04 02:46 - 2013-02-02 13:19 - 00496872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-09-04 02:46 - 2013-02-02 13:19 - 00061672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2013-09-04 02:46 - 2013-02-02 12:54 - 01933544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-09-04 02:46 - 2013-02-02 10:40 - 00410624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlroamextension.dll
2013-09-04 02:46 - 2013-02-02 10:40 - 00370688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWanAPI.dll
2013-09-04 02:46 - 2013-02-02 10:40 - 00197632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2013-09-04 02:46 - 2013-02-02 10:40 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tasklist.exe
2013-09-04 02:46 - 2013-02-02 10:40 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskkill.exe
2013-09-04 02:46 - 2013-02-02 10:39 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2013-09-04 02:46 - 2013-02-02 10:39 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-09-04 02:46 - 2013-02-02 10:38 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\duser.dll
2013-09-04 02:46 - 2013-02-02 10:24 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\taskkill.exe
2013-09-04 02:46 - 2013-02-02 10:24 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\tasklist.exe
2013-09-04 02:46 - 2013-02-02 10:23 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2013-09-04 02:46 - 2013-02-02 10:23 - 00543232 _____ (Microsoft Corporation) C:\Windows\system32\wlroamextension.dll
2013-09-04 02:46 - 2013-02-02 10:23 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\WWanAPI.dll
2013-09-04 02:46 - 2013-02-02 10:23 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Connectivity.dll
2013-09-04 02:46 - 2013-02-02 10:23 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll
2013-09-04 02:46 - 2013-02-02 10:21 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2013-09-04 02:46 - 2013-02-02 10:21 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2013-09-04 02:46 - 2013-02-02 10:20 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\duser.dll
2013-09-04 02:46 - 2013-02-02 10:20 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\hotspotauth.dll
2013-09-04 02:46 - 2013-02-02 09:25 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2013-09-04 02:46 - 2012-11-27 05:57 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BtaMPM.sys
2013-09-04 02:46 - 2012-11-27 05:55 - 00029952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthhfHid.sys
2013-09-04 02:46 - 2012-11-20 06:56 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-09-04 02:45 - 2013-04-27 07:20 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-09-04 02:45 - 2013-02-06 00:29 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2013-09-04 02:45 - 2013-02-06 00:28 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2013-09-04 02:45 - 2013-02-02 07:41 - 01437184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2013-09-04 02:45 - 2013-02-02 07:31 - 01690624 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2013-09-04 02:44 - 2013-04-03 01:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-09-04 02:44 - 2013-04-03 01:12 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-09-04 02:44 - 2013-03-15 02:17 - 00861184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2013-09-04 02:44 - 2013-02-12 02:17 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-09-04 02:44 - 2012-12-16 10:28 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-09-04 02:44 - 2012-12-16 10:20 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-09-04 02:44 - 2012-12-16 10:08 - 00362496 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-09-04 02:44 - 2012-12-16 09:57 - 00300032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-09-04 02:44 - 2012-11-08 06:24 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-09-04 02:44 - 2012-11-08 06:24 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-09-04 02:44 - 2012-11-08 06:20 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-09-04 02:44 - 2012-11-08 06:20 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-09-04 02:44 - 2012-11-08 06:02 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-09-04 02:44 - 2012-11-08 06:01 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-09-04 02:40 - 2013-03-06 08:31 - 19758592 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-04 02:40 - 2013-03-06 07:03 - 17561600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-04 02:40 - 2012-11-10 06:23 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2013-09-04 02:40 - 2012-11-10 06:23 - 00132608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2013-09-04 02:40 - 2012-11-10 06:22 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\RDWebAI.dll
2013-09-04 02:40 - 2012-11-10 06:22 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\VmHostAI.dll
2013-09-04 02:40 - 2012-11-10 06:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\appserverai.dll
2013-09-04 02:39 - 2013-03-06 09:10 - 00112872 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-09-04 02:39 - 2013-03-06 08:31 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-04 02:39 - 2013-03-06 08:29 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-09-04 02:39 - 2013-03-06 07:03 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-04 02:39 - 2012-10-24 05:25 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\ReAgentc.exe
2013-09-04 02:39 - 2012-10-24 04:48 - 00024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgentc.exe
2013-09-04 02:38 - 2013-03-22 05:49 - 02382336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2013-09-04 02:38 - 2013-03-22 00:47 - 02851840 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2013-09-04 02:38 - 2013-03-02 10:23 - 00375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2013-09-04 02:38 - 2013-03-02 04:44 - 01011200 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2013-09-04 02:38 - 2012-12-15 06:55 - 00443392 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2013-09-04 02:38 - 2012-11-03 07:26 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\sysreset.exe
2013-09-04 02:38 - 2012-11-03 07:25 - 00945152 _____ (Microsoft Corporation) C:\Windows\system32\resetengmig.dll
2013-09-04 02:25 - 2013-09-19 00:32 - 00000000 ____D C:\Users\Tobi\AppData\Local\Mozilla
2013-09-04 02:25 - 2013-09-09 14:19 - 00056016 _____ C:\Windows\system32\Drivers\fsbts.sys
2013-09-04 02:25 - 2013-09-04 02:25 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Mozilla
2013-09-04 02:24 - 2013-09-30 09:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-04 02:24 - 2013-09-04 02:24 - 00000000 ____D C:\ProgramData\Mozilla
2013-09-04 01:49 - 2013-09-30 09:27 - 00000644 _____ C:\Windows\Tasks\Scheduled scanning task.job
2013-09-04 01:46 - 2013-09-09 14:12 - 07415559 _____ C:\Windows\FSISU.log
2013-09-04 01:46 - 2013-09-09 14:12 - 01631610 _____ C:\Windows\FSSFM.log
2013-09-04 01:46 - 2013-09-09 14:12 - 01321915 _____ C:\Windows\FSSETUP.log
2013-09-04 01:46 - 2013-09-09 14:12 - 00234051 _____ C:\Windows\FSPROD.log
2013-09-04 01:46 - 2013-09-09 14:12 - 00217007 _____ C:\Windows\RunSetup.log
2013-09-04 01:46 - 2013-09-09 14:12 - 00199096 _____ C:\Windows\FSDEPH.log
2013-09-04 01:46 - 2013-09-09 14:12 - 00141337 _____ C:\Windows\FSAVINST.LOG
2013-09-04 01:46 - 2013-09-09 14:12 - 00019785 _____ C:\Windows\prodsett_copy.ini
2013-09-04 01:46 - 2013-09-09 14:12 - 00012243 _____ C:\Windows\FSAVCSIN.LOG
2013-09-04 01:46 - 2013-09-09 14:12 - 00008044 _____ C:\Windows\FSGKIAIN.log
2013-09-04 01:46 - 2013-09-09 14:12 - 00003650 _____ C:\Windows\FSLDIN.LOG
2013-09-04 01:46 - 2013-09-09 14:12 - 00002937 _____ C:\Windows\fsavunin.log
2013-09-04 01:46 - 2013-09-09 14:12 - 00002380 _____ C:\Windows\DAASINST.LOG
2013-09-04 01:46 - 2013-09-09 14:12 - 00001314 _____ C:\Windows\fsav_db_setup.log
2013-09-04 01:46 - 2013-09-09 14:11 - 00032887 _____ C:\Windows\fspplugin.log
2013-09-04 01:46 - 2013-09-04 01:46 - 00041024 _____ C:\Windows\SysWOW64\Drivers\fsbts.sys
2013-09-04 01:46 - 2013-09-04 01:46 - 00020333 _____ C:\Windows\fsmainst.log
2013-09-04 01:46 - 2013-09-04 01:46 - 00018223 _____ C:\Windows\FSGUIINS.LOG
2013-09-04 01:46 - 2013-09-04 01:46 - 00004258 _____ C:\Windows\fstnbins.LOG
2013-09-04 01:46 - 2013-09-04 01:46 - 00003616 _____ C:\Windows\FSGemini.LOG
2013-09-04 01:46 - 2013-09-04 01:46 - 00000881 _____ C:\Windows\fsgadget.log
2013-09-04 01:46 - 2013-09-04 01:46 - 00000770 _____ C:\Windows\fstsutil.log
2013-09-04 01:23 - 2013-09-04 01:23 - 00001945 _____ C:\Users\Public\Desktop\F-Secure.lnk
2013-09-04 01:05 - 2013-09-04 01:05 - 00000000 ____D C:\sources
2013-09-04 01:02 - 2013-09-30 09:26 - 00000000 ____D C:\Program Files (x86)\F-Secure
2013-09-04 01:00 - 2013-09-04 01:46 - 00000000 ____D C:\ProgramData\F-Secure
2013-09-04 00:54 - 2013-09-04 00:54 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Macromedia
2013-09-03 21:27 - 2013-09-04 15:34 - 00000000 ____D C:\Users\Tobi\Desktop\Tobis Daten
2013-09-03 19:09 - 2013-09-03 19:09 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2013-09-03 17:13 - 2013-09-03 17:13 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-09-03 16:56 - 2013-09-03 16:56 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\NVIDIA
2013-09-03 16:55 - 2013-09-04 03:56 - 00000000 ____D C:\Users\Tobi\AppData\Local\Adobe
2013-09-03 16:53 - 2013-09-03 16:53 - 00000000 ____D C:\Users\Tobi\Documents\ASUS
2013-09-03 16:53 - 2013-09-03 16:53 - 00000000 ____D C:\ProgramData\ASUS
2013-09-03 16:44 - 2013-09-05 14:03 - 00000000 ___RD C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-03 16:44 - 2013-09-05 14:03 - 00000000 ___RD C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-03 16:44 - 2013-09-03 16:54 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\ASUS
2013-09-03 16:44 - 2013-09-03 16:44 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\ASUS WebStorage
2013-09-03 16:43 - 2013-09-03 16:55 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Adobe
2013-09-03 16:43 - 2013-09-03 16:43 - 00001444 _____ C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-03 16:43 - 2013-09-03 16:43 - 00000188 _____ C:\Windows\FixPatch.log
2013-09-03 16:43 - 2013-09-03 16:43 - 00000135 _____ C:\Windows\SysWOW64\mcmarkclean.log
2013-09-03 16:43 - 2013-09-03 16:43 - 00000000 __RSD C:\Users\Public\Desktop\ASUS
2013-09-03 16:43 - 2013-09-03 16:43 - 00000000 ____D C:\ProgramData\FolderView
2013-09-03 16:42 - 2013-09-30 09:44 - 00000062 _____ C:\Users\Tobi\AppData\Roaming\sp_data.sys
2013-09-03 16:41 - 2013-09-18 16:28 - 00000000 ____D C:\Users\Tobi
2013-09-03 16:41 - 2013-09-05 14:02 - 00000000 ____D C:\Users\Tobi\AppData\Local\Packages
2013-09-03 16:41 - 2013-09-05 00:54 - 00000000 ____D C:\Users\Tobi\AppData\Local\VirtualStore
2013-09-03 16:41 - 2013-09-03 16:53 - 00000000 ____D C:\Users\Tobi\AppData\Local\ASUS
2013-09-03 16:41 - 2013-09-03 16:41 - 00000020 ___SH C:\Users\Tobi\ntuser.ini
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\Vorlagen
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\Startmenü
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\Netzwerkumgebung
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\Lokale Einstellungen
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\Eigene Dateien
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\Druckumgebung
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\Documents\Eigene Musik
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\Documents\Eigene Bilder
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\AppData\Local\Verlauf
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\AppData\Local\Anwendungsdaten
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\Anwendungsdaten
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Intel
2013-09-03 16:41 - 2013-05-07 04:14 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS Video Magic
2013-09-03 16:41 - 2012-11-27 06:09 - 00002098 _____ C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2013-09-03 16:41 - 2012-07-26 10:13 - 00000000 ___RD C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-09-03 16:41 - 2012-07-26 10:13 - 00000000 ___RD C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-09-03 16:41 - 2012-07-26 10:13 - 00000000 ___RD C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-09-03 16:41 - 2012-07-26 10:13 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified Files and Folders =======

2013-09-30 09:51 - 2013-09-30 09:51 - 00000000 ____D C:\Windows\ERUNT
2013-09-30 09:49 - 2013-09-30 09:49 - 01030305 _____ (Thisisu) C:\Users\Tobi\Desktop\JRT.exe
2013-09-30 09:44 - 2013-09-03 16:42 - 00000062 _____ C:\Users\Tobi\AppData\Roaming\sp_data.sys
2013-09-30 09:43 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-30 09:42 - 2013-09-30 09:41 - 00000000 ____D C:\AdwCleaner
2013-09-30 09:42 - 2013-09-19 00:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-30 09:29 - 2013-09-30 09:29 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Malwarebytes
2013-09-30 09:29 - 2013-09-30 09:28 - 00000000 ____D C:\Users\Tobi\Desktop\Scanprogramme
2013-09-30 09:27 - 2013-09-04 01:49 - 00000644 _____ C:\Windows\Tasks\Scheduled scanning task.job
2013-09-30 09:26 - 2013-09-30 09:26 - 00318592 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-30 09:26 - 2013-09-04 02:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-30 09:26 - 2013-09-04 01:02 - 00000000 ____D C:\Program Files (x86)\F-Secure
2013-09-30 09:26 - 2012-08-02 15:24 - 00007520 _____ C:\Windows\PFRO.log
2013-09-30 09:08 - 2013-09-30 09:08 - 00000640 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-30 09:08 - 2013-09-30 09:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-30 09:06 - 2013-09-30 09:06 - 01042066 _____ C:\Users\Tobi\Desktop\adwcleaner.exe
2013-09-30 09:06 - 2013-09-30 09:05 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Tobi\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-30 09:03 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-09-29 23:28 - 2013-05-07 03:56 - 01777653 _____ C:\Windows\WindowsUpdate.log
2013-09-28 17:31 - 2013-09-28 17:31 - 01110476 _____ C:\Users\Tobi\Downloads\7z920.exe
2013-09-27 19:59 - 2013-09-27 19:59 - 00000000 ____D C:\FRST
2013-09-27 19:51 - 2013-09-19 11:13 - 00000000 ____D C:\Users\Admin
2013-09-27 19:27 - 2013-09-04 03:42 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Spotify
2013-09-27 18:00 - 2013-09-27 18:00 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\F-Secure
2013-09-27 17:32 - 2013-09-27 17:32 - 00001444 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-27 17:32 - 2013-09-27 17:32 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-27 17:32 - 2013-09-27 17:32 - 00000000 ____D C:\Program Files\iTunes
2013-09-27 17:32 - 2013-09-27 17:32 - 00000000 ____D C:\Program Files\iPod
2013-09-26 15:28 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-09-26 13:16 - 2013-09-26 13:16 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-26 13:15 - 2013-09-26 13:15 - 00000000 ____D C:\ProgramData\Adobe
2013-09-26 13:15 - 2013-09-26 13:15 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-24 15:32 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-09-24 13:11 - 2013-09-04 03:43 - 00000000 ____D C:\Users\Tobi\AppData\Local\Spotify
2013-09-22 02:41 - 2013-09-04 19:54 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Skype
2013-09-21 00:11 - 2013-09-12 13:39 - 00000000 ____D C:\Users\Tobi\Documents\TmForever
2013-09-19 01:26 - 2013-09-12 19:11 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 01:26 - 2013-09-12 19:11 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-19 00:41 - 2013-09-19 00:41 - 00000000 ____D C:\Users\Tobi\AppData\Local\Secunia PSI
2013-09-19 00:40 - 2013-09-19 00:40 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-09-19 00:33 - 2013-09-19 00:33 - 00000000 ____D C:\Users\Tobi\Downloads\Firefox Add Ons
2013-09-19 00:32 - 2013-09-19 00:32 - 00000000 ____D C:\Users\Tobi\Downloads\Handy
2013-09-19 00:32 - 2013-09-04 02:25 - 00000000 ____D C:\Users\Tobi\AppData\Local\Mozilla
2013-09-18 17:39 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\LiveKernelReports
2013-09-18 17:12 - 2013-09-18 16:27 - 00000000 ____D C:\Users\Tobi\.gimp-2.8
2013-09-18 17:09 - 2013-09-18 17:09 - 00003967 _____ C:\Users\Tobi\AppData\Local\recently-used.xbel
2013-09-18 16:28 - 2013-09-18 16:28 - 00000000 ____D C:\Users\Tobi\.thumbnails
2013-09-18 16:28 - 2013-09-03 16:41 - 00000000 ____D C:\Users\Tobi
2013-09-18 16:27 - 2013-09-18 16:27 - 00000000 ____D C:\Users\Tobi\AppData\Local\gegl-0.2
2013-09-18 15:51 - 2013-09-18 15:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-18 15:43 - 2012-08-03 01:02 - 00753134 _____ C:\Windows\system32\perfh007.dat
2013-09-18 15:43 - 2012-08-03 01:02 - 00155826 _____ C:\Windows\system32\perfc007.dat
2013-09-18 15:43 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-12 19:19 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-09-12 15:24 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore
2013-09-12 15:24 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-09-12 15:23 - 2012-07-26 11:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-09-12 15:23 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\SysWOW64\winrm
2013-09-12 15:23 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\SysWOW64\sysprep
2013-09-12 15:23 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2013-09-12 15:23 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\en-GB
2013-09-12 15:23 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-09-12 15:23 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2013-09-12 15:23 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-09-12 15:23 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-09-12 15:23 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Common Files\System
2013-09-12 15:23 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-09-12 15:23 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-09-12 15:23 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-09-12 15:23 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe
2013-09-12 15:23 - 2012-07-26 07:37 - 00000000 ____D C:\Windows\servicing
2013-09-12 15:22 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\SysWOW64\WCN
2013-09-12 15:22 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2013-09-12 15:22 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\system32\winrm
2013-09-12 15:22 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\system32\slmgr
2013-09-12 15:22 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2013-09-12 15:22 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\SysWOW64\MUI
2013-09-12 15:22 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\SysWOW64\Com
2013-09-12 15:22 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\migwiz
2013-09-12 15:22 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\en-GB
2013-09-12 15:22 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-09-12 15:22 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\Sysprep
2013-09-12 15:19 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\system32\WCN
2013-09-12 15:19 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\MUI
2013-09-12 15:19 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\Dism
2013-09-12 15:18 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2013-09-12 15:18 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2013-09-12 15:18 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\Com
2013-09-12 14:33 - 2013-09-12 13:39 - 00000000 ____D C:\ProgramData\TmForever
2013-09-12 00:51 - 2013-09-12 00:51 - 00000000 ____D C:\Users\Tobi\Downloads\__MACOSX
2013-09-11 23:50 - 2013-09-11 23:50 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-09-11 23:50 - 2013-09-11 23:50 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\OpenOffice
2013-09-11 23:49 - 2013-09-11 23:49 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-09-11 23:01 - 2012-11-27 06:09 - 00087759 _____ C:\Windows\DirectX.log
2013-09-11 23:00 - 2013-09-11 23:00 - 00000631 _____ C:\Users\Public\Desktop\TmNationsForever.lnk
2013-09-11 10:34 - 2013-09-04 03:55 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 10:32 - 2013-09-04 03:55 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-10 23:39 - 2013-09-10 23:39 - 00495557 _____ C:\Users\Tobi\Downloads\WLAN_ATHEROS_V7.6.0.164_VISTA64_CA41534-1967.EXE
2013-09-10 22:45 - 2013-09-10 22:45 - 00000000 ____D C:\Users\Tobi\Documents\Meine empfangenen Dateien
2013-09-10 17:21 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF
2013-09-09 14:19 - 2013-09-04 02:25 - 00056016 _____ C:\Windows\system32\Drivers\fsbts.sys
2013-09-09 14:12 - 2013-09-04 01:46 - 07415559 _____ C:\Windows\FSISU.log
2013-09-09 14:12 - 2013-09-04 01:46 - 01631610 _____ C:\Windows\FSSFM.log
2013-09-09 14:12 - 2013-09-04 01:46 - 01321915 _____ C:\Windows\FSSETUP.log
2013-09-09 14:12 - 2013-09-04 01:46 - 00234051 _____ C:\Windows\FSPROD.log
2013-09-09 14:12 - 2013-09-04 01:46 - 00217007 _____ C:\Windows\RunSetup.log
2013-09-09 14:12 - 2013-09-04 01:46 - 00199096 _____ C:\Windows\FSDEPH.log
2013-09-09 14:12 - 2013-09-04 01:46 - 00141337 _____ C:\Windows\FSAVINST.LOG
2013-09-09 14:12 - 2013-09-04 01:46 - 00019785 _____ C:\Windows\prodsett_copy.ini
2013-09-09 14:12 - 2013-09-04 01:46 - 00012243 _____ C:\Windows\FSAVCSIN.LOG
2013-09-09 14:12 - 2013-09-04 01:46 - 00008044 _____ C:\Windows\FSGKIAIN.log
2013-09-09 14:12 - 2013-09-04 01:46 - 00003650 _____ C:\Windows\FSLDIN.LOG
2013-09-09 14:12 - 2013-09-04 01:46 - 00002937 _____ C:\Windows\fsavunin.log
2013-09-09 14:12 - 2013-09-04 01:46 - 00002380 _____ C:\Windows\DAASINST.LOG
2013-09-09 14:12 - 2013-09-04 01:46 - 00001314 _____ C:\Windows\fsav_db_setup.log
2013-09-09 14:11 - 2013-09-04 01:46 - 00032887 _____ C:\Windows\fspplugin.log
2013-09-09 01:19 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData
2013-09-05 14:03 - 2013-09-03 16:44 - 00000000 ___RD C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-05 14:03 - 2013-09-03 16:44 - 00000000 ___RD C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-05 14:02 - 2013-09-05 13:45 - 00000000 ___RD C:\Windows\BrowserChoice
2013-09-05 14:02 - 2013-09-03 16:41 - 00000000 ____D C:\Users\Tobi\AppData\Local\Packages
2013-09-05 14:02 - 2012-08-02 15:28 - 00000000 ____D C:\ProgramData\PRICache
2013-09-05 13:46 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-09-05 13:46 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-09-05 13:46 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-09-05 13:40 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-09-05 13:40 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-09-05 00:54 - 2013-09-03 16:41 - 00000000 ____D C:\Users\Tobi\AppData\Local\VirtualStore
2013-09-05 00:32 - 2013-09-05 00:32 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-09-05 00:32 - 2013-09-05 00:32 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-09-05 00:32 - 2013-09-05 00:32 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-05 00:32 - 2013-09-05 00:32 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-05 00:32 - 2013-09-05 00:32 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-05 00:32 - 2013-09-05 00:32 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-05 00:32 - 2013-09-05 00:32 - 00000000 ____D C:\ProgramData\Sun
2013-09-04 20:03 - 2013-09-04 20:02 - 00000000 ____D C:\Users\Tobi\Downloads\Seven VG Skin
2013-09-04 19:54 - 2013-09-04 19:54 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk
2013-09-04 19:54 - 2013-09-04 19:54 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-09-04 19:54 - 2013-09-04 19:54 - 00000000 ____D C:\ProgramData\Skype
2013-09-04 15:34 - 2013-09-03 21:27 - 00000000 ____D C:\Users\Tobi\Desktop\Tobis Daten
2013-09-04 15:33 - 2013-09-04 15:33 - 00000877 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-09-04 15:33 - 2013-09-04 15:32 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\DVDVideoSoft
2013-09-04 14:48 - 2013-09-04 14:48 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Apple Computer
2013-09-04 14:48 - 2013-09-04 14:48 - 00000000 ____D C:\Users\Tobi\AppData\Local\Apple Computer
2013-09-04 14:47 - 2013-09-04 14:47 - 00000000 ____D C:\ProgramData\Apple Computer
2013-09-04 14:46 - 2013-09-04 14:46 - 00000000 ____D C:\Users\Tobi\AppData\Local\Apple
2013-09-04 14:46 - 2013-09-04 14:46 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-04 14:46 - 2013-09-04 14:46 - 00000000 ____D C:\Program Files\Bonjour
2013-09-04 14:46 - 2013-09-04 14:46 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-09-04 14:46 - 2013-09-04 14:46 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-04 14:46 - 2013-09-04 14:45 - 00000000 ____D C:\ProgramData\Apple
2013-09-04 14:43 - 2012-07-26 09:21 - 00035109 _____ C:\Windows\setupact.log
2013-09-04 03:56 - 2013-09-03 16:55 - 00000000 ____D C:\Users\Tobi\AppData\Local\Adobe
2013-09-04 03:48 - 2013-09-04 03:48 - 00000000 ____D C:\Users\Tobi\AppData\Local\Macromedia
2013-09-04 03:43 - 2013-09-04 03:43 - 00001764 _____ C:\Users\Tobi\Desktop\Spotify.lnk
2013-09-04 03:43 - 2013-09-04 03:43 - 00001750 _____ C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-09-04 02:25 - 2013-09-04 02:25 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Mozilla
2013-09-04 02:24 - 2013-09-04 02:24 - 00000000 ____D C:\ProgramData\Mozilla
2013-09-04 01:55 - 2012-11-27 06:08 - 07021266 _____ C:\Windows\AsDebug.log
2013-09-04 01:46 - 2013-09-04 01:46 - 00041024 _____ C:\Windows\SysWOW64\Drivers\fsbts.sys
2013-09-04 01:46 - 2013-09-04 01:46 - 00020333 _____ C:\Windows\fsmainst.log
2013-09-04 01:46 - 2013-09-04 01:46 - 00018223 _____ C:\Windows\FSGUIINS.LOG
2013-09-04 01:46 - 2013-09-04 01:46 - 00004258 _____ C:\Windows\fstnbins.LOG
2013-09-04 01:46 - 2013-09-04 01:46 - 00003616 _____ C:\Windows\FSGemini.LOG
2013-09-04 01:46 - 2013-09-04 01:46 - 00000881 _____ C:\Windows\fsgadget.log
2013-09-04 01:46 - 2013-09-04 01:46 - 00000770 _____ C:\Windows\fstsutil.log
2013-09-04 01:46 - 2013-09-04 01:00 - 00000000 ____D C:\ProgramData\F-Secure
2013-09-04 01:38 - 2012-11-27 06:11 - 00000000 ____D C:\ProgramData\McAfee
2013-09-04 01:38 - 2012-11-27 06:11 - 00000000 ____D C:\Program Files\mcafee
2013-09-04 01:23 - 2013-09-04 01:23 - 00001945 _____ C:\Users\Public\Desktop\F-Secure.lnk
2013-09-04 01:18 - 2012-08-03 01:01 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2013-09-04 01:05 - 2013-09-04 01:05 - 00000000 ____D C:\sources
2013-09-04 00:54 - 2013-09-04 00:54 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Macromedia
2013-09-03 19:11 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\restore
2013-09-03 19:09 - 2013-09-03 19:09 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2013-09-03 18:51 - 2012-11-27 06:08 - 01427768 _____ C:\Windows\AsCDProc.log
2013-09-03 17:13 - 2013-09-03 17:13 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-09-03 16:56 - 2013-09-03 16:56 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\NVIDIA
2013-09-03 16:55 - 2013-09-03 16:43 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Adobe
2013-09-03 16:54 - 2013-09-03 16:44 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\ASUS
2013-09-03 16:53 - 2013-09-03 16:53 - 00000000 ____D C:\Users\Tobi\Documents\ASUS
2013-09-03 16:53 - 2013-09-03 16:53 - 00000000 ____D C:\ProgramData\ASUS
2013-09-03 16:53 - 2013-09-03 16:41 - 00000000 ____D C:\Users\Tobi\AppData\Local\ASUS
2013-09-03 16:46 - 2012-11-27 06:09 - 00000000 ____D C:\ProgramData\ChangeFolderView
2013-09-03 16:44 - 2013-09-03 16:44 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\ASUS WebStorage
2013-09-03 16:43 - 2013-09-03 16:43 - 00001444 _____ C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-03 16:43 - 2013-09-03 16:43 - 00000188 _____ C:\Windows\FixPatch.log
2013-09-03 16:43 - 2013-09-03 16:43 - 00000135 _____ C:\Windows\SysWOW64\mcmarkclean.log
2013-09-03 16:43 - 2013-09-03 16:43 - 00000000 __RSD C:\Users\Public\Desktop\ASUS
2013-09-03 16:43 - 2013-09-03 16:43 - 00000000 ____D C:\ProgramData\FolderView
2013-09-03 16:43 - 2012-08-02 15:33 - 00000000 ____D C:\Windows\Log
2013-09-03 16:41 - 2013-09-03 16:41 - 00000020 ___SH C:\Users\Tobi\ntuser.ini
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\Vorlagen
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\Startmenü
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\Netzwerkumgebung
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\Lokale Einstellungen
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\Eigene Dateien
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\Druckumgebung
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\Documents\Eigene Musik
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\Documents\Eigene Bilder
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\AppData\Local\Verlauf
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\AppData\Local\Anwendungsdaten
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 _SHDL C:\Users\Tobi\Anwendungsdaten
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Intel

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe


Some content of TEMP:
====================
C:\Users\Tobi\AppData\Local\Temp\fsc626C.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---

--- --- ---

[/CODE]

schrauber 30.09.2013 16:43

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:33 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131