Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Neuer PC - altes Problem. Mit WoW kam auch Agent.3526 (https://www.trojaner-board.de/161743-neuer-pc-altes-problem-wow-kam-agent-3526-a.html)

Fellefant 11.12.2014 20:20
Neuer PC - altes Problem. Mit WoW kam auch Agent.3526
 
Gut, ich verstehe ja daß so ein PC in der Anfangsphase von allerlei Updates ausgebremst wird. Aber....

...den Göttern des Netzes sei Dank hatte ich gleich Emsisoft und mbam draufgespielt.

Und so popt mittlerweile mbam's Malwareseitenblocker dauernd in der rechten unteren Ecke hoch und meldet die Blockierung von

C:/ProgrammData/Battle.net/Agent/Agent.3526/Agent.exe

Also habe ich schleunigst das Battlenetpaßwort verschärft, mbam Suchlauf laufen lassen, desgleichen Adwarecleaner und JRT.

Nachdem ich die Emsisoft und mbam wieder einschaltete und den LAN wieder eingestöpselt hatte, war endlich Ruhe. Nur wie lange?

Deshalb die Bitte an Euch, doch mal einen Blick in mein Maschinchen zu werfen.

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:40 on 11/12/2014 (Jochen)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-12-2014 01
Ran by Jochen (administrator) on STOIMETZ-PC on 11-12-2014 19:42:31
Running from D:\Downloads
Loaded Profile: Jochen (Available profiles: Jochen & Gast)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\SysWOW64\AsHookDevice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe
(Microsoft) C:\Program Files (x86)\ASUS\ASUS Launcher\Launcher.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}\AiChargerDT.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Internet Security\a2guard.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSPanel.exe
() C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSService.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.5383\Battle.net.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2014-01-09] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\ASUSWSLoader.exe [63272 2014-11-07] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-09] (CyberLink Corp.)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft internet security\a2guard.exe [4954576 2014-12-01] (Emsisoft GmbH)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKU\S-1-5-21-4018441543-2564778634-3823518578-1002\...\Run: [EPSON Stylus Photo RX585 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICLE.EXE [213504 2007-03-30] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4018441543-2564778634-3823518578-1002\...\Run: [EPSON Stylus Photo RX585 Series (Kopie 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICLE.EXE [213504 2007-03-30] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.15.438\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.15.438\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.15.438\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4018441543-2564778634-3823518578-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-4018441543-2564778634-3823518578-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Jochen\AppData\Roaming\Mozilla\Firefox\Profiles\m4ytiqs0.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Ghostery - C:\Users\Jochen\AppData\Roaming\Mozilla\Firefox\Profiles\m4ytiqs0.default\Extensions\firefox@ghostery.com.xpi [2014-12-03]
FF Extension: NoScript - C:\Users\Jochen\AppData\Roaming\Mozilla\Firefox\Profiles\m4ytiqs0.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-12-03]
FF Extension: Adblock Plus - C:\Users\Jochen\AppData\Roaming\Mozilla\Firefox\Profiles\m4ytiqs0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-03]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe [4907232 2014-12-01] (Emsisoft GmbH)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-08-28] ()
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
R2 Device Handle Service; C:\Windows\SysWOW64\AsHookDevice.exe [207160 2013-08-08] ()
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-19] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT INTERNET SECURITY\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Internet Security\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Internet Security\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Internet Security\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R3 AiChargerDT; C:\Windows\SysWow64\drivers\AiChargerDT.sys [14880 2012-10-18] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Internet Security\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [469264 2013-06-26] (Intel Corporation)
R3 fwndis; C:\Windows\system32\DRIVERS\fwndis64.sys [484952 2014-12-01] ()
R1 fwwfp; C:\Program Files (x86)\Emsisoft Internet Security\fwwfp764.sys [414424 2014-12-01] ()
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-19] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-11 19:42 - 2014-12-11 19:42 - 00000000 ____D () C:\FRST
2014-12-11 19:40 - 2014-12-11 19:40 - 00000000 _____ () C:\Users\Jochen\defogger_reenable
2014-12-11 19:23 - 2014-12-11 19:23 - 00000615 _____ () C:\Users\Jochen\Desktop\JRT.txt
2014-12-11 19:17 - 2014-12-11 19:17 - 00000000 ____D () C:\Windows\ERUNT
2014-12-11 19:05 - 2014-12-11 19:09 - 00000000 ____D () C:\AdwCleaner
2014-12-11 15:41 - 2014-12-11 15:41 - 00000691 ____H () C:\Users\Jochen\Desktop\Diablo III.lnk
2014-12-11 15:41 - 2014-12-11 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2014-12-11 09:04 - 2014-12-11 09:04 - 00000775 ____H () C:\Users\Jochen\Desktop\World of Warcraft.lnk
2014-12-11 09:04 - 2014-12-11 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2014-12-10 18:40 - 2014-12-11 09:27 - 00000000 ____D () C:\Users\Jochen\AppData\Roaming\Spotify
2014-12-09 16:08 - 2014-12-09 16:08 - 00000000 ____D () C:\Users\Jochen\Desktop\STOIMETZ-PC
2014-12-08 11:30 - 2014-12-08 11:30 - 00000775 ____H () C:\Users\Public\Desktop\Werner.lnk
2014-12-08 07:59 - 2014-12-08 23:16 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4018441543-2564778634-3823518578-1007
2014-12-08 07:43 - 2014-12-08 07:43 - 00967648 _____ () C:\Windows\Minidump\120814-14140-01.dmp
2014-12-07 22:11 - 2014-12-07 22:11 - 00020151 _____ () C:\TMPatch.log
2014-12-07 21:05 - 2014-12-07 21:05 - 00000000 ____D () C:\Users\Jochen\AppData\Roaming\Apple Computer
2014-12-07 21:05 - 2014-12-07 21:05 - 00000000 ____D () C:\Users\Jochen\AppData\Local\Apple Computer
2014-12-07 21:04 - 2014-12-07 21:42 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-07 21:04 - 2014-12-07 21:04 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-12-07 21:04 - 2014-12-07 21:04 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-12-07 21:04 - 2014-12-07 21:04 - 00000000 ____D () C:\Users\Jochen\AppData\Local\Apple
2014-12-07 21:04 - 2014-12-07 21:04 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-12-07 21:04 - 2014-12-07 21:04 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-12-07 21:03 - 2014-12-07 21:42 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-07 21:03 - 2014-12-07 21:04 - 00000000 ____D () C:\ProgramData\Apple
2014-12-07 21:03 - 2014-12-07 21:03 - 00000000 ____D () C:\Program Files\Bonjour
2014-12-07 21:03 - 2014-12-07 21:03 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-12-07 20:57 - 2014-12-07 21:03 - 122418480 _____ (Apple Inc.) C:\Users\Jochen\Downloads\iTunes64Setup.exe
2014-12-07 19:56 - 2014-12-07 20:01 - 109829936 _____ (Apple Inc.) C:\Users\Jochen\Downloads\iTunesSetup.exe
2014-12-07 16:52 - 2014-12-07 16:52 - 00000000 ____D () C:\Windows\system32\Plug-In Settings
2014-12-07 14:08 - 2014-12-07 14:08 - 00002239 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2014-12-07 14:08 - 2014-12-07 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-12-07 14:07 - 2014-12-11 19:15 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-07 14:07 - 2014-12-11 19:13 - 00001130 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-07 14:07 - 2014-12-07 14:07 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-07 14:07 - 2014-12-07 14:07 - 00003870 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-07 14:06 - 2014-12-07 14:08 - 00000000 ____D () C:\Users\Jochen\AppData\Local\Google
2014-12-07 14:06 - 2014-12-07 14:08 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-07 14:06 - 2014-12-07 14:06 - 00880784 _____ (Google Inc.) C:\Users\Jochen\Downloads\GoogleEarthSetup.exe
2014-12-07 12:45 - 2014-12-07 12:47 - 00001166 ____H () C:\Users\Public\Desktop\Fensterbau.lnk
2014-12-07 12:45 - 2014-12-07 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2014-12-07 12:35 - 2014-12-07 12:47 - 00000000 ____D () C:\Program Files (x86)\Diablo II
2014-12-07 11:53 - 2014-12-09 16:08 - 00000000 ____D () C:\Users\Fremder
2014-12-07 11:34 - 2014-12-07 11:34 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Intel Corporation
2014-12-07 11:33 - 2014-12-07 11:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\NVIDIA Corporation
2014-12-07 11:33 - 2014-12-07 11:33 - 00001457 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-07 11:33 - 2014-12-07 11:33 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\WebStorage
2014-12-07 11:33 - 2014-12-07 11:33 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Adobe
2014-12-07 11:33 - 2014-12-07 11:33 - 00000000 ____D () C:\Users\Gast\AppData\Local\VirtualStore
2014-12-07 11:33 - 2014-12-07 11:33 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages
2014-12-07 11:33 - 2014-12-07 11:33 - 00000000 ____D () C:\Users\Gast\AppData\Local\NVIDIA
2014-12-07 11:32 - 2014-12-07 11:33 - 00000000 ____D () C:\Users\Gast
2014-12-07 11:32 - 2014-12-07 11:32 - 00000020 ___SH () C:\Users\Gast\ntuser.ini
2014-12-07 11:32 - 2014-12-07 11:32 - 00000000 _SHDL () C:\Users\Gast\Vorlagen
2014-12-07 11:32 - 2014-12-07 11:32 - 00000000 _SHDL () C:\Users\Gast\Startmenü
2014-12-07 11:32 - 2014-12-07 11:32 - 00000000 _SHDL () C:\Users\Gast\Netzwerkumgebung
2014-12-07 11:32 - 2014-12-07 11:32 - 00000000 _SHDL () C:\Users\Gast\Lokale Einstellungen
2014-12-07 11:32 - 2014-12-07 11:32 - 00000000 _SHDL () C:\Users\Gast\Eigene Dateien
2014-12-07 11:32 - 2014-12-07 11:32 - 00000000 _SHDL () C:\Users\Gast\Druckumgebung
2014-12-07 11:32 - 2014-12-07 11:32 - 00000000 _SHDL () C:\Users\Gast\Documents\Eigene Musik
2014-12-07 11:32 - 2014-12-07 11:32 - 00000000 _SHDL () C:\Users\Gast\Documents\Eigene Bilder
2014-12-07 11:32 - 2014-12-07 11:32 - 00000000 _SHDL () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-07 11:32 - 2014-12-07 11:32 - 00000000 _SHDL () C:\Users\Gast\AppData\Local\Verlauf
2014-12-07 11:32 - 2014-12-07 11:32 - 00000000 _SHDL () C:\Users\Gast\AppData\Local\Anwendungsdaten
2014-12-07 11:32 - 2014-12-07 11:32 - 00000000 _SHDL () C:\Users\Gast\Anwendungsdaten
2014-12-07 11:32 - 2014-12-04 22:55 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-07 11:32 - 2014-01-09 10:42 - 00002110 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-12-07 11:32 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-07 11:32 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-07 11:32 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-07 11:26 - 2014-12-07 11:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-12-07 11:23 - 2014-12-08 07:43 - 650850279 _____ () C:\Windows\MEMORY.DMP
2014-12-07 11:23 - 2014-12-08 07:43 - 00000000 ____D () C:\Windows\Minidump
2014-12-07 11:23 - 2014-12-07 11:24 - 00979800 _____ () C:\Windows\Minidump\120714-29687-01.dmp
2014-12-06 10:03 - 2014-12-06 10:03 - 00000000 ____D () C:\Users\Jochen\AppData\Local\Macromedia
2014-12-06 09:39 - 2014-12-11 19:15 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-06 09:10 - 2014-12-11 18:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-06 09:10 - 2014-12-11 08:22 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-06 09:09 - 2014-12-11 08:21 - 00000000 ____D () C:\Users\Jochen\AppData\Local\Adobe
2014-12-06 09:06 - 2014-12-06 09:06 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-06 09:06 - 2014-12-06 09:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-06 09:06 - 2014-12-06 09:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-06 09:06 - 2014-12-06 09:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-06 09:06 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-06 09:06 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-06 09:06 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-06 09:04 - 2014-12-06 09:05 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jochen\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-05 18:17 - 2014-12-05 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2014-12-05 17:14 - 2014-12-11 08:46 - 00001180 _____ () C:\Users\Jochen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Emsisoft Internet Security Guard.lnk
2014-12-04 22:55 - 2014-12-05 17:13 - 00000000 ___RD () C:\Windows\BrowserChoice
2014-12-04 22:38 - 2014-12-10 18:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-04 22:38 - 2014-12-10 18:04 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-04 22:36 - 2014-12-04 22:36 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-12-04 19:18 - 2014-01-04 21:50 - 01462216 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-12-04 19:18 - 2014-01-04 20:22 - 01202888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-12-04 19:18 - 2014-01-04 15:30 - 13209088 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-12-04 19:18 - 2014-01-04 15:23 - 11702272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-12-04 19:18 - 2014-01-04 15:03 - 00919040 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-04 19:18 - 2014-01-04 14:47 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-04 19:18 - 2014-01-04 14:42 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-12-04 19:18 - 2014-01-04 14:40 - 07416832 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-12-04 19:18 - 2014-01-04 14:36 - 00830976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2014-12-04 19:18 - 2014-01-04 14:28 - 04961792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-12-04 19:18 - 2013-12-21 03:10 - 00009701 _____ () C:\Windows\SysWOW64\connectedsearch-results.searchconnector-ms
2014-12-04 19:18 - 2013-12-21 03:10 - 00009701 _____ () C:\Windows\system32\connectedsearch-results.searchconnector-ms
2014-12-04 19:17 - 2014-12-04 19:17 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-12-04 19:17 - 2014-11-12 21:46 - 00615624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-12-04 19:16 - 2014-11-17 23:18 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-12-04 19:16 - 2014-11-17 23:18 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-12-04 19:16 - 2014-11-13 01:20 - 31893136 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-12-04 19:16 - 2014-11-13 01:20 - 24557712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-12-04 19:16 - 2014-11-13 01:20 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-12-04 19:16 - 2014-11-13 01:20 - 19966344 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-12-04 19:16 - 2014-11-13 01:20 - 18514616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-12-04 19:16 - 2014-11-13 01:20 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-12-04 19:16 - 2014-11-13 01:20 - 14032984 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-12-04 19:16 - 2014-11-13 01:20 - 13944952 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-12-04 19:16 - 2014-11-13 01:20 - 13213512 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-12-04 19:16 - 2014-11-13 01:20 - 11397744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-12-04 19:16 - 2014-11-13 01:20 - 11336432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-12-04 19:16 - 2014-11-13 01:20 - 04292416 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-12-04 19:16 - 2014-11-13 01:20 - 04011208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-12-04 19:16 - 2014-11-13 01:20 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434475.dll
2014-12-04 19:16 - 2014-11-13 01:20 - 01540424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434475.dll
2014-12-04 19:16 - 2014-11-13 01:20 - 00964928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-12-04 19:16 - 2014-11-13 01:20 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-12-04 19:16 - 2014-11-13 01:20 - 00923792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-12-04 19:16 - 2014-11-13 01:20 - 00900928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-12-04 19:16 - 2014-11-13 01:20 - 00871648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-12-04 19:16 - 2014-11-13 01:20 - 00834880 _____ () C:\Windows\system32\nvmcumd.dll
2014-12-04 19:16 - 2014-11-13 01:20 - 00500880 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-12-04 19:16 - 2014-11-13 01:20 - 00418112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-12-04 19:16 - 2014-11-13 01:20 - 00393024 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-12-04 19:16 - 2014-11-13 01:20 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-12-04 19:16 - 2014-11-13 01:20 - 00348304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-12-04 19:16 - 2014-11-13 01:20 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-12-04 19:16 - 2014-11-13 01:20 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-12-04 19:16 - 2014-11-13 01:20 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-12-04 18:58 - 2014-12-06 14:03 - 00000000 ____D () C:\Users\Jochen\Documents\Diablo III
2014-12-04 18:56 - 2014-12-04 18:56 - 00002585 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
2014-12-04 18:55 - 2014-12-05 18:17 - 00001208 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works-Start.lnk
2014-12-04 18:55 - 2014-12-05 18:17 - 00001196 _____ () C:\Users\Public\Desktop\Microsoft Works.lnk
2014-12-04 18:55 - 2014-12-05 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2014-12-04 18:48 - 2014-12-04 18:48 - 00001248 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 8.0.lnk
2014-12-04 18:48 - 2014-12-04 18:48 - 00001236 _____ () C:\Users\Public\Desktop\Adobe Photoshop Elements 8.0.lnk
2014-12-04 18:48 - 2008-06-16 03:00 - 00055024 ____N (Sonic Solutions) C:\Windows\system32\Drivers\PxHlpa64.sys
2014-12-04 18:43 - 2014-12-04 18:43 - 00000400 _____ () C:\Windows\ODBC.INI
2014-12-04 18:42 - 2014-12-06 08:33 - 00002635 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Office-Dokument öffnen.lnk
2014-12-04 18:42 - 2014-12-06 08:33 - 00002631 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Neues Office-Dokument.lnk
2014-12-04 18:42 - 2014-12-06 08:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-12-04 18:42 - 2014-12-05 18:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-12-04 18:42 - 2014-12-04 18:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2014-12-04 18:39 - 2014-12-04 18:39 - 00000957 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-12-04 18:39 - 2014-12-04 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan
2014-12-04 18:39 - 2014-12-04 18:39 - 00000000 ____D () C:\Program Files (x86)\epson
2014-12-04 18:39 - 2007-07-13 00:00 - 00083968 _____ (SEIKO EPSON CORP.) C:\Windows\system32\esxcwiad.dll
2014-12-04 18:36 - 2014-12-04 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-12-04 18:36 - 2014-12-04 18:36 - 00000000 ____D () C:\ProgramData\EPSON
2014-12-04 18:35 - 2014-12-04 18:35 - 00000000 ____D () C:\Program Files\EPSON
2014-12-04 18:35 - 2006-12-08 03:04 - 00129536 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ILMCLE.DLL
2014-12-04 18:35 - 2006-04-19 03:00 - 00086528 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_IBCBCLE.DLL
2014-12-04 18:35 - 2005-02-02 13:05 - 00008704 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
2014-12-04 18:32 - 2014-12-11 08:19 - 00012721 _____ () C:\Windows\system32\lvcoinst.log
2014-12-04 18:32 - 2014-12-04 18:32 - 00000000 ____D () C:\Program Files\Common Files\logishrd
2014-12-04 18:19 - 2014-12-04 18:24 - 00000000 ____D () C:\Users\Jochen\AppData\Local\NVIDIA Corporation
2014-12-04 18:19 - 2014-12-04 18:20 - 00000000 ____D () C:\Users\Jochen\AppData\Local\NVIDIA
2014-12-04 18:19 - 2014-11-06 18:06 - 02800296 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-12-04 18:19 - 2014-11-06 18:06 - 02197680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-12-04 18:19 - 2014-11-06 18:06 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-12-04 18:19 - 2014-11-06 18:06 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-12-04 18:19 - 2014-10-03 20:23 - 00038216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-12-04 18:19 - 2014-10-03 20:23 - 00035144 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-12-04 18:19 - 2014-10-03 20:23 - 00032584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-12-04 18:19 - 2013-12-09 01:19 - 00570880 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-12-04 18:19 - 2013-12-09 00:55 - 00444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-12-04 18:19 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-12-04 18:19 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-12-04 18:19 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-12-04 18:19 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-12-04 17:53 - 2014-12-04 17:53 - 00001142 _____ () C:\Users\Jochen\Desktop\Willkommen zur ASUS Produktregistrierung.lnk
2014-12-03 22:02 - 2014-02-22 13:16 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-03 22:02 - 2014-02-22 12:24 - 00124416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-03 22:00 - 2014-05-08 08:14 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-03 22:00 - 2014-05-08 06:52 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-03 22:00 - 2014-05-08 05:57 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-03 22:00 - 2014-05-08 05:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-03 21:51 - 2014-04-19 12:15 - 21186352 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-12-03 21:51 - 2014-04-19 07:49 - 18644072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-12-03 21:50 - 2014-01-07 08:03 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\pcaui.exe
2014-12-03 21:50 - 2014-01-07 06:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pcaui.exe
2014-12-03 21:50 - 2013-11-23 05:34 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-12-03 21:50 - 2013-11-23 05:13 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-12-03 21:49 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2014-12-03 21:49 - 2013-11-09 07:34 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2014-12-03 21:49 - 2013-11-09 07:34 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2014-12-03 21:49 - 2013-11-09 06:52 - 00240128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll
2014-12-03 21:45 - 2014-01-31 17:15 - 00311640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-12-03 21:45 - 2014-01-31 17:07 - 00233920 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-03 21:45 - 2014-01-31 17:06 - 02133208 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-12-03 21:45 - 2014-01-31 14:47 - 02143960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-12-03 21:45 - 2014-01-31 10:06 - 00716288 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll
2014-12-03 21:45 - 2014-01-29 09:53 - 00458616 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2014-12-03 21:45 - 2014-01-29 09:53 - 00407024 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2014-12-03 21:45 - 2014-01-29 09:49 - 01928144 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2014-12-03 21:45 - 2014-01-29 09:47 - 02543960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-12-03 21:45 - 2014-01-29 08:44 - 01371824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2014-12-03 21:45 - 2014-01-29 08:44 - 00408480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2014-12-03 21:45 - 2014-01-29 08:44 - 00369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2014-12-03 21:45 - 2014-01-29 07:41 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2014-12-03 21:45 - 2014-01-29 01:36 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2014-12-03 21:45 - 2014-01-27 20:07 - 04175360 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2014-12-03 21:45 - 2014-01-27 20:06 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-12-03 21:45 - 2014-01-27 20:04 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2014-12-03 21:45 - 2014-01-27 19:23 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2014-12-03 21:45 - 2014-01-27 19:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-12-03 21:45 - 2014-01-27 19:20 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2014-12-03 21:45 - 2014-01-27 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-12-03 21:45 - 2014-01-27 18:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-12-03 21:45 - 2014-01-27 18:18 - 01486848 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2014-12-03 21:45 - 2014-01-27 18:00 - 01238016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2014-12-03 21:45 - 2014-01-27 16:58 - 05770752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-12-03 21:45 - 2014-01-27 16:50 - 06640640 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-03 21:45 - 2014-01-27 12:45 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-12-03 21:45 - 2014-01-18 00:04 - 00764864 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2014-12-03 21:45 - 2014-01-17 22:54 - 00669352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-12-03 21:45 - 2013-12-21 15:51 - 06353960 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2014-12-03 21:45 - 2013-12-21 09:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\sppcomapi.dll
2014-12-03 21:38 - 2014-03-10 11:35 - 02008408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-12-03 21:38 - 2014-03-10 11:35 - 00377176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2014-12-03 21:37 - 2014-03-06 10:19 - 01287576 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-12-03 21:37 - 2014-03-06 10:02 - 01109424 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-12-03 21:37 - 2014-03-06 07:17 - 00835584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-12-03 21:37 - 2014-03-06 07:10 - 01036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-12-03 21:36 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-03 21:36 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-03 21:36 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-03 21:36 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-03 21:36 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-03 21:36 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-03 21:36 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-03 21:36 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-03 21:36 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-03 21:36 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-03 21:36 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-03 21:36 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-03 21:36 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-03 21:36 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-03 21:36 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-03 21:36 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-03 21:36 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-03 21:36 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-03 21:36 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-03 21:36 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-03 21:36 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-03 21:36 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-03 21:36 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-03 21:36 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-03 21:36 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-03 21:36 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-03 21:36 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-03 21:36 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-03 21:36 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-03 21:36 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-03 21:36 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-03 21:36 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-03 21:36 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-03 21:23 - 2014-02-11 04:04 - 04189184 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-12-03 21:22 - 2014-02-11 03:43 - 00488448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-12-03 21:22 - 2014-02-11 03:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-12-03 21:22 - 2014-01-08 02:46 - 00325464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2014-12-03 21:22 - 2014-01-08 02:41 - 01530712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-12-03 21:22 - 2014-01-08 02:41 - 00382808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-12-03 21:22 - 2014-01-04 16:54 - 00138240 _____ () C:\Windows\system32\OEMLicense.dll
2014-12-03 21:22 - 2014-01-04 16:08 - 00103936 _____ () C:\Windows\SysWOW64\OEMLicense.dll
2014-12-03 21:22 - 2014-01-04 15:08 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2014-12-03 21:22 - 2014-01-04 14:53 - 00174592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2014-12-03 21:22 - 2014-01-03 00:54 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-12-03 21:22 - 2014-01-03 00:48 - 00336896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-12-03 21:22 - 2014-01-01 02:55 - 01720560 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-12-03 21:22 - 2014-01-01 02:52 - 00481944 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2014-12-03 21:22 - 2014-01-01 01:56 - 01472048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-12-03 21:22 - 2014-01-01 01:55 - 00381168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2014-12-03 21:22 - 2014-01-01 00:59 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-12-03 21:22 - 2014-01-01 00:57 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-12-03 21:22 - 2014-01-01 00:56 - 00960512 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-12-03 21:22 - 2013-12-31 00:34 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sti.dll
2014-12-03 21:22 - 2013-12-31 00:33 - 00770560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2014-12-03 21:22 - 2013-12-31 00:32 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\sti.dll
2014-12-03 21:22 - 2013-12-31 00:31 - 00947712 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2014-12-03 21:22 - 2013-12-31 00:31 - 00914944 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2014-12-03 21:22 - 2013-12-27 16:09 - 00419160 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2014-12-03 21:22 - 2013-12-27 09:57 - 00842752 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.dll
2014-12-03 21:22 - 2013-12-27 09:57 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2014-12-03 21:22 - 2013-12-27 09:23 - 00749056 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2014-12-03 21:22 - 2013-12-27 08:03 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsSpellCheckingFacility.dll
2014-12-03 21:22 - 2013-12-27 08:03 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2014-12-03 21:22 - 2013-12-27 07:37 - 00588800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2014-12-03 21:22 - 2013-12-21 08:21 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2014-12-03 21:22 - 2013-12-17 08:21 - 00408576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2014-12-03 21:22 - 2013-12-14 07:31 - 13949440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-12-03 21:22 - 2013-12-14 07:19 - 18576384 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-12-03 21:22 - 2013-12-13 11:54 - 00131160 _____ (Microsoft Corporation) C:\Windows\system32\easinvoker.exe
2014-12-03 21:22 - 2013-12-13 08:24 - 00121088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2014-12-03 21:22 - 2013-12-13 07:36 - 00178176 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll
2014-12-03 21:22 - 2013-12-13 06:32 - 00140800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\easwrt.dll
2014-12-03 21:22 - 2013-11-04 12:50 - 02143744 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2014-12-03 21:22 - 2013-11-04 02:30 - 01765376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2014-12-03 21:22 - 2013-10-05 15:21 - 02140888 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-12-03 21:22 - 2013-10-05 15:21 - 00516496 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-12-03 21:22 - 2013-10-05 13:05 - 01765384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-12-03 21:22 - 2013-10-05 13:05 - 00406400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-12-03 21:13 - 2014-12-03 21:14 - 02617344 _____ () C:\Users\Jochen\Downloads\msxml6_x64.msi
2014-12-03 20:52 - 2014-12-03 20:52 - 00000397 _____ () C:\Windows\SecuniaPackage.log
2014-12-03 20:36 - 2013-12-20 11:18 - 01643584 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-12-03 20:36 - 2013-12-20 11:18 - 01507704 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-12-03 20:36 - 2013-10-31 01:33 - 01476184 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-12-03 20:36 - 2013-10-31 01:33 - 01345536 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-12-03 20:30 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2014-12-03 20:30 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\WSCollect.exe
2014-12-03 20:30 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-12-03 20:30 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-12-03 20:30 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-12-03 20:30 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-12-03 20:27 - 2013-10-31 01:29 - 00236888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-12-03 20:27 - 2013-10-31 01:29 - 00124760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-12-03 20:27 - 2013-10-31 01:28 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-12-03 20:23 - 2013-12-09 01:34 - 01227264 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2014-12-03 20:23 - 2013-12-09 01:04 - 00980480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2014-12-03 20:23 - 2013-11-27 16:34 - 03210528 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-12-03 20:23 - 2013-11-27 16:27 - 00809872 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-12-03 20:23 - 2013-11-27 15:00 - 00663680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-12-03 20:23 - 2013-11-27 14:47 - 02804528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-12-03 20:23 - 2013-11-27 13:02 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys
2014-12-03 20:23 - 2013-11-27 11:24 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-12-03 20:23 - 2013-11-27 10:46 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-12-03 20:23 - 2013-11-27 10:41 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2014-12-03 20:23 - 2013-11-27 10:17 - 00263168 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2014-12-03 20:23 - 2013-11-27 10:10 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.dll
2014-12-03 20:23 - 2013-11-27 09:58 - 01503232 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2014-12-03 20:23 - 2013-11-27 09:56 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.dll
2014-12-03 20:23 - 2013-11-27 09:20 - 04106240 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-12-03 20:23 - 2013-11-26 14:20 - 01399176 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2014-12-03 20:23 - 2013-11-26 14:20 - 01374384 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2014-12-03 20:23 - 2013-11-26 12:44 - 01204968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2014-12-03 20:23 - 2013-11-25 02:45 - 00142680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-12-03 20:23 - 2013-11-25 02:32 - 01119064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-12-03 20:23 - 2013-11-25 00:30 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-12-03 20:23 - 2013-11-25 00:28 - 00589824 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-12-03 20:23 - 2013-11-23 13:47 - 00032088 _____ (Microsoft Corporation) C:\Windows\system32\ploptin.dll
2014-12-03 20:23 - 2013-11-23 08:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\bi.dll
2014-12-03 20:23 - 2013-11-23 08:13 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BtaMPM.sys
2014-12-03 20:23 - 2013-11-23 08:08 - 00403456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-12-03 20:23 - 2013-11-23 05:50 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2014-12-03 20:23 - 2013-11-23 04:19 - 02617344 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-12-03 20:23 - 2013-11-23 04:15 - 02295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-12-03 20:23 - 2013-11-21 07:58 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\deviceregistration.dll
2014-12-03 20:23 - 2013-11-21 07:26 - 01415680 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-12-03 20:23 - 2013-11-15 15:59 - 00470016 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2014-12-03 20:23 - 2013-11-15 15:25 - 00433664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2014-12-03 20:23 - 2013-11-15 15:08 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-12-03 20:23 - 2013-11-15 14:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-12-03 20:23 - 2013-10-31 01:29 - 00745336 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-12-03 20:23 - 2013-10-31 00:41 - 00552624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-12-03 20:23 - 2013-09-17 10:06 - 00465960 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-12-03 20:23 - 2013-09-17 07:31 - 00326024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-12-03 20:23 - 2013-09-14 10:11 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\ipnathlp.dll
2014-12-03 20:20 - 2014-12-03 20:20 - 00000000 ____D () C:\Users\Jochen\AppData\Local\Cyberlink
2014-12-03 20:13 - 2014-12-03 20:13 - 00000000 ____D () C:\Users\Public\CyberLink
2014-12-03 20:11 - 2014-12-03 20:11 - 00000000 ____D () C:\Users\Jochen\Documents\CyberLink
2014-12-03 20:11 - 2014-12-03 20:11 - 00000000 ____D () C:\Users\Jochen\AppData\Roaming\CyberLink
2014-12-03 20:01 - 2014-12-08 16:40 - 00007597 _____ () C:\Users\Jochen\AppData\Local\Resmon.ResmonCfg
2014-12-03 19:56 - 2014-12-03 19:56 - 00001096 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-12-03 19:56 - 2014-12-03 19:56 - 00000000 ____D () C:\Users\Jochen\AppData\Local\Secunia PSI
2014-12-03 19:55 - 2014-12-03 19:55 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-12-03 19:51 - 2014-12-03 19:54 - 05490752 _____ (Secunia) C:\Users\Jochen\Downloads\PSISetup10004.exe
2014-12-03 19:50 - 2013-12-11 08:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-12-03 19:45 - 2013-11-11 03:48 - 00039768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2014-12-03 19:45 - 2013-11-09 07:37 - 01756160 _____ (Microsoft Corporation) C:\Windows\system32\WMPDMC.exe
2014-12-03 19:45 - 2013-11-09 06:56 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPDMC.exe
2014-12-03 19:45 - 2013-11-08 11:26 - 00358896 _____ (Microsoft Corporation) C:\Windows\system32\dcomp.dll
2014-12-03 19:45 - 2013-11-08 05:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2014-12-03 19:45 - 2013-11-08 05:16 - 00225792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dcomp.dll
2014-12-03 19:45 - 2013-11-08 05:15 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2014-12-03 19:45 - 2013-11-08 04:41 - 01302528 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2014-12-03 19:45 - 2013-11-08 04:14 - 00922624 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2014-12-03 19:45 - 2013-11-05 15:19 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2014-12-03 19:45 - 2013-11-05 14:17 - 00565248 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-12-03 19:45 - 2013-11-04 14:07 - 01843712 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
2014-12-03 19:45 - 2013-11-04 11:32 - 02570240 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-12-03 19:45 - 2013-11-04 03:28 - 01816576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Display.dll
2014-12-03 19:45 - 2013-11-01 12:39 - 00086872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-12-03 19:45 - 2013-11-01 07:08 - 00747008 _____ (Microsoft Corporation) C:\Windows\system32\wlidcli.dll
2014-12-03 19:45 - 2013-11-01 06:57 - 00544768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidcli.dll
2014-12-03 19:45 - 2013-10-31 01:58 - 00372568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2014-12-03 19:45 - 2013-10-31 01:42 - 07399256 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-12-03 19:45 - 2013-10-26 02:54 - 00146776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\SerCx2.sys
2014-12-03 19:45 - 2013-10-24 10:31 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\CredentialMigrationHandler.dll
2014-12-03 19:45 - 2013-10-24 10:12 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredentialMigrationHandler.dll
2014-12-03 19:45 - 2013-10-17 12:21 - 02896896 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2014-12-03 19:45 - 2013-10-17 11:36 - 02266624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2014-12-03 19:42 - 2014-12-03 19:43 - 01055936 _____ (Adobe) C:\Users\Jochen\Downloads\install_flashplayer15x32_mssd_aaa_aih.exe
2014-12-03 19:28 - 2014-12-03 19:28 - 00001179 ____H () C:\Users\Public\Desktop\Diamantwerkzeug.lnk
2014-12-03 19:25 - 2013-10-23 12:29 - 00044936 _____ (Microsoft Corporation) C:\Windows\system32\wldp.dll
2014-12-03 19:25 - 2013-10-23 12:21 - 00155480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-12-03 19:25 - 2013-10-23 12:13 - 00171864 _____ (Microsoft Corporation) C:\Windows\system32\kd_02_8086.dll
2014-12-03 19:25 - 2013-10-22 08:55 - 02328872 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-12-03 19:25 - 2013-10-22 07:03 - 02065448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-12-03 19:25 - 2013-10-22 06:15 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2014-12-03 19:25 - 2013-10-22 05:04 - 00618496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2014-12-03 19:25 - 2013-10-22 04:44 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
2014-12-03 19:25 - 2013-10-22 03:38 - 01362944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-12-03 19:25 - 2013-10-22 03:22 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-12-03 19:25 - 2013-10-22 02:53 - 01584128 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2014-12-03 19:25 - 2013-10-19 05:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2014-12-03 19:25 - 2013-10-19 05:03 - 00531968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2014-12-03 19:25 - 2013-10-19 04:26 - 01231360 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2014-12-03 19:25 - 2013-10-19 04:14 - 00888832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2014-12-03 19:25 - 2013-10-16 10:34 - 00518656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2014-12-03 19:25 - 2013-10-16 10:33 - 00631296 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2014-12-03 19:25 - 2013-10-13 04:06 - 00258904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2014-12-03 19:25 - 2013-10-13 03:43 - 00708616 _____ (Microsoft Corporation) C:\Windows\system32\iuilp.dll
2014-12-03 19:25 - 2013-10-10 17:26 - 00317616 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-12-03 19:25 - 2013-10-10 17:26 - 00104320 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2014-12-03 19:25 - 2013-10-10 15:53 - 00235960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-12-03 19:25 - 2013-10-10 15:53 - 00088272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2014-12-03 19:25 - 2013-10-10 12:38 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-12-03 19:25 - 2013-10-08 11:28 - 00523096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2014-12-03 19:25 - 2013-10-08 07:46 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll
2014-12-03 19:25 - 2013-10-08 06:50 - 00656384 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-12-03 19:25 - 2013-10-08 06:48 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-12-03 19:25 - 2013-10-08 06:15 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2014-12-03 19:25 - 2013-10-08 06:09 - 01160704 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.Http.dll
2014-12-03 19:25 - 2013-10-08 05:50 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-12-03 19:25 - 2013-10-08 05:50 - 00762368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.Http.dll
2014-12-03 19:25 - 2013-10-07 08:21 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-12-03 19:25 - 2013-10-07 03:13 - 03532288 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-12-03 19:25 - 2013-10-05 16:25 - 00057176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2014-12-03 19:25 - 2013-10-05 15:21 - 00699840 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-12-03 19:25 - 2013-10-05 13:05 - 00578952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-12-03 19:25 - 2013-10-05 12:01 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-12-03 19:25 - 2013-10-05 12:01 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2014-12-03 19:25 - 2013-10-05 12:00 - 01200640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2014-12-03 19:25 - 2013-10-05 10:36 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-12-03 19:25 - 2013-10-05 10:18 - 01011712 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-12-03 19:25 - 2013-10-05 10:07 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2014-12-03 19:25 - 2013-10-05 09:56 - 01147904 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2014-12-03 19:25 - 2013-10-05 09:40 - 00795648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-12-03 19:25 - 2013-10-05 09:21 - 00920064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2014-12-03 19:25 - 2013-10-05 09:15 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\pcsvDevice.dll
2014-12-03 19:25 - 2013-10-05 08:43 - 00578560 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2014-12-03 19:25 - 2013-10-05 08:35 - 00411648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2014-12-03 19:25 - 2013-10-04 09:10 - 00533504 _____ (Microsoft Corporation) C:\Windows\system32\AppReadiness.dll
2014-12-03 19:25 - 2013-09-17 10:06 - 01067080 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2014-12-03 19:25 - 2013-09-17 08:01 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-12-03 19:25 - 2013-09-17 07:31 - 00883184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2014-12-03 19:25 - 2013-09-17 05:37 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\dafBth.dll
2014-12-03 19:25 - 2013-09-14 15:07 - 02134120 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2014-12-03 19:25 - 2013-09-14 15:00 - 00391512 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2014-12-03 19:25 - 2013-09-14 13:39 - 01799944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2014-12-03 19:25 - 2013-09-14 13:33 - 00345552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2014-12-03 19:25 - 2013-09-12 09:08 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2014-12-03 19:25 - 2013-09-12 08:44 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2014-12-03 19:25 - 2013-09-12 08:37 - 00184832 _____ (Microsoft Corporation) C:\Windows\system32\dafWfdProvider.dll
2014-12-03 19:25 - 2013-09-12 08:21 - 00262144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2014-12-03 19:25 - 2013-09-10 05:52 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\msched.dll
2014-12-03 19:24 - 2013-10-22 04:56 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersShell.dll
2014-12-03 19:24 - 2013-10-22 03:13 - 01704448 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-12-03 19:24 - 2013-10-08 06:58 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsetup.dll
2014-12-03 19:24 - 2013-10-05 09:55 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\miutils.dll
2014-12-03 19:24 - 2013-10-05 09:24 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\miutils.dll
2014-12-03 19:24 - 2013-09-14 11:05 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2014-12-03 19:24 - 2013-09-13 09:22 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\ftp.exe
2014-12-03 19:24 - 2013-09-13 08:47 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ftp.exe
2014-12-03 19:24 - 2013-09-12 09:45 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2014-12-03 19:24 - 2013-09-12 09:08 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2014-12-03 19:24 - 2013-09-12 09:02 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2014-12-03 19:24 - 2013-09-12 08:37 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2014-12-03 19:24 - 2013-09-12 08:16 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2014-12-03 19:24 - 2013-09-12 08:01 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2014-12-03 19:20 - 2013-10-10 12:26 - 02801664 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-12-03 19:20 - 2013-10-10 12:05 - 01019392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-12-03 19:20 - 2013-10-10 11:34 - 01085952 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-12-03 19:20 - 2013-10-10 11:27 - 00869888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-12-03 19:19 - 2014-12-04 18:58 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-12-03 19:19 - 2013-10-10 12:53 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2014-12-03 19:19 - 2013-10-10 12:21 - 00139776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2014-12-03 19:17 - 2014-01-07 06:00 - 02397184 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-12-03 19:17 - 2014-01-07 05:30 - 02071552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-12-03 19:17 - 2013-12-09 01:27 - 02152448 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-12-03 19:17 - 2013-12-09 00:54 - 01317376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-12-03 19:17 - 2013-11-21 07:42 - 04604416 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-12-03 19:17 - 2013-11-21 06:44 - 03936256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-12-03 19:17 - 2013-10-19 09:53 - 00075360 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-12-03 19:17 - 2013-10-19 08:14 - 00070680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-12-03 19:15 - 2013-10-16 16:58 - 01943536 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-03 19:15 - 2013-10-16 14:54 - 01581968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-03 19:14 - 2013-10-13 03:48 - 00136536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2014-12-03 19:14 - 2013-10-12 22:48 - 00828416 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2014-12-03 19:14 - 2013-10-12 22:34 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-12-03 19:11 - 2014-12-03 19:11 - 00000000 ____D () C:\Users\Jochen\AppData\Roaming\NVIDIA
2014-12-03 19:11 - 2014-12-03 19:11 - 00000000 ____D () C:\Users\Jochen\AppData\Local\Blizzard Entertainment
2014-12-03 19:10 - 2014-12-11 19:40 - 00000000 ____D () C:\Users\Jochen\AppData\Local\Battle.net
2014-12-03 19:10 - 2014-12-10 19:29 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-12-03 19:10 - 2014-12-03 19:18 - 00000000 ____D () C:\Users\Jochen\AppData\Roaming\Battle.net
2014-12-03 19:10 - 2014-12-03 19:10 - 00001141 ____H () C:\Users\Public\Desktop\Netzwerk.lnk
2014-12-03 19:10 - 2014-12-03 19:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-12-03 19:10 - 2014-12-03 19:10 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-12-03 19:04 - 2013-12-09 03:57 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-03 19:04 - 2013-12-09 02:51 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-03 19:04 - 2013-10-15 09:54 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-12-03 19:04 - 2013-10-15 09:03 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-12-03 19:03 - 2013-10-23 12:01 - 00872840 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-12-03 19:03 - 2013-10-23 09:59 - 00698232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-12-03 19:03 - 2013-10-05 15:21 - 01341288 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-12-03 19:03 - 2013-10-05 09:39 - 01067008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-12-03 19:02 - 2014-12-03 19:02 - 00000000 ____D () C:\ProgramData\Battle.net
2014-12-03 18:56 - 2014-12-11 15:30 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-03 18:56 - 2014-12-04 18:46 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-03 18:56 - 2014-12-03 18:56 - 00002046 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-12-03 18:47 - 2014-12-03 18:47 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-03 18:47 - 2014-12-03 18:47 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-03 18:47 - 2014-12-03 18:47 - 00000000 ____D () C:\Users\Jochen\AppData\Roaming\Mozilla
2014-12-03 18:47 - 2014-12-03 18:47 - 00000000 ____D () C:\Users\Jochen\AppData\Local\Mozilla
2014-12-03 18:47 - 2014-12-03 18:47 - 00000000 ____D () C:\ProgramData\Mozilla
2014-12-03 18:47 - 2014-12-03 18:47 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-12-03 18:47 - 2014-12-03 18:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-03 18:47 - 2014-12-03 18:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-03 18:43 - 2014-12-03 18:43 - 00001149 _____ () C:\Users\Public\Desktop\Emsisoft Internet Security.lnk
2014-12-03 18:43 - 2014-12-03 18:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Internet Security
2014-12-03 18:42 - 2014-12-11 19:42 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Internet Security
2014-12-03 18:42 - 2014-12-01 16:55 - 00484952 _____ () C:\Windows\system32\Drivers\fwndis64.sys
2014-12-03 18:41 - 2014-12-03 18:41 - 00000090 _____ () C:\setup.log
2014-12-03 18:40 - 2013-07-30 02:45 - 00449848 _____ () C:\Windows\ASUSUpdater.exe
2014-12-03 18:30 - 2014-12-03 18:30 - 00000000 ____D () C:\Users\Jochen\AppData\Roaming\Macromedia
2014-12-03 18:29 - 2014-12-03 18:29 - 00000091 _____ () C:\powerpack.log
2014-12-03 18:28 - 2014-12-03 18:28 - 00000000 __SHD () C:\aws
2014-12-03 18:28 - 2014-12-03 18:28 - 00000000 ____D () C:\Asus WebStorage
2014-12-03 18:23 - 2014-12-03 18:23 - 00001313 _____ () C:\Users\Public\Desktop\WebStorage.lnk
2014-12-03 18:21 - 2014-12-11 09:53 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7566DD09-7A87-412E-A6EE-8187FDBAFE6A}
2014-12-03 18:20 - 2014-12-11 19:25 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4018441543-2564778634-3823518578-1002
2014-12-03 18:19 - 2014-12-11 19:20 - 00000000 ____D () C:\Users\Jochen\AppData\Roaming\WebStorage
2014-12-03 18:19 - 2014-12-11 19:15 - 00000000 __RDO () C:\Users\Jochen\SkyDrive
2014-12-03 18:16 - 2014-12-03 18:16 - 00000000 ____D () C:\Users\Jochen\AppData\Roaming\Intel Corporation
2014-12-03 18:15 - 2014-12-08 07:54 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-03 18:15 - 2014-12-07 22:10 - 00000000 ____D () C:\Users\Jochen\AppData\Local\ASUS
2014-12-03 18:14 - 2014-12-07 22:07 - 00000000 ____D () C:\Users\Jochen\AppData\Roaming\Adobe
2014-12-03 18:14 - 2014-12-07 12:55 - 00000000 ____D () C:\Users\Jochen\AppData\Local\VirtualStore
2014-12-03 18:14 - 2014-12-06 19:58 - 00000000 ____D () C:\Users\Jochen\AppData\Local\Packages
2014-12-03 18:14 - 2014-12-03 18:14 - 00001461 _____ () C:\Users\Jochen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-03 18:14 - 2014-12-03 18:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-12-03 18:12 - 2014-12-11 19:40 - 00000000 ____D () C:\Users\Jochen
2014-12-03 18:12 - 2014-12-05 18:52 - 00002244 _____ () C:\Users\Jochen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-12-03 18:12 - 2014-12-03 18:12 - 00000020 ___SH () C:\Users\Jochen\ntuser.ini
2014-12-03 18:12 - 2014-12-03 18:12 - 00000000 _SHDL () C:\Users\Jochen\Vorlagen
2014-12-03 18:12 - 2014-12-03 18:12 - 00000000 _SHDL () C:\Users\Jochen\Startmenü
2014-12-03 18:12 - 2014-12-03 18:12 - 00000000 _SHDL () C:\Users\Jochen\Netzwerkumgebung
2014-12-03 18:12 - 2014-12-03 18:12 - 00000000 _SHDL () C:\Users\Jochen\Lokale Einstellungen
2014-12-03 18:12 - 2014-12-03 18:12 - 00000000 _SHDL () C:\Users\Jochen\Eigene Dateien
2014-12-03 18:12 - 2014-12-03 18:12 - 00000000 _SHDL () C:\Users\Jochen\Druckumgebung
2014-12-03 18:12 - 2014-12-03 18:12 - 00000000 _SHDL () C:\Users\Jochen\Documents\Eigene Musik
2014-12-03 18:12 - 2014-12-03 18:12 - 00000000 _SHDL () C:\Users\Jochen\Documents\Eigene Bilder
2014-12-03 18:12 - 2014-12-03 18:12 - 00000000 _SHDL () C:\Users\Jochen\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-03 18:12 - 2014-12-03 18:12 - 00000000 _SHDL () C:\Users\Jochen\AppData\Local\Verlauf
2014-12-03 18:12 - 2014-12-03 18:12 - 00000000 _SHDL () C:\Users\Jochen\AppData\Local\Anwendungsdaten
2014-12-03 18:12 - 2014-12-03 18:12 - 00000000 _SHDL () C:\Users\Jochen\Anwendungsdaten
2014-12-03 18:12 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Jochen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-03 18:12 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Jochen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-03 18:12 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Jochen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-03 18:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Jochen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-28 13:02 - 2014-11-28 13:02 - 00018456 _____ (Secunia) C:\Windows\system32\Drivers\psi_mf_amd64.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-11 19:26 - 2014-03-03 17:47 - 01576887 _____ () C:\Windows\WindowsUpdate.log
2014-12-11 19:18 - 2014-01-09 10:06 - 02748156 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-11 19:18 - 2013-09-13 21:38 - 00800660 _____ () C:\Windows\system32\perfh00A.dat
2014-12-11 19:18 - 2013-09-13 21:38 - 00166550 _____ () C:\Windows\system32\perfc00A.dat
2014-12-11 19:18 - 2013-09-13 21:22 - 00765378 _____ () C:\Windows\system32\perfh007.dat
2014-12-11 19:18 - 2013-09-13 21:22 - 00159696 _____ () C:\Windows\system32\perfc007.dat
2014-12-11 19:16 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-11 19:10 - 2014-03-03 17:56 - 00000025 ___SH () C:\Windows\SysWOW64\ReadTag.ini
2014-12-11 19:10 - 2014-03-03 17:47 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-11 19:10 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-11 19:09 - 2014-01-09 09:52 - 00004540 _____ () C:\Windows\PFRO.log
2014-12-11 19:09 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-12-11 19:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-11 08:44 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-11 08:22 - 2014-01-09 10:29 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-09 15:42 - 2013-08-22 15:46 - 00018826 _____ () C:\Windows\setupact.log
2014-12-08 06:50 - 2014-01-09 10:27 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-07 22:11 - 2014-01-09 10:28 - 00000000 ____D () C:\AsusVibeData
2014-12-06 17:32 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-12-06 12:06 - 2013-09-13 21:22 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-12-06 12:06 - 2013-08-22 20:11 - 00000000 ____D () C:\Program Files\Windows Journal
2014-12-06 12:06 - 2013-08-22 20:09 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2014-12-06 12:06 - 2013-08-22 20:09 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2014-12-06 12:06 - 2013-08-22 20:09 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2014-12-06 12:06 - 2013-08-22 20:09 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2014-12-06 12:06 - 2013-08-22 20:09 - 00000000 ____D () C:\Windows\system32\winrm
2014-12-06 12:06 - 2013-08-22 20:09 - 00000000 ____D () C:\Windows\system32\WCN
2014-12-06 12:06 - 2013-08-22 20:09 - 00000000 ____D () C:\Windows\system32\slmgr
2014-12-06 12:06 - 2013-08-22 20:09 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2014-12-06 12:06 - 2013-08-22 16:36 - 00000000 ___SD () C:\Windows\system32\dsc
2014-12-06 12:06 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-12-06 12:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\WinStore
2014-12-06 12:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-12-06 12:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\Com
2014-12-06 12:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\SystemResetPlatform
2014-12-06 12:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\MUI
2014-12-06 12:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\migwiz
2014-12-06 12:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\Com
2014-12-06 12:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-06 12:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\IME
2014-12-06 12:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Help
2014-12-06 12:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-12-06 12:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-12-06 12:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-06 12:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-12-06 12:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-12-06 12:06 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2014-12-06 12:06 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-12-06 12:06 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-12-06 12:06 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\system32\oobe
2014-12-06 12:06 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\system32\Dism
2014-12-06 12:06 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\servicing
2014-12-06 12:04 - 2013-09-13 21:32 - 00000000 ____D () C:\Windows\en-GB
2014-12-06 12:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\en-GB
2014-12-06 12:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\en-GB
2014-12-06 12:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Globalization
2014-12-06 08:35 - 2013-08-22 14:25 - 00000220 _____ () C:\Windows\win.ini
2014-12-05 18:27 - 2013-08-22 15:44 - 00492696 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-04 22:55 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
2014-12-04 22:55 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-04 22:55 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-04 22:55 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-12-04 22:55 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\FileManager
2014-12-04 22:55 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Camera
2014-12-04 22:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-12-04 22:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-12-04 22:38 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-12-04 19:17 - 2014-03-03 17:47 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-12-04 19:17 - 2014-03-03 17:47 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-04 19:16 - 2014-03-03 17:47 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-04 18:56 - 2014-01-09 10:37 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-12-04 18:42 - 2013-08-22 20:11 - 00000000 ____D () C:\Windows\ShellNew
2014-12-04 18:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System
2014-12-03 21:35 - 2014-03-03 17:51 - 00000000 ____D () C:\Windows\System32\Tasks\ASUS
2014-12-03 20:12 - 2014-01-09 10:31 - 00000000 ____D () C:\ProgramData\CyberLink
2014-12-03 19:34 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-12-03 18:42 - 2014-03-03 17:52 - 00000090 _____ () C:\Windows\SysWOW64\setup.log
2014-12-03 18:42 - 2014-01-09 10:02 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-03 18:41 - 2014-01-09 10:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-11-26 22:10 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 22:10 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-17 23:18 - 2014-03-03 17:47 - 01538880 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-11-13 01:20 - 2014-03-03 17:47 - 20986592 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-11-13 01:20 - 2014-03-03 17:47 - 16884632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-11-13 01:20 - 2014-03-03 17:47 - 03262784 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-11-13 01:20 - 2014-03-03 17:47 - 02874456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-11-13 01:20 - 2014-03-03 17:47 - 00989056 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-11-13 01:20 - 2014-03-03 17:47 - 00074056 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-11-13 01:20 - 2014-03-03 17:47 - 00059592 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-11-13 01:20 - 2014-03-03 17:47 - 00027094 _____ () C:\Windows\system32\nvinfo.pb
2014-11-12 22:56 - 2014-03-03 17:47 - 06897352 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-11-12 22:56 - 2014-03-03 17:47 - 03534152 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-11-12 22:56 - 2014-03-03 17:47 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-11-12 22:56 - 2014-03-03 17:47 - 00934032 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-11-12 22:56 - 2014-03-03 17:47 - 00386368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-11-12 22:56 - 2014-03-03 17:47 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-11-11 11:29 - 2014-03-03 17:47 - 04100776 _____ () C:\Windows\system32\nvcoproc.bin

Some content of TEMP:
====================
C:\Users\Jochen\AppData\Local\Temp\COMAP.EXE
C:\Users\Jochen\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Jochen\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Jochen\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Jochen\AppData\Local\Temp\nvStInst.exe
C:\Users\Jochen\AppData\Local\Temp\Quarantine.exe
C:\Users\Jochen\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Jochen\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-01-09 09:52

==================== End Of Log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-12-2014 01
Ran by Jochen at 2014-12-11 19:43:05
Running from D:\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Internet Security (Disabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Internet Security (Disabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
FW: Emsisoft Internet Security (Disabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.15.6362.54439 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (x32 Version: 20.15.6362.54439 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Launcher (HKLM-x32\...\{40376CD0-67E0-4190-86CA-8BD8CBAC331C}) (Version: 2.00.11 - ASUSTeK Computer Inc.)
ASUS Manager - Ai Booting (HKLM-x32\...\{2DCE446C-D090-4458-8782-8F16DF94351E}) (Version: 2.01.11 - ASUSTeK Computer Inc.)
ASUS Manager - Ai Charger II (HKLM-x32\...\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}) (Version: 2.00.09 - ASUSTeK Computer Inc.)
ASUS Manager - PC Cleanup (HKLM-x32\...\{E22A19AE-7DDB-4959-B1DB-A0996294352A}) (Version: 2.00.04 - ASUSTeK Computer Inc.)
ASUS Manager - Power Manager (HKLM-x32\...\{DD248BEE-E925-4720-A775-9A42276BB6EA}) (Version: 2.01.03 - ASUSTeK Computer Inc.)
ASUS Manager - Recovery (HKLM-x32\...\{CF4A14CB-C4CB-4241-B659-7C58517515CF}) (Version: 2.00.08 - ASUSTeK Computer Inc.)
ASUS Manager - Update (HKLM-x32\...\{675BBE8A-0ED3-4048-8723-BA51EAB8E1A8}) (Version: 2.02.02 - ASUSTeK Computer Inc.)
ASUS Manager - USB Lock (HKLM-x32\...\{1931C916-6CB8-4E4D-8561-EA20C426AE19}) (Version: 2.00.10 - ASUSTeK Computer Inc.)
ASUS Manager (HKLM-x32\...\{F5E5AD85-4A90-4604-A887-464D3818D8FD}) (Version: 2.06.02 - ASUSTeK Computer Inc.)
ASUS Music Maker (HKLM-x32\...\MAGIX_{AB515018-7F9D-4047-B0C0-F26BAC30F3E1}) (Version: 18.0.4.1 - MAGIX AG)
ASUS Music Maker (Version: 18.0.4.1 - MAGIX AG) Hidden
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5424.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.5424.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4428 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
eManual (HKLM-x32\...\{0C84E634-EB68-4A54-B21E-A05EC87A4CC5}) (Version: 1.00.07 - ASUSTeK Computer Inc.)
Emsisoft Internet Security (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-4018441543-2564778634-3823518578-1002\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 344.75 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7035 - Realtek Semiconductor Corp.)
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.15.438 - ASUS Cloud Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Συλλογή φωτογραφιών (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
影像中心 (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4018441543-2564778634-3823518578-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Jochen\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4018441543-2564778634-3823518578-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Jochen\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4018441543-2564778634-3823518578-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Jochen\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4018441543-2564778634-3823518578-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Jochen\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

05-12-2014 17:14:55 Windows Update
07-12-2014 20:04:07 Installed iTunes

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E057961-8F64-46FC-AA6B-114C0547AF04} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-11] (Adobe Systems Incorporated)
Task: {24BA64E4-582D-4E03-BB1C-5C557B55580F} - System32\Tasks\ASUS\ASUS Launcher Helper => C:\Program Files (x86)\ASUS\ASUS Launcher\Launcher.exe [2013-10-29] (Microsoft)
Task: {2C4ADED0-8ED1-439F-B4F3-2A57D18C0321} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe [2013-11-27] ()
Task: {304F04C3-16DA-4291-BF27-70E2315E5E8E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-07] (Google Inc.)
Task: {3D839E19-2A86-46D1-9B76-5E46AB7C7126} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-10] (Microsoft Corporation)
Task: {4110B765-EEEE-4B49-8966-3795A4EFE1AB} - System32\Tasks\ASUS\ASUS AiCharger_II TrayIcon => C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe [2013-08-05] (ASUSTeK)
Task: {41569568-D429-4EC0-9514-CD812F0B398D} - System32\Tasks\ASUS\ASUS Updater => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSFourceUpdater.exe [2013-11-28] ()
Task: {61832C99-86B3-4A2A-8A70-BE1F94F9BAC1} - System32\Tasks\ASUS\Power_Manager_background => C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe [2013-09-06] (ASUSTeK)
Task: {67BCD63F-C426-48B9-AB83-F4958604E0A3} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-05] ()
Task: {7D07F3A2-48A5-4D0D-BF73-BE99A36BF805} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8E9D2654-120E-4CD1-A6C1-50EB630D9BB6} - System32\Tasks\ASUS\ASUS Manager BackgroundWindow => C:\Program Files (x86)\ASUS\ASUS Manager\BackgroundWindow.exe [2013-08-23] ()
Task: {C410F0C2-3DBF-45DE-940C-14F55ADC366C} - System32\Tasks\ASUS\ASUS Manager HotKey Service => C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe [2013-09-18] (ASUSTeK Computer Inc.)
Task: {CF3257EB-8D48-4A71-B463-220E405EBD56} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-07] (Google Inc.)
Task: {D5C6C6CF-D247-4A8D-9FFE-EB9750AF8C53} - System32\Tasks\ASUS\ASUS AiCharger_Desktop Execute => C:\Program Files (x86)\InstallShield Installation Information\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}\AiChargerDT.exe [2013-04-03] (ASUSTek Computer Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-03 17:47 - 2014-11-12 22:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-03 17:52 - 2013-08-08 19:00 - 00207160 _____ () C:\Windows\SysWOW64\AsHookDevice.exe
2014-01-09 10:33 - 2012-04-24 11:43 - 00390632 ____R () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-03-03 17:51 - 2013-08-28 16:24 - 00920736 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2014-11-07 06:10 - 2014-11-07 06:10 - 01362216 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSService.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-03 17:51 - 2014-12-11 19:15 - 00026624 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2014-03-03 17:51 - 2010-06-29 03:58 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2014-03-03 17:46 - 2013-08-19 20:10 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-12-10 19:29 - 2014-12-10 19:29 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\libcef.dll
2014-12-10 19:29 - 2014-12-10 19:29 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\libGLESv2.dll
2014-12-10 19:29 - 2014-12-10 19:29 - 00907776 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\platforms\qwindows.dll
2014-12-10 19:29 - 2014-12-10 19:29 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\libEGL.dll
2014-12-10 19:29 - 2014-12-10 19:29 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qgif.dll
2014-12-10 19:29 - 2014-12-10 19:29 - 00021504 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qico.dll
2014-12-10 19:29 - 2014-12-10 19:29 - 00205312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qjpeg.dll
2014-12-10 19:29 - 2014-12-10 19:29 - 00225792 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qmng.dll
2014-12-10 19:29 - 2014-12-10 19:29 - 00015872 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qsvg.dll
2014-12-10 19:29 - 2014-12-10 19:29 - 00312832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qtiff.dll
2014-12-10 19:29 - 2014-12-10 19:29 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\qml\QtQuick.2\qtquick2plugin.dll
2014-12-10 19:29 - 2014-12-10 19:29 - 00054272 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
2014-12-10 19:29 - 2014-12-10 19:29 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\qml\QtQml\Models.2\modelsplugin.dll
2014-12-03 18:47 - 2014-11-26 17:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Jochen\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-4018441543-2564778634-3823518578-500 - Administrator - Disabled)
Gast (S-1-5-21-4018441543-2564778634-3823518578-501 - Limited - Disabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-4018441543-2564778634-3823518578-1004 - Limited - Enabled)
Jochen (S-1-5-21-4018441543-2564778634-3823518578-1002 - Administrator - Enabled) => C:\Users\Jochen
Katrin (S-1-5-21-4018441543-2564778634-3823518578-1009 - Limited - Enabled)
Wandergeselle (S-1-5-21-4018441543-2564778634-3823518578-1010 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (12/11/2014 07:36:01 PM) (Source: DCOM) (EventID: 10010) (User: STOIMETZ-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (12/11/2014 07:35:31 PM) (Source: DCOM) (EventID: 10010) (User: STOIMETZ-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (12/11/2014 07:35:01 PM) (Source: DCOM) (EventID: 10010) (User: STOIMETZ-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (12/11/2014 07:34:31 PM) (Source: DCOM) (EventID: 10010) (User: STOIMETZ-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (12/11/2014 07:34:01 PM) (Source: DCOM) (EventID: 10010) (User: STOIMETZ-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (12/11/2014 07:33:31 PM) (Source: DCOM) (EventID: 10010) (User: STOIMETZ-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (12/11/2014 07:27:04 PM) (Source: DCOM) (EventID: 10010) (User: STOIMETZ-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (12/11/2014 07:26:34 PM) (Source: DCOM) (EventID: 10010) (User: STOIMETZ-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (12/11/2014 07:26:04 PM) (Source: DCOM) (EventID: 10010) (User: STOIMETZ-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (12/11/2014 07:25:34 PM) (Source: DCOM) (EventID: 10010) (User: STOIMETZ-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-12-11 08:48:40.580
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-12-11 08:48:39.955
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-12-11 08:48:39.361
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-12-11 08:48:38.376
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-12-11 08:48:37.533
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-12-11 08:48:36.173
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-12-11 08:48:35.142
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-12-11 08:48:35.064
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-12-11 08:48:34.985
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-12-11 08:48:34.892
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz
Percentage of memory in use: 36%
Total physical RAM: 8131.3 MB
Available physical RAM: 5202.64 MB
Total Pagefile: 16323.3 MB
Available Pagefile: 12719.32 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:150 GB) (Free:77.71 GB) NTFS
Drive d: (Data) (Fixed) (Total:764.71 GB) (Free:722.89 GB) NTFS
Drive j: (Externe Festplatte) (Fixed) (Total:931.51 GB) (Free:666.06 GB) NTFS
Drive k: (Transcend) (Removable) (Total:58.83 GB) (Free:13.68 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 74A7F63F)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 58.8 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=58.8 GB) - (Type=0C)

========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00025607)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
GMER, AdwCleaner und JRT liefere ich gerne nach. Aber weil vermutlich Schrauber antworten wird (was ich sehr begrüße), hänge ich lieber mal keine zip-dateien hinten dran ;)

schrauber 11.12.2014 20:41
Zitat:
Aber weil vermutlich Schrauber antworten wird (was ich sehr begrüße), hänge ich lieber mal keine zip-dateien hinten dran
Dein Glück, sonst häts gleich Mecker gegeben :D

sieht aber gut aus soweit.

Fellefant 12.12.2014 10:12
Und hier der Rest

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-12-11 19:51:29
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002f WDC_WD10EZEX-22BN5A0 rev.01.01A01 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Jochen\AppData\Local\Temp\axdirkod.sys


---- Kernel code sections - GMER 2.1 ----

.text  C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                    fffff960000b4e00 15 bytes [00, FA, 0E, 02, C0, 9C, 70, ...]
.text  C:\Windows\System32\win32k.sys!W32pServiceTable + 16                                                                              fffff960000b4e10 11 bytes [00, 00, FC, FF, 80, FA, C0, ...]

---- User code sections - GMER 2.1 ----

.text  C:\Windows\system32\dwm.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                      00007fffe6f167d0 4 bytes [FF, 25, 60, 98]
.text  C:\Windows\system32\dwm.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                              00007fffe6f167e0 5 bytes [FF, 25, 50, 98, 2B]
.text  C:\Windows\system32\dwm.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                        00007fffe6f168a0 5 bytes [FF, 25, 90, 97, 29]
.text  C:\Windows\system32\dwm.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                      00007fffe6f16ac0 5 bytes [FF, 25, 70, 95, 27]
.text  C:\Windows\system32\dwm.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                      00007fffe6f16b70 5 bytes [FF, 25, C0, 94, 21]
.text  C:\Windows\system32\dwm.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                  00007fffe6f171d0 5 bytes [FF, 25, 60, 8E, 23]
.text  C:\Windows\system32\dwm.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                00007fffe6f17c00 6 bytes {JMP QWORD [RIP+0x2d8430]}
.text  C:\Windows\system32\dwm.exe[1016] C:\Windows\system32\KERNEL32.DLL!CreateProcessInternalW                                          00007fffe47ed268 6 bytes {JMP QWORD [RIP+0x1c2dc8]}
.text  C:\Windows\system32\dwm.exe[1016] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 198                                          00007fffe45655e6 3 bytes [24, AA, 10]
.text  C:\Windows\system32\dwm.exe[1016] C:\Windows\system32\USER32.dll!SendInput                                                        00007fffe6bc1220 6 bytes {JMP QWORD [RIP+0x4cee10]}
.text  C:\Windows\system32\dwm.exe[1016] C:\Windows\system32\USER32.dll!PostMessageW                                                      00007fffe6bc2b00 6 bytes {JMP QWORD [RIP+0x54d530]}
.text  C:\Windows\system32\dwm.exe[1016] C:\Windows\system32\USER32.dll!SendMessageW                                                      00007fffe6bc6970 6 bytes {JMP QWORD [RIP+0x5096c0]}
.text  C:\Windows\system32\dwm.exe[1016] C:\Windows\system32\USER32.dll!PostMessageA                                                      00007fffe6bcbea0 6 bytes {JMP QWORD [RIP+0x524190]}
.text  C:\Windows\system32\dwm.exe[1016] C:\Windows\system32\USER32.dll!SendMessageA                                                      00007fffe6bdb640 6 bytes {JMP QWORD [RIP+0x4d49f0]}
.text  C:\Windows\system32\dwm.exe[1016] C:\Windows\system32\USER32.dll!mouse_event                                                      00007fffe6be2b88 6 bytes {JMP QWORD [RIP+0x46d4a8]}
.text  C:\Windows\system32\dwm.exe[1016] C:\Windows\system32\USER32.dll!keybd_event                                                      00007fffe6bf2bb0 6 bytes {JMP QWORD [RIP+0x47d480]}
.text  C:\Windows\system32\dwm.exe[1016] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                  00007fffe553acc0 6 bytes {JMP QWORD [RIP+0x14c5370]}
.text  C:\Windows\system32\dwm.exe[1016] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                  00007fffe553ad44 6 bytes {JMP QWORD [RIP+0x14e52ec]}
.text  C:\Windows\system32\dwm.exe[1016] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                          00007fffe528169a 4 bytes [28, E5, FF, 7F]
.text  C:\Windows\system32\dwm.exe[1016] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                          00007fffe52816a2 4 bytes [28, E5, FF, 7F]
.text  C:\Windows\system32\dwm.exe[1016] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118                                              00007fffe528181a 4 bytes [28, E5, FF, 7F]
.text  C:\Windows\system32\dwm.exe[1016] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142                                              00007fffe5281832 4 bytes [28, E5, FF, 7F]
.text  C:\Windows\system32\nvvsvc.exe[432] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                        00007fffe528169a 4 bytes [28, E5, FF, 7F]
.text  C:\Windows\system32\nvvsvc.exe[432] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                        00007fffe52816a2 4 bytes [28, E5, FF, 7F]
.text  C:\Windows\system32\nvvsvc.exe[432] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118                                            00007fffe528181a 4 bytes [28, E5, FF, 7F]
.text  C:\Windows\system32\nvvsvc.exe[432] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142                                            00007fffe5281832 4 bytes [28, E5, FF, 7F]
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                            00007fffe6f167d0 4 bytes [FF, 25, 60, 98]
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                    00007fffe6f167e0 5 bytes [FF, 25, 50, 98, 2B]
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                              00007fffe6f168a0 5 bytes [FF, 25, 90, 97, 29]
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                            00007fffe6f16ac0 5 bytes [FF, 25, 70, 95, 27]
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                            00007fffe6f16b70 5 bytes [FF, 25, C0, 94, 21]
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                        00007fffe6f171d0 5 bytes [FF, 25, 60, 8E, 23]
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                      00007fffe6f17c00 6 bytes {JMP QWORD [RIP+0x2d8430]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[812] C:\Windows\system32\KERNEL32.DLL!CreateProcessInternalW                00007fffe47ed268 6 bytes {JMP QWORD [RIP+0x1c2dc8]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[812] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 198                00007fffe45655e6 3 bytes [24, AA, 15]
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[812] C:\Windows\system32\USER32.dll!SendInput                              00007fffe6bc1220 6 bytes {JMP QWORD [RIP+0x4cee10]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[812] C:\Windows\system32\USER32.dll!PostMessageW                            00007fffe6bc2b00 6 bytes {JMP QWORD [RIP+0x54d530]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[812] C:\Windows\system32\USER32.dll!SendMessageW                            00007fffe6bc6970 6 bytes {JMP QWORD [RIP+0x5096c0]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[812] C:\Windows\system32\USER32.dll!PostMessageA                            00007fffe6bcbea0 6 bytes {JMP QWORD [RIP+0x524190]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[812] C:\Windows\system32\USER32.dll!SendMessageA                            00007fffe6bdb640 6 bytes {JMP QWORD [RIP+0x4d49f0]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[812] C:\Windows\system32\USER32.dll!mouse_event                            00007fffe6be2b88 6 bytes {JMP QWORD [RIP+0x46d4a8]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[812] C:\Windows\system32\USER32.dll!keybd_event                            00007fffe6bf2bb0 6 bytes {JMP QWORD [RIP+0x47d480]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[812] C:\Windows\SYSTEM32\WINSPOOL.DRV!AddPrintProvidorA                    00007fffdfceb128 6 bytes {JMP QWORD [RIP+0xa4f08]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[812] C:\Windows\SYSTEM32\WINSPOOL.DRV!AddPrintProvidorW                    00007fffdfcf36c8 6 bytes {JMP QWORD [RIP+0xbc968]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[812] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                        00007fffe553acc0 6 bytes {JMP QWORD [RIP+0x14c5370]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[812] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                        00007fffe553ad44 6 bytes {JMP QWORD [RIP+0x14e52ec]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[812] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW                  00000000038f3330 6 bytes {JMP QWORD [RIP+0x47cd00]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[812] C:\Windows\system32\WS2_32.dll!connect + 1                            00000000039007f1 5 bytes {JMP QWORD [RIP+0x3bf840]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[812] C:\Windows\system32\WS2_32.dll!listen                                  0000000003904160 6 bytes {JMP QWORD [RIP+0x43bed0]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[812] C:\Windows\system32\WS2_32.dll!WSAConnect                              00000000039069b0 6 bytes {JMP QWORD [RIP+0x3f9680]}
.text  C:\Windows\system32\DllHost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                  00007fffe6f167d0 4 bytes [FF, 25, 60, 98]
.text  C:\Windows\system32\DllHost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                          00007fffe6f167e0 5 bytes [FF, 25, 50, 98, 2B]
.text  C:\Windows\system32\DllHost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                    00007fffe6f168a0 5 bytes [FF, 25, 90, 97, 29]
.text  C:\Windows\system32\DllHost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                  00007fffe6f16ac0 5 bytes [FF, 25, 70, 95, 27]
.text  C:\Windows\system32\DllHost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                  00007fffe6f16b70 5 bytes [FF, 25, C0, 94, 21]
.text  C:\Windows\system32\DllHost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                              00007fffe6f171d0 5 bytes [FF, 25, 60, 8E, 23]
.text  C:\Windows\system32\DllHost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                            00007fffe6f17c00 6 bytes {JMP QWORD [RIP+0x2d8430]}
.text  C:\Windows\system32\DllHost.exe[3852] C:\Windows\system32\KERNEL32.DLL!CreateProcessInternalW                                      00007fffe47ed268 6 bytes {JMP QWORD [RIP+0x1c2dc8]}
.text  C:\Windows\system32\DllHost.exe[3852] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 198                                      00007fffe45655e6 3 bytes [24, AA, 10]
.text  C:\Windows\system32\DllHost.exe[3852] C:\Windows\system32\USER32.dll!SendInput                                                    00007fffe6bc1220 6 bytes {JMP QWORD [RIP+0x4cee10]}
.text  C:\Windows\system32\DllHost.exe[3852] C:\Windows\system32\USER32.dll!PostMessageW                                                  00007fffe6bc2b00 6 bytes {JMP QWORD [RIP+0x54d530]}
.text  C:\Windows\system32\DllHost.exe[3852] C:\Windows\system32\USER32.dll!SendMessageW                                                  00007fffe6bc6970 6 bytes {JMP QWORD [RIP+0x5096c0]}
.text  C:\Windows\system32\DllHost.exe[3852] C:\Windows\system32\USER32.dll!PostMessageA                                                  00007fffe6bcbea0 6 bytes {JMP QWORD [RIP+0x524190]}
.text  C:\Windows\system32\DllHost.exe[3852] C:\Windows\system32\USER32.dll!SendMessageA                                                  00007fffe6bdb640 6 bytes {JMP QWORD [RIP+0x4d49f0]}
.text  C:\Windows\system32\DllHost.exe[3852] C:\Windows\system32\USER32.dll!mouse_event                                                  00007fffe6be2b88 6 bytes {JMP QWORD [RIP+0x46d4a8]}
.text  C:\Windows\system32\DllHost.exe[3852] C:\Windows\system32\USER32.dll!keybd_event                                                  00007fffe6bf2bb0 6 bytes {JMP QWORD [RIP+0x47d480]}
.text  C:\Windows\system32\DllHost.exe[3852] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                              00007fffe553acc0 6 bytes {JMP QWORD [RIP+0x14c5370]}
.text  C:\Windows\system32\DllHost.exe[3852] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                              00007fffe553ad44 6 bytes {JMP QWORD [RIP+0x14e52ec]}
.text  C:\Windows\System32\skydrive.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                00007fffe6f167d0 4 bytes [FF, 25, 60, 98]
.text  C:\Windows\System32\skydrive.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                          00007fffe6f167e0 5 bytes [FF, 25, 50, 98, 2B]
.text  C:\Windows\System32\skydrive.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                    00007fffe6f168a0 5 bytes [FF, 25, 90, 97, 29]
.text  C:\Windows\System32\skydrive.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                  00007fffe6f16ac0 5 bytes [FF, 25, 70, 95, 27]
.text  C:\Windows\System32\skydrive.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                00007fffe6f16b70 5 bytes [FF, 25, C0, 94, 21]
.text  C:\Windows\System32\skydrive.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                              00007fffe6f171d0 5 bytes [FF, 25, 60, 8E, 23]
.text  C:\Windows\System32\skydrive.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                            00007fffe6f17c00 6 bytes {JMP QWORD [RIP+0x2d8430]}
.text  C:\Windows\System32\skydrive.exe[4300] C:\Windows\system32\KERNEL32.DLL!CreateProcessInternalW                                    00007fffe47ed268 6 bytes {JMP QWORD [RIP+0x922dc8]}
.text  C:\Windows\System32\skydrive.exe[4300] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 198                                    00007fffe45655e6 3 bytes [24, AA, 10]
.text  C:\Windows\System32\skydrive.exe[4300] C:\Windows\system32\USER32.dll!SendInput                                                    00007fffe6bc1220 6 bytes {JMP QWORD [RIP+0x4cee10]}
.text  C:\Windows\System32\skydrive.exe[4300] C:\Windows\system32\USER32.dll!PostMessageW                                                00007fffe6bc2b00 6 bytes {JMP QWORD [RIP+0x54d530]}
.text  C:\Windows\System32\skydrive.exe[4300] C:\Windows\system32\USER32.dll!SendMessageW                                                00007fffe6bc6970 6 bytes {JMP QWORD [RIP+0x5096c0]}
.text  C:\Windows\System32\skydrive.exe[4300] C:\Windows\system32\USER32.dll!PostMessageA                                                00007fffe6bcbea0 6 bytes {JMP QWORD [RIP+0x524190]}
.text  C:\Windows\System32\skydrive.exe[4300] C:\Windows\system32\USER32.dll!SendMessageA                                                00007fffe6bdb640 6 bytes {JMP QWORD [RIP+0x4d49f0]}
.text  C:\Windows\System32\skydrive.exe[4300] C:\Windows\system32\USER32.dll!mouse_event                                                  00007fffe6be2b88 6 bytes {JMP QWORD [RIP+0x46d4a8]}
.text  C:\Windows\System32\skydrive.exe[4300] C:\Windows\system32\USER32.dll!keybd_event                                                  00007fffe6bf2bb0 6 bytes {JMP QWORD [RIP+0x47d480]}
.text  C:\Windows\System32\skydrive.exe[4300] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW                                      00007fffe4993330 6 bytes {JMP QWORD [RIP+0x75cd00]}
.text  C:\Windows\System32\skydrive.exe[4300] C:\Windows\system32\WS2_32.dll!connect + 1                                                  00007fffe49a07f1 5 bytes {JMP QWORD [RIP+0x6f840]}
.text  C:\Windows\System32\skydrive.exe[4300] C:\Windows\system32\WS2_32.dll!listen                                                      00007fffe49a4160 6 bytes {JMP QWORD [RIP+0x49bed0]}
.text  C:\Windows\System32\skydrive.exe[4300] C:\Windows\system32\WS2_32.dll!WSAConnect                                                  00007fffe49a69b0 6 bytes {JMP QWORD [RIP+0x89680]}
.text  C:\Windows\System32\skydrive.exe[4300] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceA                                            00007fffe553acc0 6 bytes {JMP QWORD [RIP+0x14c5370]}
.text  C:\Windows\System32\skydrive.exe[4300] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceW                                            00007fffe553ad44 6 bytes {JMP QWORD [RIP+0x14e52ec]}
.text  C:\Windows\System32\RuntimeBroker.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                            00007fffe6f167d0 4 bytes [FF, 25, 60, 98]
.text  C:\Windows\System32\RuntimeBroker.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                    00007fffe6f167e0 5 bytes [FF, 25, 50, 98, 2B]
.text  C:\Windows\System32\RuntimeBroker.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                              00007fffe6f168a0 5 bytes [FF, 25, 90, 97, 29]
.text  C:\Windows\System32\RuntimeBroker.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                            00007fffe6f16ac0 5 bytes [FF, 25, 70, 95, 27]
.text  C:\Windows\System32\RuntimeBroker.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                            00007fffe6f16b70 5 bytes [FF, 25, C0, 94, 21]
.text  C:\Windows\System32\RuntimeBroker.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                        00007fffe6f171d0 5 bytes [FF, 25, 60, 8E, 23]
.text  C:\Windows\System32\RuntimeBroker.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                      00007fffe6f17c00 6 bytes {JMP QWORD [RIP+0x2d8430]}
.text  C:\Windows\System32\RuntimeBroker.exe[4372] C:\Windows\system32\KERNEL32.DLL!CreateProcessInternalW                                00007fffe47ed268 6 bytes {JMP QWORD [RIP+0x1c2dc8]}
.text  C:\Windows\System32\RuntimeBroker.exe[4372] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 198                                00007fffe45655e6 3 bytes [24, AA, 10]
.text  C:\Windows\System32\RuntimeBroker.exe[4372] C:\Windows\system32\USER32.dll!SendInput                                              00007fffe6bc1220 6 bytes {JMP QWORD [RIP+0x4cee10]}
.text  C:\Windows\System32\RuntimeBroker.exe[4372] C:\Windows\system32\USER32.dll!PostMessageW                                            00007fffe6bc2b00 6 bytes {JMP QWORD [RIP+0x54d530]}
.text  C:\Windows\System32\RuntimeBroker.exe[4372] C:\Windows\system32\USER32.dll!SendMessageW                                            00007fffe6bc6970 6 bytes {JMP QWORD [RIP+0x5096c0]}
.text  C:\Windows\System32\RuntimeBroker.exe[4372] C:\Windows\system32\USER32.dll!PostMessageA                                            00007fffe6bcbea0 6 bytes {JMP QWORD [RIP+0x524190]}
.text  C:\Windows\System32\RuntimeBroker.exe[4372] C:\Windows\system32\USER32.dll!SendMessageA                                            00007fffe6bdb640 6 bytes {JMP QWORD [RIP+0x4d49f0]}
.text  C:\Windows\System32\RuntimeBroker.exe[4372] C:\Windows\system32\USER32.dll!mouse_event                                            00007fffe6be2b88 6 bytes {JMP QWORD [RIP+0x46d4a8]}
.text  C:\Windows\System32\RuntimeBroker.exe[4372] C:\Windows\system32\USER32.dll!keybd_event                                            00007fffe6bf2bb0 6 bytes {JMP QWORD [RIP+0x47d480]}
.text  C:\Windows\System32\RuntimeBroker.exe[4372] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                        00007fffe553acc0 6 bytes {JMP QWORD [RIP+0x14c5370]}
.text  C:\Windows\System32\RuntimeBroker.exe[4372] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                        00007fffe553ad44 6 bytes {JMP QWORD [RIP+0x14e52ec]}
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                00007fffe6f167d0 5 bytes [FF, 25, 60, 98, 29]
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                          00007fffe6f167e0 5 bytes [FF, 25, 50, 98, 2F]
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                    00007fffe6f168a0 5 bytes [FF, 25, 90, 97, 2D]
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                  00007fffe6f16ac0 5 bytes [FF, 25, 70, 95, 2B]
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                00007fffe6f16b70 5 bytes [FF, 25, C0, 94, 25]
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                              00007fffe6f171d0 5 bytes [FF, 25, 60, 8E, 27]
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4564] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                            00007fffe6f17c00 6 bytes {JMP QWORD [RIP+0x318430]}
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4564] C:\Windows\system32\KERNEL32.DLL!CreateProcessInternalW                    00007fffe47ed268 6 bytes {JMP QWORD [RIP+0x1c2dc8]}
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4564] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 198                    00007fffe45655e6 3 bytes [24, AA, 15]
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4564] C:\Windows\system32\USER32.dll!SendInput                                    00007fffe6bc1220 6 bytes {JMP QWORD [RIP+0x4cee10]}
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4564] C:\Windows\system32\USER32.dll!PostMessageW                                00007fffe6bc2b00 6 bytes {JMP QWORD [RIP+0x54d530]}
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4564] C:\Windows\system32\USER32.dll!SendMessageW                                00007fffe6bc6970 6 bytes {JMP QWORD [RIP+0x5096c0]}
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4564] C:\Windows\system32\USER32.dll!PostMessageA                                00007fffe6bcbea0 6 bytes {JMP QWORD [RIP+0x524190]}
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4564] C:\Windows\system32\USER32.dll!SendMessageA                                00007fffe6bdb640 6 bytes {JMP QWORD [RIP+0x4d49f0]}
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4564] C:\Windows\system32\USER32.dll!mouse_event                                  00007fffe6be2b88 6 bytes {JMP QWORD [RIP+0x46d4a8]}
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4564] C:\Windows\system32\USER32.dll!keybd_event                                  00007fffe6bf2bb0 6 bytes {JMP QWORD [RIP+0x47d480]}
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4564] C:\Windows\SYSTEM32\WINSPOOL.DRV!AddPrintProvidorA                          00007fffdfceb128 6 bytes {JMP QWORD [RIP+0xa4f08]}
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4564] C:\Windows\SYSTEM32\WINSPOOL.DRV!AddPrintProvidorW                          00007fffdfcf36c8 6 bytes {JMP QWORD [RIP+0xbc968]}
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4564] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                            00007fffe553acc0 6 bytes {JMP QWORD [RIP+0x1bf5370]}
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4564] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                            00007fffe553ad44 6 bytes {JMP QWORD [RIP+0x1c152ec]}
.text  C:\Windows\System32\SettingSyncHost.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                          00007fffe6f167d0 4 bytes [FF, 25, 60, 98]
.text  C:\Windows\System32\SettingSyncHost.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                  00007fffe6f167e0 5 bytes [FF, 25, 50, 98, 2B]
.text  C:\Windows\System32\SettingSyncHost.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                            00007fffe6f168a0 5 bytes [FF, 25, 90, 97, 29]
.text  C:\Windows\System32\SettingSyncHost.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                          00007fffe6f16ac0 5 bytes [FF, 25, 70, 95, 27]
.text  C:\Windows\System32\SettingSyncHost.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                          00007fffe6f16b70 5 bytes [FF, 25, C0, 94, 21]
.text  C:\Windows\System32\SettingSyncHost.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                      00007fffe6f171d0 5 bytes [FF, 25, 60, 8E, 23]
.text  C:\Windows\System32\SettingSyncHost.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                    00007fffe6f17c00 6 bytes {JMP QWORD [RIP+0x2d8430]}
.text  C:\Windows\System32\SettingSyncHost.exe[3060] C:\Windows\system32\KERNEL32.DLL!CreateProcessInternalW                              00007fffe47ed268 6 bytes {JMP QWORD [RIP+0x1c2dc8]}
.text  C:\Windows\System32\SettingSyncHost.exe[3060] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 198                              00007fffe45655e6 3 bytes [24, AA, 10]
.text  C:\Windows\System32\SettingSyncHost.exe[3060] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceA                                      00007fffe553acc0 6 bytes {JMP QWORD [RIP+0x14c5370]}
.text  C:\Windows\System32\SettingSyncHost.exe[3060] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceW                                      00007fffe553ad44 6 bytes {JMP QWORD [RIP+0x14e52ec]}
.text  C:\Windows\System32\SettingSyncHost.exe[3060] C:\Windows\system32\USER32.dll!SendInput                                            00007fffe6bc1220 6 bytes {JMP QWORD [RIP+0x4cee10]}
.text  C:\Windows\System32\SettingSyncHost.exe[3060] C:\Windows\system32\USER32.dll!PostMessageW                                          00007fffe6bc2b00 6 bytes {JMP QWORD [RIP+0x54d530]}
.text  C:\Windows\System32\SettingSyncHost.exe[3060] C:\Windows\system32\USER32.dll!SendMessageW                                          00007fffe6bc6970 6 bytes {JMP QWORD [RIP+0x5096c0]}
.text  C:\Windows\System32\SettingSyncHost.exe[3060] C:\Windows\system32\USER32.dll!PostMessageA                                          00007fffe6bcbea0 6 bytes {JMP QWORD [RIP+0x524190]}
.text  C:\Windows\System32\SettingSyncHost.exe[3060] C:\Windows\system32\USER32.dll!SendMessageA                                          00007fffe6bdb640 6 bytes {JMP QWORD [RIP+0x4d49f0]}
.text  C:\Windows\System32\SettingSyncHost.exe[3060] C:\Windows\system32\USER32.dll!mouse_event                                          00007fffe6be2b88 6 bytes {JMP QWORD [RIP+0x46d4a8]}
.text  C:\Windows\System32\SettingSyncHost.exe[3060] C:\Windows\system32\USER32.dll!keybd_event                                          00007fffe6bf2bb0 6 bytes {JMP QWORD [RIP+0x47d480]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                  00007fffe6f167d0 5 bytes [FF, 25, 60, 98, 29]
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4732] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                            00007fffe6f167e0 5 bytes JMP 491
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                      00007fffe6f168a0 5 bytes [FF, 25, 90, 97, 2D]
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                    00007fffe6f16ac0 5 bytes JMP 650072
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4732] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                  00007fffe6f16b70 5 bytes [FF, 25, C0, 94, 25]
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4732] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                00007fffe6f171d0 5 bytes [FF, 25, 60, 8E, 27]
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4732] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                              00007fffe6f17c00 6 bytes {JMP QWORD [RIP+0x318430]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4732] C:\Windows\system32\KERNEL32.DLL!CreateProcessInternalW                      00007fffe47ed268 6 bytes JMP 0
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4732] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 198                      00007fffe45655e6 3 bytes [24, AA, 15]
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4732] C:\Windows\system32\USER32.dll!SendInput                                      00007fffe6bc1220 6 bytes {JMP QWORD [RIP+0x4cee10]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4732] C:\Windows\system32\USER32.dll!PostMessageW                                  00007fffe6bc2b00 6 bytes {JMP QWORD [RIP+0x54d530]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4732] C:\Windows\system32\USER32.dll!SendMessageW                                  00007fffe6bc6970 6 bytes {JMP QWORD [RIP+0x5096c0]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4732] C:\Windows\system32\USER32.dll!PostMessageA                                  00007fffe6bcbea0 6 bytes {JMP QWORD [RIP+0x524190]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4732] C:\Windows\system32\USER32.dll!SendMessageA                                  00007fffe6bdb640 6 bytes {JMP QWORD [RIP+0x4d49f0]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4732] C:\Windows\system32\USER32.dll!mouse_event                                    00007fffe6be2b88 6 bytes {JMP QWORD [RIP+0x46d4a8]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4732] C:\Windows\system32\USER32.dll!keybd_event                                    00007fffe6bf2bb0 6 bytes {JMP QWORD [RIP+0x47d480]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4732] C:\Windows\SYSTEM32\WINSPOOL.DRV!AddPrintProvidorA                            00007fffdfceb128 6 bytes {JMP QWORD [RIP+0x84f08]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4732] C:\Windows\SYSTEM32\WINSPOOL.DRV!AddPrintProvidorW                            00007fffdfcf36c8 6 bytes {JMP QWORD [RIP+0x9c968]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4732] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                              00007fffe553acc0 6 bytes {JMP QWORD [RIP+0x1bf5370]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4732] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                              00007fffe553ad44 6 bytes {JMP QWORD [RIP+0x1c152ec]}
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                            00007fffe6f167d0 4 bytes JMP 12600020
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                    00007fffe6f167e0 5 bytes [FF, 25, 50, 98, 2B]
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                              00007fffe6f168a0 5 bytes JMP 0
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                            00007fffe6f16ac0 5 bytes [FF, 25, 70, 95, 27]
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                            00007fffe6f16b70 5 bytes [FF, 25, C0, 94, 21]
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4592] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                        00007fffe6f171d0 5 bytes [FF, 25, 60, 8E, 23]
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                      00007fffe6f17c00 6 bytes {JMP QWORD [RIP+0x2d8430]}
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4592] C:\Windows\system32\KERNEL32.DLL!CreateProcessInternalW                00007fffe47ed268 6 bytes {JMP QWORD [RIP+0x1c2dc8]}
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4592] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 198                00007fffe45655e6 3 bytes [24, AA, 10]
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4592] C:\Windows\system32\USER32.dll!SendInput                              00007fffe6bc1220 6 bytes {JMP QWORD [RIP+0x4cee10]}
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4592] C:\Windows\system32\USER32.dll!PostMessageW                            00007fffe6bc2b00 6 bytes {JMP QWORD [RIP+0x54d530]}
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4592] C:\Windows\system32\USER32.dll!SendMessageW                            00007fffe6bc6970 6 bytes {JMP QWORD [RIP+0x5096c0]}
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4592] C:\Windows\system32\USER32.dll!PostMessageA                            00007fffe6bcbea0 6 bytes {JMP QWORD [RIP+0x524190]}
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4592] C:\Windows\system32\USER32.dll!SendMessageA                            00007fffe6bdb640 6 bytes {JMP QWORD [RIP+0x4d49f0]}
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4592] C:\Windows\system32\USER32.dll!mouse_event                            00007fffe6be2b88 6 bytes {JMP QWORD [RIP+0x46d4a8]}
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4592] C:\Windows\system32\USER32.dll!keybd_event                            00007fffe6bf2bb0 6 bytes {JMP QWORD [RIP+0x47d480]}
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4592] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                        00007fffe553acc0 6 bytes {JMP QWORD [RIP+0x14c5370]}
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4592] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                        00007fffe553ad44 6 bytes {JMP QWORD [RIP+0x14e52ec]}
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4592] C:\Windows\SYSTEM32\WINSPOOL.DRV!AddPrintProvidorA                    00007fffdfceb128 6 bytes {JMP QWORD [RIP+0x74f08]}
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4592] C:\Windows\SYSTEM32\WINSPOOL.DRV!AddPrintProvidorW                    00007fffdfcf36c8 6 bytes {JMP QWORD [RIP+0x8c968]}
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                            00007fffe6f167d0 4 bytes [FF, 25, 60, 98]
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4956] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                    00007fffe6f167e0 5 bytes JMP 4350524c
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                              00007fffe6f168a0 5 bytes [FF, 25, 90, 97, 29]
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                            00007fffe6f16ac0 5 bytes [FF, 25, 70, 95, 27]
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4956] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                            00007fffe6f16b70 5 bytes [FF, 25, C0, 94, 21]
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4956] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                        00007fffe6f171d0 5 bytes [FF, 25, 60, 8E, 23]
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4956] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                      00007fffe6f17c00 6 bytes JMP 6f0064
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4956] C:\Windows\system32\KERNEL32.DLL!CreateProcessInternalW                00007fffe47ed268 6 bytes {JMP QWORD [RIP+0x1c2dc8]}
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4956] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 198                00007fffe45655e6 3 bytes CALL 30002
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4956] C:\Windows\system32\USER32.dll!SendInput                              00007fffe6bc1220 6 bytes {JMP QWORD [RIP+0x4cee10]}
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4956] C:\Windows\system32\USER32.dll!PostMessageW                            00007fffe6bc2b00 6 bytes {JMP QWORD [RIP+0x54d530]}
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4956] C:\Windows\system32\USER32.dll!SendMessageW                            00007fffe6bc6970 6 bytes {JMP QWORD [RIP+0x5096c0]}
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4956] C:\Windows\system32\USER32.dll!PostMessageA                            00007fffe6bcbea0 6 bytes {JMP QWORD [RIP+0x524190]}
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4956] C:\Windows\system32\USER32.dll!SendMessageA                            00007fffe6bdb640 6 bytes {JMP QWORD [RIP+0x4d49f0]}
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4956] C:\Windows\system32\USER32.dll!mouse_event                            00007fffe6be2b88 6 bytes {JMP QWORD [RIP+0x46d4a8]}
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4956] C:\Windows\system32\USER32.dll!keybd_event                            00007fffe6bf2bb0 6 bytes {JMP QWORD [RIP+0x47d480]}
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4956] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                        00007fffe553acc0 6 bytes {JMP QWORD [RIP+0x14c5370]}
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4956] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                        00007fffe553ad44 6 bytes {JMP QWORD [RIP+0x14e52ec]}
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4956] C:\Windows\SYSTEM32\WINSPOOL.DRV!AddPrintProvidorA                    00007fffdfceb128 6 bytes {JMP QWORD [RIP+0x74f08]}
.text  C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE[4956] C:\Windows\SYSTEM32\WINSPOOL.DRV!AddPrintProvidorW                    00007fffdfcf36c8 6 bytes {JMP QWORD [RIP+0x8c968]}
.text  C:\Windows\WinStore\WSHost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                  00007fffe6f167d0 4 bytes [FF, 25, 60, 98]
.text  C:\Windows\WinStore\WSHost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                            00007fffe6f167e0 5 bytes [FF, 25, 50, 98, 2B]
.text  C:\Windows\WinStore\WSHost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                      00007fffe6f168a0 5 bytes [FF, 25, 90, 97, 29]
.text  C:\Windows\WinStore\WSHost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                    00007fffe6f16ac0 5 bytes [FF, 25, 70, 95, 27]
.text  C:\Windows\WinStore\WSHost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                  00007fffe6f16b70 5 bytes [FF, 25, C0, 94, 21]
.text  C:\Windows\WinStore\WSHost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                00007fffe6f171d0 5 bytes [FF, 25, 60, 8E, 23]
.text  C:\Windows\WinStore\WSHost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                              00007fffe6f17c00 6 bytes {JMP QWORD [RIP+0x2d8430]}
.text  C:\Windows\WinStore\WSHost.exe[5400] C:\Windows\system32\KERNEL32.DLL!CreateProcessInternalW                                      00007fffe47ed268 6 bytes {JMP QWORD [RIP+0x1c2dc8]}
.text  C:\Windows\WinStore\WSHost.exe[5400] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 198                                      00007fffe45655e6 3 bytes [24, AA, 10]
.text  C:\Windows\WinStore\WSHost.exe[5400] C:\Windows\system32\USER32.dll!SendInput                                                      00007fffe6bc1220 6 bytes {JMP QWORD [RIP+0x4cee10]}
.text  C:\Windows\WinStore\WSHost.exe[5400] C:\Windows\system32\USER32.dll!PostMessageW                                                  00007fffe6bc2b00 6 bytes {JMP QWORD [RIP+0x54d530]}
.text  C:\Windows\WinStore\WSHost.exe[5400] C:\Windows\system32\USER32.dll!SendMessageW                                                  00007fffe6bc6970 6 bytes {JMP QWORD [RIP+0x5096c0]}
.text  C:\Windows\WinStore\WSHost.exe[5400] C:\Windows\system32\USER32.dll!PostMessageA                                                  00007fffe6bcbea0 6 bytes {JMP QWORD [RIP+0x524190]}
.text  C:\Windows\WinStore\WSHost.exe[5400] C:\Windows\system32\USER32.dll!SendMessageA                                                  00007fffe6bdb640 6 bytes {JMP QWORD [RIP+0x4d49f0]}
.text  C:\Windows\WinStore\WSHost.exe[5400] C:\Windows\system32\USER32.dll!mouse_event                                                    00007fffe6be2b88 6 bytes {JMP QWORD [RIP+0x46d4a8]}
.text  C:\Windows\WinStore\WSHost.exe[5400] C:\Windows\system32\USER32.dll!keybd_event                                                    00007fffe6bf2bb0 6 bytes {JMP QWORD [RIP+0x47d480]}
.text  C:\Windows\WinStore\WSHost.exe[5400] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                              00007fffe553acc0 6 bytes {JMP QWORD [RIP+0x14c5370]}
.text  C:\Windows\WinStore\WSHost.exe[5400] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                              00007fffe553ad44 6 bytes {JMP QWORD [RIP+0x14e52ec]}
.text  C:\Windows\WinStore\WSHost.exe[5400] C:\Windows\System32\msi.dll!MsiSetInternalUI                                                  00007fffd2b2b484 6 bytes {JMP QWORD [RIP+0x304bac]}
.text  C:\Windows\WinStore\WSHost.exe[5400] C:\Windows\System32\msi.dll!MsiInstallProductA                                                00007fffd2ba9114 6 bytes {JMP QWORD [RIP+0x246f1c]}
.text  C:\Windows\WinStore\WSHost.exe[5400] C:\Windows\System32\msi.dll!MsiInstallProductW                                                00007fffd2ba93b4 6 bytes {JMP QWORD [RIP+0x266c7c]}
.text  C:\Windows\WinStore\WSHost.exe[5400] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW                                        000000c99a303330 6 bytes {JMP QWORD [RIP+0xeacd00]}
.text  C:\Windows\WinStore\WSHost.exe[5400] C:\Windows\system32\WS2_32.dll!connect + 1                                                    000000c99a3107f1 5 bytes {JMP QWORD [RIP+0xe0f840]}
.text  C:\Windows\WinStore\WSHost.exe[5400] C:\Windows\system32\WS2_32.dll!listen                                                        000000c99a314160 6 bytes {JMP QWORD [RIP+0xe6bed0]}
.text  C:\Windows\WinStore\WSHost.exe[5400] C:\Windows\system32\WS2_32.dll!WSAConnect                                                    000000c99a3169b0 6 bytes {JMP QWORD [RIP+0xe39680]}
.text  C:\Windows\explorer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                          00007fffe6f167d0 4 bytes [FF, 25, 60, 98]
.text  C:\Windows\explorer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                                  00007fffe6f167e0 5 bytes [FF, 25, 50, 98, 2B]
.text  C:\Windows\explorer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                            00007fffe6f168a0 5 bytes [FF, 25, 90, 97, 29]
.text  C:\Windows\explorer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                          00007fffe6f16ac0 5 bytes [FF, 25, 70, 95, 27]
.text  C:\Windows\explorer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                          00007fffe6f16b70 5 bytes [FF, 25, C0, 94, 21]
.text  C:\Windows\explorer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                      00007fffe6f171d0 5 bytes [FF, 25, 60, 8E, 23]
.text  C:\Windows\explorer.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                    00007fffe6f17c00 6 bytes {JMP QWORD [RIP+0x2d8430]}
.text  C:\Windows\explorer.exe[4892] C:\Windows\system32\KERNEL32.DLL!CreateProcessInternalW                                              00007fffe47ed268 6 bytes {JMP QWORD [RIP+0x1c2dc8]}
.text  C:\Windows\explorer.exe[4892] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 198                                              00007fffe45655e6 3 bytes [24, AA, 10]
.text  C:\Windows\explorer.exe[4892] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceA                                                      00007fffe553acc0 6 bytes JMP 1
.text  C:\Windows\explorer.exe[4892] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceW                                                      00007fffe553ad44 6 bytes JMP 0
.text  C:\Windows\explorer.exe[4892] C:\Windows\system32\USER32.dll!SendInput                                                            00007fffe6bc1220 6 bytes JMP 140a1211
.text  C:\Windows\explorer.exe[4892] C:\Windows\system32\USER32.dll!PostMessageW                                                          00007fffe6bc2b00 6 bytes JMP 0
.text  C:\Windows\explorer.exe[4892] C:\Windows\system32\USER32.dll!SendMessageW                                                          00007fffe6bc6970 6 bytes JMP 0
.text  C:\Windows\explorer.exe[4892] C:\Windows\system32\USER32.dll!PostMessageA                                                          00007fffe6bcbea0 6 bytes {JMP QWORD [RIP+0x524190]}
.text  C:\Windows\explorer.exe[4892] C:\Windows\system32\USER32.dll!SendMessageA                                                          00007fffe6bdb640 6 bytes JMP ff000000
.text  C:\Windows\explorer.exe[4892] C:\Windows\system32\USER32.dll!mouse_event                                                          00007fffe6be2b88 6 bytes {JMP QWORD [RIP+0x46d4a8]}
.text  C:\Windows\explorer.exe[4892] C:\Windows\system32\USER32.dll!keybd_event                                                          00007fffe6bf2bb0 6 bytes {JMP QWORD [RIP+0x47d480]}
.text  C:\Windows\explorer.exe[4892] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                              00007fffe528169a 4 bytes [28, E5, FF, 7F]
.text  C:\Windows\explorer.exe[4892] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                              00007fffe52816a2 4 bytes [28, E5, FF, 7F]
.text  C:\Windows\explorer.exe[4892] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118                                                  00007fffe528181a 4 bytes [28, E5, FF, 7F]
.text  C:\Windows\explorer.exe[4892] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142                                                  00007fffe5281832 4 bytes [28, E5, FF, 7F]
.text  C:\Windows\explorer.exe[4892] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorA                                                  00007fffdfceb128 6 bytes {JMP QWORD [RIP+0x74f08]}
.text  C:\Windows\explorer.exe[4892] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorW                                                  00007fffdfcf36c8 6 bytes {JMP QWORD [RIP+0xfc968]}
.text  C:\Windows\explorer.exe[4892] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW                                                000000000e5b3330 6 bytes {JMP QWORD [RIP+0x14cd00]}
.text  C:\Windows\explorer.exe[4892] C:\Windows\system32\WS2_32.dll!connect + 1                                                          000000000e5c07f1 5 bytes {JMP QWORD [RIP+0xcf840]}
.text  C:\Windows\explorer.exe[4892] C:\Windows\system32\WS2_32.dll!listen                                                                000000000e5c4160 6 bytes {JMP QWORD [RIP+0x10bed0]}
.text  C:\Windows\explorer.exe[4892] C:\Windows\system32\WS2_32.dll!WSAConnect                                                            000000000e5c69b0 6 bytes {JMP QWORD [RIP+0xe9680]}
.text  C:\Windows\explorer.exe[4892] C:\Windows\SYSTEM32\msi.dll!MsiSetInternalUI                                                        00007fffd2b2b484 6 bytes {JMP QWORD [RIP+0x304bac]}
.text  C:\Windows\explorer.exe[4892] C:\Windows\SYSTEM32\msi.dll!MsiInstallProductA                                                      00007fffd2ba9114 6 bytes {JMP QWORD [RIP+0x246f1c]}
.text  C:\Windows\explorer.exe[4892] C:\Windows\SYSTEM32\msi.dll!MsiInstallProductW                                                      00007fffd2ba93b4 6 bytes {JMP QWORD [RIP+0x266c7c]}
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSPanel.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                00007fffe6f167d0 4 bytes [FF, 25, 60, 98]
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSPanel.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile        00007fffe6f167e0 5 bytes [FF, 25, 50, 98, 2B]
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSPanel.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                  00007fffe6f168a0 5 bytes [FF, 25, 90, 97, 29]
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSPanel.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                00007fffe6f16ac0 5 bytes [FF, 25, 70, 95, 27]
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSPanel.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                00007fffe6f16b70 5 bytes [FF, 25, C0, 94, 21]
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSPanel.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey            00007fffe6f171d0 5 bytes [FF, 25, 60, 8E, 23]
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSPanel.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread          00007fffe6f17c00 6 bytes {JMP QWORD [RIP+0x2d8430]}
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSPanel.exe[5724] C:\Windows\system32\KERNEL32.dll!CreateProcessInternalW    00007fffe47ed268 6 bytes {JMP QWORD [RIP+0x1c2dc8]}
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSPanel.exe[5724] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 198    00007fffe45655e6 3 bytes [24, AA, 10]
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSPanel.exe[5724] C:\Windows\system32\USER32.dll!SendInput                  00007fffe6bc1220 6 bytes {JMP QWORD [RIP+0x4cee10]}
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSPanel.exe[5724] C:\Windows\system32\USER32.dll!PostMessageW                00007fffe6bc2b00 6 bytes {JMP QWORD [RIP+0x54d530]}
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSPanel.exe[5724] C:\Windows\system32\USER32.dll!SendMessageW                00007fffe6bc6970 6 bytes {JMP QWORD [RIP+0x5096c0]}
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSPanel.exe[5724] C:\Windows\system32\USER32.dll!PostMessageA                00007fffe6bcbea0 6 bytes {JMP QWORD [RIP+0x524190]}
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSPanel.exe[5724] C:\Windows\system32\USER32.dll!SendMessageA                00007fffe6bdb640 6 bytes {JMP QWORD [RIP+0x4d49f0]}
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSPanel.exe[5724] C:\Windows\system32\USER32.dll!mouse_event                00007fffe6be2b88 6 bytes {JMP QWORD [RIP+0x46d4a8]}
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSPanel.exe[5724] C:\Windows\system32\USER32.dll!keybd_event                00007fffe6bf2bb0 6 bytes {JMP QWORD [RIP+0x47d480]}
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSPanel.exe[5724] C:\Windows\system32\ADVAPI32.dll!CreateServiceA            00007fffe553acc0 6 bytes {JMP QWORD [RIP+0x14c5370]}
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSPanel.exe[5724] C:\Windows\system32\ADVAPI32.dll!CreateServiceW            00007fffe553ad44 6 bytes {JMP QWORD [RIP+0x14e52ec]}
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSPanel.exe[5724] C:\Windows\system32\ws2_32.dll!WSALookupServiceBeginW      000000001d4d3330 6 bytes {JMP QWORD [RIP+0x13cd00]}
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSPanel.exe[5724] C:\Windows\system32\ws2_32.dll!connect + 1                000000001d4e07f1 5 bytes {JMP QWORD [RIP+0xcf840]}
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSPanel.exe[5724] C:\Windows\system32\ws2_32.dll!listen                      000000001d4e4160 6 bytes {JMP QWORD [RIP+0x10bed0]}
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSPanel.exe[5724] C:\Windows\system32\ws2_32.dll!WSAConnect                  000000001d4e69b0 6 bytes {JMP QWORD [RIP+0xe9680]}
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSPanel.exe[5724] C:\Windows\SYSTEM32\rasapi32.dll!RasDialW + 1              00007fffc47db571 5 bytes {JMP QWORD [RIP+0x94ac0]}
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSService.exe[5976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess              00007fffe6f167d0 4 bytes [FF, 25, 60, 98]
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSService.exe[5976] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile      00007fffe6f167e0 5 bytes [FF, 25, 50, 98, 2B]
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSService.exe[5976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                00007fffe6f168a0 5 bytes [FF, 25, 90, 97, 29]
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSService.exe[5976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile              00007fffe6f16ac0 5 bytes [FF, 25, 70, 95, 27]
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSService.exe[5976] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey              00007fffe6f16b70 5 bytes [FF, 25, C0, 94, 21]
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSService.exe[5976] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey          00007fffe6f171d0 5 bytes [FF, 25, 60, 8E, 23]
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSService.exe[5976] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread        00007fffe6f17c00 6 bytes {JMP QWORD [RIP+0x2d8430]}
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSService.exe[5976] C:\Windows\system32\KERNEL32.dll!CreateProcessInternalW  00007fffe47ed268 6 bytes {JMP QWORD [RIP+0x1c2dc8]}
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSService.exe[5976] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 198  00007fffe45655e6 3 bytes [24, AA, 10]
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSService.exe[5976] C:\Windows\system32\USER32.dll!SendInput                00007fffe6bc1220 6 bytes {JMP QWORD [RIP+0x4cee10]}
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSService.exe[5976] C:\Windows\system32\USER32.dll!PostMessageW              00007fffe6bc2b00 6 bytes {JMP QWORD [RIP+0x54d530]}
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSService.exe[5976] C:\Windows\system32\USER32.dll!SendMessageW              00007fffe6bc6970 6 bytes {JMP QWORD [RIP+0x5096c0]}
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSService.exe[5976] C:\Windows\system32\USER32.dll!PostMessageA              00007fffe6bcbea0 6 bytes {JMP QWORD [RIP+0x524190]}
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSService.exe[5976] C:\Windows\system32\USER32.dll!SendMessageA              00007fffe6bdb640 6 bytes {JMP QWORD [RIP+0x4d49f0]}
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSService.exe[5976] C:\Windows\system32\USER32.dll!mouse_event              00007fffe6be2b88 6 bytes {JMP QWORD [RIP+0x46d4a8]}
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSService.exe[5976] C:\Windows\system32\USER32.dll!keybd_event              00007fffe6bf2bb0 6 bytes {JMP QWORD [RIP+0x47d480]}
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSService.exe[5976] C:\Windows\system32\ADVAPI32.dll!CreateServiceA          00007fffe553acc0 6 bytes JMP 2c0f0000
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSService.exe[5976] C:\Windows\system32\ADVAPI32.dll!CreateServiceW          00007fffe553ad44 6 bytes {JMP QWORD [RIP+0x14e52ec]}
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSService.exe[5976] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW    000000001b6b3330 6 bytes {JMP QWORD [RIP+0x16cd00]}
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSService.exe[5976] C:\Windows\system32\WS2_32.dll!connect + 1              000000001b6c07f1 5 bytes {JMP QWORD [RIP+0xdf840]}
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSService.exe[5976] C:\Windows\system32\WS2_32.dll!listen                    000000001b6c4160 6 bytes {JMP QWORD [RIP+0x12bed0]}
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSService.exe[5976] C:\Windows\system32\WS2_32.dll!WSAConnect                000000001b6c69b0 6 bytes {JMP QWORD [RIP+0xf9680]}
.text  C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSService.exe[5976] C:\Windows\SYSTEM32\rasapi32.dll!RasDialW + 1            00007fffc47db571 5 bytes {JMP QWORD [RIP+0x94ac0]}
.text  C:\Windows\system32\conhost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                  00007fffe6f167d0 4 bytes [FF, 25, 60, 98]
.text  C:\Windows\system32\conhost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                          00007fffe6f167e0 5 bytes [FF, 25, 50, 98, 2B]
.text  C:\Windows\system32\conhost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                    00007fffe6f168a0 5 bytes [FF, 25, 90, 97, 29]
.text  C:\Windows\system32\conhost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                  00007fffe6f16ac0 5 bytes [FF, 25, 70, 95, 27]
.text  C:\Windows\system32\conhost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                  00007fffe6f16b70 5 bytes [FF, 25, C0, 94, 21]
.text  C:\Windows\system32\conhost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                              00007fffe6f171d0 5 bytes [FF, 25, 60, 8E, 23]
.text  C:\Windows\system32\conhost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                            00007fffe6f17c00 6 bytes {JMP QWORD [RIP+0x2d8430]}
.text  C:\Windows\system32\conhost.exe[2916] C:\Windows\system32\KERNEL32.DLL!CreateProcessInternalW                                      00007fffe47ed268 6 bytes {JMP QWORD [RIP+0x1c2dc8]}
.text  C:\Windows\system32\conhost.exe[2916] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 198                                      00007fffe45655e6 3 bytes [24, AA, 10]
.text  C:\Windows\system32\conhost.exe[2916] C:\Windows\system32\USER32.dll!SendInput                                                    00007fffe6bc1220 6 bytes {JMP QWORD [RIP+0x4cee10]}
.text  C:\Windows\system32\conhost.exe[2916] C:\Windows\system32\USER32.dll!PostMessageW                                                  00007fffe6bc2b00 6 bytes {JMP QWORD [RIP+0x54d530]}
.text  C:\Windows\system32\conhost.exe[2916] C:\Windows\system32\USER32.dll!SendMessageW                                                  00007fffe6bc6970 6 bytes {JMP QWORD [RIP+0x5096c0]}
.text  C:\Windows\system32\conhost.exe[2916] C:\Windows\system32\USER32.dll!PostMessageA                                                  00007fffe6bcbea0 6 bytes {JMP QWORD [RIP+0x524190]}
.text  C:\Windows\system32\conhost.exe[2916] C:\Windows\system32\USER32.dll!SendMessageA                                                  00007fffe6bdb640 6 bytes {JMP QWORD [RIP+0x4d49f0]}
.text  C:\Windows\system32\conhost.exe[2916] C:\Windows\system32\USER32.dll!mouse_event                                                  00007fffe6be2b88 6 bytes {JMP QWORD [RIP+0x46d4a8]}
.text  C:\Windows\system32\conhost.exe[2916] C:\Windows\system32\USER32.dll!keybd_event                                                  00007fffe6bf2bb0 6 bytes {JMP QWORD [RIP+0x47d480]}
.text  C:\Windows\system32\conhost.exe[2916] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                              00007fffe553acc0 6 bytes {JMP QWORD [RIP+0x14c5370]}
.text  C:\Windows\system32\conhost.exe[2916] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                              00007fffe553ad44 6 bytes {JMP QWORD [RIP+0x14e52ec]}

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [640:668]                                                                                            fffff960008154d0
Thread  C:\Windows\explorer.exe [4892:556]                                                                                                00007fffd03dd6bc
Thread  C:\Windows\explorer.exe [4892:5176]                                                                                                00007fffd03dd6bc
Thread  C:\Windows\explorer.exe [4892:5172]                                                                                                00007fffd03dd6bc
Thread  C:\Windows\explorer.exe [4892:5540]                                                                                                00007fffd03dd6bc

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                              unknown MBR code

---- EOF - GMER 2.1 ----
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 8.1 x64
Ran by Jochen on 11.12.2014 at 19:17:49,76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.12.2014 at 19:23:58,91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 11.12.2014
Suchlauf-Zeit: 18:52:21
Logdatei: MALWAREBYTES.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2014.12.11.04
Rootkit Datenbank: v2014.12.08.03
Lizenz: Premium
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Aktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Jochen

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 384991
Verstrichene Zeit: 5 Min, 59 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
OK, scheint verschwunden zu sein.

Dankeschön für Deine Zeit.

schrauber 12.12.2014 23:12
ja sieht alles gut aus :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:04 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19