Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Mc Afee Echtzeitscan deaktiviert sich von selbst. (https://www.trojaner-board.de/168950-mc-afee-echtzeitscan-deaktiviert-selbst.html)

bkeskin 23.07.2015 18:56
Mc Afee Echtzeitscan deaktiviert sich von selbst.
 
Hallo Allesamt,

ich habe seit mehreren Tagen Probleme mit meinem Notebook,
Mein Ping schwankt ungewöhnlich stark, und mein Notebook hängt sich des öfteren auf.
Auch bei vermeintlichem Leerlauf, lässt sich eine starke CPU und Speicher Auslastung feststellen.
Seit heute kam noch das Problem dazu, dass sich mein MC Afee Echtzeitscan von alleine ausschaltet. Auch beim aktivieren, deaktiviert sich der Echtzeitscan sofort.

Noch zur Info, das System wurde vor 3 Tagen komplett neu aufgesetzt da ich zuvor schon derartige Probleme hatte (Plötzlicher Absturz nach starten eines YouTube Videos, sowie fehlerhaftes Booten).

In der ganzen Zeit hat kein Scanner i.welche Befunde gemeldet (Zunächst Kaspersky jetzt wieder MC Afee).

Vielleicht kann mir jemand von euch helfen :confused: .

Und schonmal vielen Dank.

FRST.txt

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Baris (administrator) on BARIS-PC on 23-07-2015 19:39:35
Running from C:\Users\Baris\Desktop
Loaded Profiles: Baris (Available Profiles: Baris)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.5.495.0\McCSPServiceHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\Core\mchost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Baris\Downloads\Defogger.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17280_none_6224eed751126779\TiWorker.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [899680 2013-02-04] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2013-03-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2015-05-12] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2015-05-12] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-02-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-03-01] (Vimicro)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [616272 2015-05-13] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-25] (Atheros Communications)
HKU\S-1-5-21-2752069299-2962197746-3765214069-1001\...\Run: [GoogleChromeAutoLaunch_121E4FBB418E60E50B174D01AED06BD7] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-13] (Google Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2752069299-2962197746-3765214069-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2752069299-2962197746-3765214069-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-2752069299-2962197746-3765214069-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-2752069299-2962197746-3765214069-1001 -> DefaultScope {C4EEC731-2437-4221-BD3C-BEAC8A0557A1} URL =
SearchScopes: HKU\S-1-5-21-2752069299-2962197746-3765214069-1001 -> {C4EEC731-2437-4221-BD3C-BEAC8A0557A1} URL =
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-05-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-05-13] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{1CC1E401-3DEE-41B5-9233-83C3062221C5}: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-12-13] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-2752069299-2962197746-3765214069-1001: @jazz-soft.com/JazzPlugin -> C:\Program Files (x86)\Jazz-Soft\Jazz-Plugin\npJazz.dll [2014-12-07] (Jazz-Soft)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-05-12]

Chrome:
=======
CHR Profile: C:\Users\Baris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Baris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-20]
CHR Extension: (StudyMode.com) - C:\Users\Baris\AppData\Local\Google\Chrome\User Data\Default\Extensions\afhaomgjckjnioommpjdnanglalimoon [2015-07-20]
CHR Extension: (Google Docs) - C:\Users\Baris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-20]
CHR Extension: (Google Drive) - C:\Users\Baris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-20]
CHR Extension: (WiBit) - C:\Users\Baris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejaaogemoligmkbmeafkhnaegkggihf [2015-07-20]
CHR Extension: (Web Developer) - C:\Users\Baris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2015-07-20]
CHR Extension: (YouTube) - C:\Users\Baris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-20]
CHR Extension: (GeoGebra) - C:\Users\Baris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2015-07-20]
CHR Extension: (my code stock.com) - C:\Users\Baris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnlabgojebipbkffbebpecgapkakdikp [2015-07-20]
CHR Extension: (Cash Organizer) - C:\Users\Baris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bppdehaogjdmkkiaiokmjdjmjnjicddk [2015-07-20]
CHR Extension: (GistBox Clipper) - C:\Users\Baris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cejmhmbmafamjegaebkjhnckhepgmido [2015-07-20]
CHR Extension: (Daylight Map & Time Zone) - C:\Users\Baris\AppData\Local\Google\Chrome\User Data\Default\Extensions\chkjdbfmbgffpbmkihefmpmeonemloom [2015-07-20]
CHR Extension: (TypingWeb Typing Tutor) - C:\Users\Baris\AppData\Local\Google\Chrome\User Data\Default\Extensions\clcgempicojkfhpnepfecmklndooebjk [2015-07-20]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Baris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnemmpobpfaichgccgcilgncfigplmol [2015-07-20]
CHR Extension: (Google Search) - C:\Users\Baris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-20]
CHR Extension: (Drillster) - C:\Users\Baris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbmomjeimciggnjmhmdildpiahnmooeo [2015-07-20]
CHR Extension: (Translate Language) - C:\Users\Baris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehihmefpkkchenckklpjmfaaobbfacij [2015-07-20]
CHR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\Baris\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-07-20]
CHR Extension: (Google Sheets) - C:\Users\Baris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-20]
CHR Extension: (NetBeans Connector) - C:\Users\Baris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hafdlehgocfcodbgjnpecfajgkeejnaa [2015-07-20]
CHR Extension: (JetBrains IDE Support) - C:\Users\Baris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhgeddbohgjknpmjagkdomcpobmllji [2015-07-20]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Baris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-07-20]
CHR Extension: (ITCuties - Programming tutorials) - C:\Users\Baris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeemidmojgepddbdklfdhohlneaikpbl [2015-07-20]
CHR Extension: (World Data Atlas) - C:\Users\Baris\AppData\Local\Google\Chrome\User Data\Default\Extensions\knlgfedckdhkgjinnhogmhkbcjpmmhko [2015-07-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Baris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-20]
CHR Extension: (EXIF Viewer) - C:\Users\Baris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafpfdcmppffipmhcpkbplhkoiekndck [2015-07-20]
CHR Extension: (Hangouts) - C:\Users\Baris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-07-20]
CHR Extension: (Google Wallet) - C:\Users\Baris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-20]
CHR Extension: (ColorPick Eyedropper) - C:\Users\Baris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohcpnigalekghcmgcdcenkpelffpdolg [2015-07-20]
CHR Extension: (MathStudio) - C:\Users\Baris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpedkecdcnobiheblbhgleenlbdoknp [2015-07-20]
CHR Extension: (Gmail) - C:\Users\Baris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 0293321437671973mcinstcleanup; C:\WINDOWS\TEMP\029332~1.EXE [883024 2015-05-04] (McAfee, Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-25] (Qualcomm Atheros Commnucations) [File not signed]
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [92160 2013-02-25] (ELAN Microelectronics Corp.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [754280 2015-05-13] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [207344 2015-06-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [609592 2015-05-05] (McAfee, Inc.)
S2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-01-24] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36520 2012-09-13] (Advanced Micro Devices, Inc.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-24] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [198448 2015-04-27] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1045248 2013-03-01] (Vimicro Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
U3 fgdoqpod; \??\C:\Users\Baris\AppData\Local\Temp\fgdoqpod.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-23 19:39 - 2015-07-23 19:39 - 00020542 _____ C:\Users\Baris\Desktop\FRST.txt
2015-07-23 19:39 - 2015-07-23 19:39 - 00000000 ____D C:\FRST
2015-07-23 19:34 - 2015-07-23 19:34 - 00000472 _____ C:\Users\Baris\Downloads\defogger_disable.log
2015-07-23 19:34 - 2015-07-23 19:34 - 00000000 _____ C:\Users\Baris\defogger_reenable
2015-07-23 19:33 - 2015-07-23 19:34 - 02135552 _____ (Farbar) C:\Users\Baris\Desktop\FRST64.exe
2015-07-23 19:33 - 2015-07-23 19:33 - 00050477 _____ C:\Users\Baris\Downloads\Defogger.exe
2015-07-23 19:24 - 2015-07-23 19:24 - 00380416 _____ C:\Users\Baris\Downloads\jf03w4lq.exe
2015-07-23 19:13 - 2015-07-23 19:13 - 00281784 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-23 17:18 - 2015-07-13 23:22 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-23 17:18 - 2015-07-13 23:22 - 00177632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-23 17:12 - 2015-04-27 08:02 - 00198448 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2015-07-23 17:10 - 2015-07-23 17:10 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2015-07-23 17:10 - 2015-07-23 17:10 - 00000000 ____D C:\WINDOWS\system32\AutoUpdateLicense
2015-07-22 17:15 - 2015-03-04 09:26 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AutoUpdate.exe
2015-07-22 17:15 - 2015-03-04 09:26 - 00467952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe
2015-07-22 17:15 - 2015-03-04 09:26 - 00011105 _____ C:\WINDOWS\system32\AutoconfigV2.cab
2015-07-22 17:15 - 2015-03-04 08:41 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-07-22 17:15 - 2015-03-04 08:41 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-22 17:15 - 2015-03-04 06:53 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-07-22 17:15 - 2015-03-04 06:53 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-22 17:15 - 2014-10-22 03:01 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-07-22 17:15 - 2014-10-22 03:00 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-07-21 21:49 - 2014-07-12 06:41 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL
2015-07-21 21:49 - 2014-07-12 06:41 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL
2015-07-21 21:49 - 2014-07-12 06:41 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL
2015-07-21 21:49 - 2014-07-12 06:41 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL
2015-07-21 21:49 - 2014-07-12 06:41 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL
2015-07-21 21:49 - 2014-07-12 06:41 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL
2015-07-21 21:49 - 2014-07-12 06:16 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRUM.DLL
2015-07-21 21:49 - 2014-07-12 06:16 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYAK.DLL
2015-07-21 21:49 - 2014-07-12 06:16 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAT.DLL
2015-07-21 21:49 - 2014-07-12 06:16 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU1.DLL
2015-07-21 21:49 - 2014-07-12 06:16 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU.DLL
2015-07-21 21:49 - 2014-07-12 06:15 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBASH.DLL
2015-07-21 21:49 - 2014-07-09 00:33 - 00181248 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
2015-07-21 21:49 - 2014-07-09 00:32 - 01539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2015-07-21 21:49 - 2014-07-09 00:32 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2015-07-21 21:49 - 2014-07-09 00:30 - 01220608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2015-07-21 21:49 - 2014-07-07 07:52 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-07-21 21:49 - 2014-07-07 07:52 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-07-21 21:49 - 2014-07-04 12:52 - 00328000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2015-07-21 21:49 - 2014-06-28 09:01 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2015-07-21 21:49 - 2014-06-28 08:56 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2015-07-21 21:49 - 2014-06-18 01:27 - 02032640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2015-07-21 21:49 - 2014-06-18 01:23 - 02238464 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2015-07-21 21:49 - 2014-06-11 16:47 - 02842112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2015-07-21 21:49 - 2014-06-11 06:40 - 02620928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2015-07-21 21:49 - 2014-06-11 00:44 - 01403896 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-07-21 21:49 - 2014-02-04 12:57 - 01271664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-07-21 21:47 - 2015-07-21 21:47 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-21 20:28 - 2014-10-09 06:00 - 01519104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2015-07-21 20:28 - 2014-10-09 06:00 - 01484288 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2015-07-21 20:28 - 2014-10-09 06:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
2015-07-21 20:28 - 2014-10-09 05:59 - 01195520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2015-07-21 20:28 - 2014-10-09 05:59 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll
2015-07-21 19:58 - 2015-01-09 08:43 - 00951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-07-21 19:58 - 2015-01-09 07:03 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-07-21 19:54 - 2015-04-30 15:07 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-21 19:54 - 2015-04-30 15:07 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-07-21 19:51 - 2014-07-16 00:51 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2015-07-21 19:33 - 2015-07-21 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-07-20 22:51 - 2015-07-20 22:51 - 00216576 _____ C:\Users\Baris\Downloads\Jazz-Plugin-1-4.msi
2015-07-20 22:51 - 2015-07-20 22:51 - 00000000 ____D C:\Program Files (x86)\Jazz-Soft
2015-07-20 22:18 - 2015-07-20 22:20 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2752069299-2962197746-3765214069-1001
2015-07-20 22:15 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-07-20 22:15 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-07-20 22:15 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-07-20 22:15 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2015-07-20 22:15 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-07-20 22:15 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2015-07-20 22:15 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2015-07-20 22:15 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-07-20 22:15 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe
2015-07-20 22:15 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsutil.dll
2015-07-20 22:15 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2015-07-20 22:15 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2015-07-20 22:15 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2015-07-20 22:15 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-07-20 22:15 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-07-20 22:15 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2015-07-20 22:15 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2015-07-20 22:15 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2015-07-20 22:15 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthAvrcpTg.sys
2015-07-20 22:15 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-07-20 22:15 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-07-20 22:13 - 2015-07-20 22:13 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-20 22:13 - 2015-07-20 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-20 22:12 - 2015-07-23 19:22 - 00001136 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-20 22:12 - 2015-07-23 19:15 - 00001132 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-20 22:12 - 2015-07-20 22:17 - 00004108 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-20 22:12 - 2015-07-20 22:17 - 00003872 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-20 22:12 - 2015-07-20 22:13 - 00000000 ____D C:\Users\Baris\AppData\Local\Google
2015-07-20 22:12 - 2015-07-20 22:12 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-20 22:12 - 2014-03-25 01:42 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2015-07-20 22:12 - 2014-03-25 00:56 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2015-07-20 22:12 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-07-20 22:12 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2015-07-20 22:12 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2015-07-20 22:12 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2015-07-20 22:12 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-07-20 22:12 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2015-07-20 22:12 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2015-07-20 22:12 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2015-07-20 22:12 - 2013-10-05 08:10 - 00285016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2015-07-20 22:12 - 2013-08-30 07:19 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2015-07-20 22:12 - 2013-08-30 07:18 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2015-07-20 22:12 - 2013-08-30 01:48 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2015-07-20 22:12 - 2013-08-30 01:47 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2015-07-20 22:11 - 2015-07-20 22:12 - 00000000 ____D C:\Users\Baris\AppData\Local\Deployment
2015-07-20 22:11 - 2015-07-20 22:11 - 00000000 ____D C:\Users\Baris\AppData\Local\Apps\2.0
2015-07-20 22:10 - 2013-08-30 07:43 - 00061784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2015-07-20 22:10 - 2013-08-30 07:20 - 01173504 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-07-20 22:10 - 2013-08-30 01:48 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-07-20 22:10 - 2013-08-21 08:39 - 00465240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2015-07-20 22:10 - 2013-08-10 08:30 - 00151896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2015-07-20 22:10 - 2013-07-25 01:10 - 10799104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-07-20 22:10 - 2013-07-25 01:07 - 13661696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-07-20 22:09 - 2013-07-09 10:04 - 00120144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2015-07-20 22:09 - 2013-07-09 05:57 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll
2015-07-20 22:09 - 2013-07-09 00:46 - 00543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-07-20 22:09 - 2013-07-09 00:46 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-07-20 22:09 - 2013-07-09 00:46 - 00370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanadvui.dll
2015-07-20 22:09 - 2013-07-09 00:45 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2015-07-20 22:09 - 2013-07-03 02:23 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2015-07-20 22:09 - 2013-07-03 02:22 - 02839552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-20 22:09 - 2013-07-03 02:11 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2015-07-20 22:09 - 2013-07-03 02:10 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-07-20 22:09 - 2013-07-01 00:30 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\openfiles.exe
2015-07-20 22:09 - 2013-07-01 00:29 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\openfiles.exe
2015-07-20 22:09 - 2013-06-29 08:15 - 00195416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-07-20 22:09 - 2013-06-29 08:15 - 00125784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-07-20 22:09 - 2013-06-26 05:01 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-07-20 22:09 - 2013-06-26 04:59 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HdAudio.sys
2015-07-20 22:09 - 2013-06-25 00:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-07-20 22:09 - 2013-06-19 07:36 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll
2015-07-20 22:09 - 2013-06-19 07:36 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll
2015-07-20 22:09 - 2013-06-19 00:38 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmmbase.dll
2015-07-20 22:09 - 2013-06-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmm.dll
2015-07-20 22:09 - 2013-06-12 01:43 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2015-07-20 22:09 - 2013-06-12 01:26 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2015-07-20 22:09 - 2013-06-06 10:03 - 00119040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2015-07-20 22:07 - 2014-04-30 00:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2015-07-20 22:07 - 2014-04-30 00:32 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2015-07-20 22:07 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-07-20 22:06 - 2015-07-14 22:11 - 00035328 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-20 22:06 - 2015-07-14 22:09 - 00046080 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-20 22:06 - 2015-07-14 21:43 - 00366592 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-20 22:06 - 2015-07-14 21:43 - 00304128 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-20 22:06 - 2014-07-24 15:50 - 00447296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-07-20 22:06 - 2014-07-17 01:28 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2015-07-20 22:06 - 2014-07-17 00:59 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2015-07-20 22:06 - 2014-07-17 00:59 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2015-07-20 22:06 - 2014-07-12 08:45 - 01549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2015-07-20 22:06 - 2014-07-12 06:36 - 00674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2015-07-20 22:06 - 2014-07-12 06:34 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2015-07-20 22:06 - 2014-06-28 08:57 - 01341952 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-07-20 22:06 - 2014-06-28 04:23 - 01126400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-07-20 22:06 - 2014-06-13 01:34 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-20 22:06 - 2014-06-13 01:29 - 02146304 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-20 22:06 - 2014-06-05 19:56 - 00112984 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-07-20 22:06 - 2013-08-10 07:21 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-07-20 22:06 - 2013-08-10 07:21 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncInfo.dll
2015-07-20 22:06 - 2013-08-10 05:58 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-07-20 22:06 - 2013-08-03 08:40 - 01374208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2015-07-20 22:06 - 2013-08-03 08:40 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wvc.dll
2015-07-20 22:06 - 2013-08-03 08:40 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmon.ocx
2015-07-20 22:06 - 2013-08-03 07:14 - 00399360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sysmon.ocx
2015-07-20 22:06 - 2013-08-03 07:13 - 01245696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2015-07-20 22:06 - 2013-08-03 07:13 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wvc.dll
2015-07-20 22:06 - 2013-08-02 08:28 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2015-07-20 22:06 - 2013-08-02 07:08 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2015-07-20 22:06 - 2013-07-25 01:10 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2015-07-20 22:06 - 2013-07-25 01:06 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2015-07-20 22:06 - 2013-03-06 08:29 - 00070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2015-07-20 22:06 - 2013-03-02 12:39 - 00069864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-07-20 22:06 - 2013-03-02 10:23 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncInfo.dll
2015-07-20 22:05 - 2014-05-29 06:04 - 00094552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-07-20 22:05 - 2014-03-01 11:47 - 01258496 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2015-07-20 22:05 - 2014-03-01 11:47 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpedit.dll
2015-07-20 22:05 - 2014-03-01 10:07 - 01075200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpedit.dll
2015-07-20 22:05 - 2014-03-01 08:59 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2015-07-20 22:05 - 2014-02-15 06:15 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2015-07-20 22:05 - 2013-11-26 01:17 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2015-07-20 22:05 - 2013-10-31 07:56 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2015-07-20 22:05 - 2013-10-31 07:56 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2015-07-20 22:05 - 2013-10-31 06:01 - 00550400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2015-07-20 22:05 - 2013-10-31 05:42 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2015-07-20 22:05 - 2013-10-13 22:49 - 00100696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2015-07-20 22:05 - 2013-08-27 07:21 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-07-20 22:05 - 2013-08-27 07:19 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-07-20 22:05 - 2013-08-27 00:29 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-07-20 22:05 - 2013-08-27 00:28 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-07-20 22:05 - 2013-06-29 05:08 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2015-07-20 22:05 - 2013-05-04 06:48 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2015-07-20 22:04 - 2014-11-15 08:06 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-07-20 22:04 - 2014-11-15 07:13 - 03286016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-20 22:04 - 2014-11-15 07:13 - 01623552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-07-20 22:04 - 2014-11-15 07:13 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-20 22:04 - 2014-11-15 07:13 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-07-20 22:04 - 2014-11-15 07:13 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-07-20 22:04 - 2014-11-15 07:13 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-07-20 22:04 - 2014-11-15 07:13 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-07-20 22:04 - 2014-11-15 07:12 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-07-20 22:04 - 2014-11-15 05:54 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-07-20 22:04 - 2014-11-15 05:53 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-20 22:04 - 2014-11-15 05:53 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-07-20 22:04 - 2014-11-15 05:53 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-07-20 22:04 - 2014-11-05 08:40 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-07-20 22:04 - 2014-11-05 08:39 - 01024512 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-07-20 22:04 - 2014-10-29 16:21 - 00499008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2015-07-20 22:04 - 2014-08-28 08:01 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-07-20 22:03 - 2015-04-30 15:44 - 00478296 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-07-20 22:03 - 2015-04-30 15:44 - 00478296 _____ C:\WINDOWS\system32\locale.nls
2015-07-20 22:02 - 2015-06-27 15:55 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-20 22:02 - 2015-06-27 15:46 - 03960320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-20 22:02 - 2015-06-15 17:22 - 13771264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-20 22:02 - 2015-06-15 17:22 - 02056704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-20 22:02 - 2015-06-15 17:22 - 01763328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-20 22:02 - 2015-06-15 17:22 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-20 22:02 - 2015-06-15 17:22 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-20 22:02 - 2015-06-15 17:22 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-20 22:02 - 2015-06-15 17:22 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-20 22:02 - 2015-06-15 17:22 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-20 22:02 - 2015-06-15 17:22 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-07-20 22:02 - 2015-06-15 17:22 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-20 22:02 - 2015-06-15 17:22 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-20 22:02 - 2015-06-15 17:22 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-20 22:02 - 2015-06-15 17:20 - 15415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-20 22:02 - 2015-06-15 17:20 - 02656768 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-20 22:02 - 2015-06-15 17:20 - 02237440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-20 22:02 - 2015-06-15 17:20 - 01409024 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-20 22:02 - 2015-06-15 17:20 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-20 22:02 - 2015-06-15 17:20 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-20 22:02 - 2015-06-15 17:20 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-20 22:02 - 2015-06-15 17:20 - 00601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-20 22:02 - 2015-06-15 17:20 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-07-20 22:02 - 2015-06-15 17:20 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-20 22:02 - 2015-06-15 17:19 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-20 22:02 - 2015-06-15 17:19 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-20 22:02 - 2015-05-28 04:04 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-07-20 22:02 - 2015-05-28 04:03 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2015-07-20 22:02 - 2015-05-28 04:03 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2015-07-20 22:02 - 2015-05-28 04:02 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-20 22:02 - 2015-05-28 04:01 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-07-20 22:02 - 2015-05-28 04:01 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2015-07-20 22:02 - 2015-05-28 04:01 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-07-20 22:02 - 2015-05-28 04:01 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-07-20 22:02 - 2015-05-28 04:01 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-07-20 22:02 - 2015-05-28 02:45 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2015-07-20 22:02 - 2015-05-28 02:44 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-20 22:02 - 2015-05-28 02:43 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-20 22:02 - 2015-05-28 02:43 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2015-07-20 22:02 - 2015-05-28 02:43 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2015-07-20 22:02 - 2015-05-28 02:43 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-07-20 22:02 - 2015-05-28 02:43 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2015-07-20 22:02 - 2015-05-28 02:24 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-07-20 22:02 - 2015-05-28 02:23 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-07-20 22:02 - 2015-05-28 02:22 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
2015-07-20 22:02 - 2015-05-28 02:20 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
2015-07-20 22:02 - 2015-05-28 02:00 - 00441856 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-07-20 22:02 - 2015-05-28 01:55 - 00361984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-07-20 22:02 - 2015-05-28 00:14 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2015-07-20 22:02 - 2014-06-05 03:12 - 00678600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2015-07-20 22:02 - 2014-06-04 01:12 - 00536776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2015-07-20 22:02 - 2013-10-19 07:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2015-07-20 22:02 - 2013-10-19 06:04 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2015-07-20 22:01 - 2015-06-27 18:36 - 00171352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-20 22:01 - 2015-06-27 15:56 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-07-20 22:01 - 2015-06-27 15:55 - 00668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-20 22:01 - 2015-06-27 15:55 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-20 22:01 - 2015-06-27 15:46 - 01314816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-20 22:01 - 2015-06-27 15:46 - 00829952 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-20 22:01 - 2015-06-27 15:46 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-07-20 22:01 - 2015-06-27 15:46 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-20 22:01 - 2015-06-27 15:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-20 22:01 - 2015-06-25 20:29 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-20 22:01 - 2015-06-25 20:27 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-20 22:01 - 2014-06-13 03:57 - 01453400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-07-20 22:01 - 2014-06-13 03:55 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2015-07-20 22:00 - 2015-03-12 07:31 - 01688576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-07-20 21:59 - 2015-01-24 08:42 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-07-20 21:59 - 2015-01-24 07:00 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ubpm.dll
2015-07-20 21:58 - 2013-08-16 07:22 - 04917760 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2015-07-20 21:58 - 2013-03-02 12:57 - 00077544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2015-07-20 21:58 - 2013-03-02 10:23 - 00893952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-07-20 21:58 - 2013-03-02 10:23 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2015-07-20 21:58 - 2013-03-02 10:22 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-07-20 21:58 - 2013-03-02 10:21 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2015-07-20 21:58 - 2013-03-02 10:21 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.cpl
2015-07-20 21:58 - 2013-03-02 10:21 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevDispItemProvider.dll
2015-07-20 21:58 - 2013-03-02 04:45 - 01149952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-07-20 21:58 - 2013-03-02 04:45 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-07-20 21:58 - 2013-03-02 04:45 - 00645120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2015-07-20 21:58 - 2013-03-02 04:45 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2015-07-20 21:58 - 2013-03-02 04:45 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fsquirt.exe
2015-07-20 21:58 - 2013-03-02 04:45 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-07-20 21:58 - 2013-03-02 04:45 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2015-07-20 21:58 - 2013-03-02 04:45 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2015-07-20 21:58 - 2013-03-02 04:45 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDPrintProxy.DLL
2015-07-20 21:58 - 2013-03-02 04:44 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2015-07-20 21:58 - 2013-03-02 04:44 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-07-20 21:58 - 2013-03-02 04:44 - 00150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\discan.dll
2015-07-20 21:58 - 2013-03-02 04:44 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\NdisImPlatform.dll
2015-07-20 21:58 - 2013-03-02 04:44 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevDispItemProvider.dll
2015-07-20 21:58 - 2013-03-02 04:43 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.cpl
2015-07-20 21:58 - 2013-03-02 04:15 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-07-20 21:58 - 2013-03-01 06:56 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2015-07-20 21:58 - 2013-03-01 06:56 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\monitor.sys
2015-07-20 21:58 - 2013-03-01 06:55 - 01175040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-07-20 21:57 - 2014-08-01 01:40 - 01287680 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-07-20 21:57 - 2014-06-18 01:27 - 01440256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2015-07-20 21:57 - 2014-06-18 01:24 - 01557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2015-07-20 21:57 - 2013-08-16 07:41 - 00058200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-07-20 21:57 - 2013-08-16 07:39 - 02371728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2015-07-20 21:57 - 2013-08-16 07:21 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2015-07-20 21:57 - 2013-08-16 07:21 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2015-07-20 21:57 - 2013-08-16 07:21 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2015-07-20 21:57 - 2013-08-16 07:21 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2015-07-20 21:57 - 2013-08-16 07:21 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupcln.dll
2015-07-20 21:57 - 2013-08-16 00:43 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2015-07-20 21:57 - 2013-08-16 00:43 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll
2015-07-20 21:57 - 2013-08-16 00:43 - 00083968 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll
2015-07-20 21:57 - 2013-08-16 00:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2015-07-20 21:57 - 2013-08-16 00:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupcln.dll
2015-07-20 21:51 - 2015-07-02 22:31 - 19291136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-20 21:51 - 2015-07-02 21:15 - 14384640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-20 21:50 - 2015-01-07 06:25 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-20 21:49 - 2014-09-03 04:48 - 00510464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2015-07-20 21:49 - 2014-09-03 04:21 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2015-07-20 21:48 - 2015-03-17 09:00 - 06971712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-07-20 21:48 - 2015-03-17 08:52 - 01822696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-07-20 21:48 - 2015-03-17 06:45 - 01409496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-07-20 21:48 - 2015-02-24 09:58 - 00861696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-07-20 21:48 - 2013-07-06 00:02 - 00121984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBAUDIO.sys
2015-07-20 21:48 - 2013-07-06 00:02 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbcir.sys
2015-07-20 21:48 - 2013-07-06 00:01 - 00210560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2015-07-20 21:48 - 2013-06-22 07:45 - 00785624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2015-07-20 21:48 - 2013-06-22 07:45 - 00054488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfLdr.sys
2015-07-20 21:47 - 2014-10-09 05:59 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2015-07-20 21:47 - 2014-10-09 05:59 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2015-07-20 21:47 - 2014-10-09 05:58 - 00458240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2015-07-20 21:47 - 2014-09-22 07:38 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-07-20 21:47 - 2014-09-22 05:56 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-07-20 21:47 - 2013-07-02 00:14 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys
2015-07-20 21:46 - 2015-06-17 16:13 - 01150264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-20 21:46 - 2015-06-17 15:44 - 01567560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-20 21:46 - 2015-04-21 15:53 - 01174528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-07-20 21:46 - 2015-04-13 07:30 - 01839616 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-07-20 21:46 - 2015-04-13 07:30 - 01280512 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-07-20 21:46 - 2015-04-13 06:05 - 01416192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-07-20 21:46 - 2015-03-27 10:07 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2015-07-20 21:46 - 2015-01-29 10:05 - 01627648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-07-20 21:46 - 2015-01-29 08:19 - 01339392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-07-20 21:46 - 2014-09-13 08:24 - 02233152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-07-20 21:46 - 2014-09-03 04:48 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2015-07-20 21:46 - 2014-09-03 04:22 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2015-07-20 21:46 - 2014-08-29 06:17 - 02043392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2015-07-20 21:46 - 2014-08-29 06:17 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2015-07-20 21:46 - 2014-08-29 06:04 - 02837504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2015-07-20 21:46 - 2014-08-29 06:04 - 00309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2015-07-20 21:46 - 2014-08-28 08:04 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSCOMEX.dll
2015-07-20 21:46 - 2014-08-28 08:04 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
2015-07-20 21:46 - 2014-08-28 07:59 - 00616448 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2015-07-20 21:46 - 2014-08-28 07:59 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2015-07-20 21:46 - 2014-08-28 07:59 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSTIFF.dll
2015-07-20 21:46 - 2014-08-28 07:59 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXST30.dll
2015-07-20 21:46 - 2014-07-24 15:12 - 00328512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2015-07-20 21:46 - 2014-07-07 07:53 - 01125376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2015-07-20 21:46 - 2014-07-07 07:52 - 00724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2015-07-20 21:46 - 2014-07-07 07:52 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsta.dll
2015-07-20 21:46 - 2014-07-07 07:51 - 05982208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-07-20 21:46 - 2014-07-07 06:01 - 01049600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2015-07-20 21:46 - 2014-07-07 06:01 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winsta.dll
2015-07-20 21:46 - 2014-07-07 06:00 - 05095424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-07-20 21:46 - 2014-07-07 05:59 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aaclient.dll
2015-07-20 21:44 - 2015-04-13 07:32 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-07-20 21:44 - 2015-01-31 15:48 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-07-20 21:44 - 2015-01-31 07:55 - 00275712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-07-20 21:44 - 2014-12-11 08:51 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-07-20 21:43 - 2015-05-09 01:39 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2015-07-20 21:43 - 2015-05-08 22:05 - 00668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2015-07-20 21:43 - 2014-12-08 08:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-07-20 21:43 - 2014-12-08 07:04 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-07-20 21:43 - 2014-07-24 05:33 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2015-07-20 21:43 - 2014-07-24 05:33 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-07-20 21:42 - 2015-06-15 17:22 - 08858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-07-20 21:42 - 2015-06-15 17:22 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-20 21:42 - 2015-06-15 17:22 - 02037760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-20 21:42 - 2015-06-15 17:22 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-20 21:42 - 2015-06-15 17:21 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-20 21:42 - 2015-06-15 17:20 - 10116608 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-07-20 21:42 - 2015-06-15 17:20 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-20 21:42 - 2015-06-15 17:19 - 02307072 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-20 21:42 - 2015-06-09 15:57 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-07-20 21:42 - 2015-03-14 10:07 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-07-20 21:42 - 2015-03-14 08:33 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-07-20 21:42 - 2015-03-04 09:29 - 00361280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-07-20 21:42 - 2015-03-04 08:39 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-07-20 21:42 - 2015-03-04 06:52 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-07-20 21:42 - 2015-01-24 06:31 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-07-20 21:42 - 2014-12-06 09:52 - 00384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-07-20 21:42 - 2014-12-06 09:52 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-07-20 21:42 - 2014-12-06 09:52 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-07-20 21:42 - 2014-12-06 08:09 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-07-20 21:42 - 2014-10-11 09:44 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2015-07-20 21:42 - 2014-10-11 07:57 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2015-07-20 21:42 - 2014-06-03 00:33 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-07-20 21:42 - 2013-04-24 01:13 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2015-07-20 21:42 - 2013-04-24 01:12 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptnet.dll
2015-07-20 21:42 - 2013-04-24 00:56 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2015-07-20 21:42 - 2013-04-24 00:55 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptnet.dll
2015-07-20 21:40 - 2013-03-02 10:23 - 00375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2015-07-20 21:40 - 2013-03-02 04:44 - 01011200 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-07-20 21:40 - 2012-12-15 06:55 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-07-20 21:39 - 2013-07-02 03:41 - 00337752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-07-20 21:39 - 2013-07-02 03:41 - 00213336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
2015-07-20 21:39 - 2013-07-01 03:42 - 00623448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-07-20 21:39 - 2013-07-01 03:42 - 00498008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2015-07-20 21:39 - 2013-07-01 03:42 - 00079192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2015-07-20 21:39 - 2013-07-01 03:42 - 00021848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2015-07-20 21:39 - 2013-06-29 05:07 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2015-07-20 21:39 - 2013-06-29 05:06 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2015-07-20 21:36 - 2013-04-09 07:33 - 00489576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-07-20 21:36 - 2013-04-09 07:33 - 00446792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-07-20 21:36 - 2013-04-09 07:33 - 00253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-07-20 21:36 - 2013-04-09 07:20 - 00306952 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_10ec.dll
2015-07-20 21:36 - 2013-04-09 07:20 - 00086280 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2015-07-20 21:36 - 2013-04-09 07:18 - 00077960 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdvm.dll
2015-07-20 21:36 - 2013-04-09 06:52 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-07-20 21:36 - 2013-04-09 06:52 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2015-07-20 21:36 - 2013-04-09 06:52 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-07-20 21:36 - 2013-04-09 06:52 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2015-07-20 21:36 - 2013-04-09 06:51 - 14267904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2015-07-20 21:36 - 2013-04-09 06:51 - 03552768 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-07-20 21:36 - 2013-04-09 06:51 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2015-07-20 21:36 - 2013-04-09 06:51 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-07-20 21:36 - 2013-04-09 06:51 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2015-07-20 21:36 - 2013-04-09 06:51 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2015-07-20 21:36 - 2013-04-09 06:50 - 02107904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-07-20 21:36 - 2013-04-09 06:50 - 00745984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-07-20 21:36 - 2013-04-09 06:50 - 00435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-07-20 21:36 - 2013-04-09 06:50 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenuineCenter.dll
2015-07-20 21:36 - 2013-04-09 06:50 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-07-20 21:36 - 2013-04-09 06:50 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2015-07-20 21:36 - 2013-04-09 06:50 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msshooks.dll
2015-07-20 21:36 - 2013-04-09 06:49 - 01444864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2015-07-20 21:36 - 2013-04-09 06:49 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-07-20 21:36 - 2013-04-09 06:49 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2015-07-20 21:36 - 2013-04-09 06:49 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhengine.dll
2015-07-20 21:36 - 2013-04-09 06:49 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2015-07-20 21:36 - 2013-04-09 06:49 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2015-07-20 21:36 - 2013-04-09 06:49 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2015-07-20 21:36 - 2013-04-09 06:49 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fmifs.dll
2015-07-20 21:36 - 2013-04-09 04:34 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-07-20 21:36 - 2013-04-09 04:33 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-07-20 21:36 - 2013-04-09 04:32 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2015-07-20 21:36 - 2013-04-09 04:31 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-07-20 21:36 - 2013-04-09 01:44 - 00123880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2015-07-20 21:36 - 2013-04-09 01:37 - 00426024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-07-20 21:36 - 2013-04-09 01:37 - 00324368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-07-20 21:36 - 2013-04-08 23:52 - 11878912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2015-07-20 21:36 - 2013-04-08 23:52 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-07-20 21:36 - 2013-04-08 23:52 - 00302592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-07-20 21:36 - 2013-04-08 23:52 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2015-07-20 21:36 - 2013-04-08 23:51 - 02767360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-07-20 21:36 - 2013-04-08 23:51 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-07-20 21:36 - 2013-04-08 23:51 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2015-07-20 21:36 - 2013-04-08 23:51 - 00659456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-07-20 21:36 - 2013-04-08 23:51 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2015-07-20 21:36 - 2013-04-08 23:51 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-07-20 21:36 - 2013-04-08 23:51 - 00361984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-07-20 21:36 - 2013-04-08 23:51 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2015-07-20 21:36 - 2013-04-08 23:51 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssphtb.dll
2015-07-20 21:36 - 2013-04-08 23:51 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2015-07-20 21:36 - 2013-04-08 23:51 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fmifs.dll
2015-07-20 21:36 - 2013-04-08 23:51 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2015-07-20 21:36 - 2013-04-08 23:51 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msshooks.dll
2015-07-20 21:36 - 2013-04-05 01:30 - 00503080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-07-20 21:36 - 2013-03-16 00:05 - 00298456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2015-07-20 21:36 - 2013-03-16 00:05 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2015-07-20 21:36 - 2013-02-02 10:40 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsRasterService.dll
2015-07-20 21:36 - 2013-02-02 10:23 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsRasterService.dll
2015-07-20 21:30 - 2015-06-11 22:29 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-20 21:30 - 2015-06-11 18:27 - 01024000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-20 21:28 - 2013-05-04 06:57 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2015-07-20 21:28 - 2013-05-04 06:57 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netplwiz.dll
2015-07-20 21:28 - 2013-05-04 06:56 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2015-07-20 21:28 - 2013-05-04 06:56 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BCP47Langs.dll
2015-07-20 21:28 - 2013-05-04 06:56 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\biwinrt.dll
2015-07-20 21:27 - 2013-05-04 06:58 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2015-07-20 21:27 - 2013-05-04 06:57 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netprofm.dll
2015-07-20 21:27 - 2013-05-04 06:57 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2015-07-20 21:27 - 2013-05-04 06:57 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\muifontsetup.dll
2015-07-20 21:27 - 2013-05-04 06:56 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-07-20 21:27 - 2013-05-04 06:55 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2015-07-20 21:27 - 2013-05-04 06:10 - 00014848 _____ (Microsoft) C:\WINDOWS\SysWOW64\rars.rs
2015-07-20 21:27 - 2013-02-02 10:39 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlmproxy.dll
2015-07-20 21:27 - 2013-02-02 10:39 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlmsprep.dll
2015-07-20 21:26 - 2013-05-15 04:25 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2015-07-20 21:26 - 2013-05-15 04:25 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-07-20 21:26 - 2013-05-15 04:24 - 00793088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2015-07-20 21:26 - 2013-05-15 04:24 - 00482816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2015-07-20 21:26 - 2013-05-04 09:58 - 00120736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2015-07-20 21:26 - 2013-05-04 08:59 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2015-07-20 21:26 - 2013-05-04 08:58 - 01332736 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-07-20 21:26 - 2013-05-04 08:58 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2015-07-20 21:26 - 2013-05-04 08:58 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2015-07-20 21:26 - 2013-05-04 08:58 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2015-07-20 21:26 - 2013-05-04 08:58 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2015-07-20 21:26 - 2013-05-04 08:58 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-07-20 21:26 - 2013-05-04 08:57 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-07-20 21:26 - 2013-05-04 08:57 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-07-20 21:26 - 2013-05-04 08:57 - 00560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-07-20 21:26 - 2013-05-04 08:57 - 00501760 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2015-07-20 21:26 - 2013-05-04 08:57 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\BCP47Langs.dll
2015-07-20 21:26 - 2013-05-04 08:57 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-07-20 21:26 - 2013-05-04 08:57 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\biwinrt.dll
2015-07-20 21:26 - 2013-05-04 08:57 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\muifontsetup.dll
2015-07-20 21:26 - 2013-05-04 08:56 - 00419840 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2015-07-20 21:26 - 2013-05-04 06:51 - 00014848 _____ (Microsoft) C:\WINDOWS\system32\rars.rs
2015-07-20 21:26 - 2013-05-04 06:47 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2015-07-20 21:26 - 2013-03-02 04:45 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhost.exe
2015-07-20 21:26 - 2013-03-02 04:45 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostex.exe
2015-07-20 21:25 - 2014-12-06 09:53 - 00458240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-07-20 21:25 - 2014-12-06 09:53 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-07-20 21:25 - 2014-12-06 09:51 - 00370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-07-20 21:25 - 2014-12-06 09:51 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-07-20 21:25 - 2014-12-06 09:50 - 00783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-20 21:25 - 2014-12-06 08:10 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-07-20 21:25 - 2014-12-06 08:10 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-07-20 21:25 - 2014-12-06 08:09 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-07-20 21:25 - 2014-10-03 03:21 - 00522728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-07-20 21:25 - 2014-10-03 00:29 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-20 21:25 - 2013-07-09 08:18 - 00439488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-07-20 21:25 - 2013-07-09 06:25 - 00385768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-07-20 21:23 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2015-07-20 21:23 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2015-07-20 21:23 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2015-07-20 21:23 - 2013-02-02 10:40 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlroamextension.dll
2015-07-20 21:23 - 2013-02-02 10:40 - 00370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-07-20 21:23 - 2013-02-02 10:40 - 00197632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2015-07-20 21:23 - 2013-02-02 10:40 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tasklist.exe
2015-07-20 21:23 - 2013-02-02 10:40 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskkill.exe
2015-07-20 21:23 - 2013-02-02 10:38 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\duser.dll
2015-07-20 21:23 - 2013-02-02 10:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskkill.exe
2015-07-20 21:23 - 2013-02-02 10:24 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\tasklist.exe
2015-07-20 21:23 - 2013-02-02 10:23 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
2015-07-20 21:23 - 2013-02-02 10:23 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlroamextension.dll
2015-07-20 21:23 - 2013-02-02 10:23 - 00475136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-07-20 21:23 - 2013-02-02 10:23 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2015-07-20 21:23 - 2013-02-02 10:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2015-07-20 21:23 - 2013-02-02 10:20 - 00729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2015-07-20 21:23 - 2013-02-02 10:20 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\system32\hotspotauth.dll
2015-07-20 21:23 - 2013-02-02 09:25 - 00297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2015-07-20 21:22 - 2013-07-13 08:18 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2015-07-20 21:22 - 2013-07-13 08:16 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2015-07-20 21:22 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2015-07-20 21:22 - 2013-07-13 08:15 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2015-07-20 21:21 - 2013-02-12 02:17 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-07-20 21:21 - 2013-02-02 07:41 - 01437184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-07-20 21:21 - 2013-02-02 07:31 - 01690624 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-07-20 21:19 - 2013-10-10 11:32 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2015-07-20 21:19 - 2013-10-10 11:30 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2015-07-20 21:19 - 2013-10-10 11:30 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2015-07-20 21:19 - 2013-10-10 11:24 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2015-07-20 21:19 - 2013-10-10 11:23 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2015-07-20 21:19 - 2013-10-10 11:22 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2015-07-20 21:19 - 2013-10-10 11:22 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2015-07-20 21:16 - 2014-12-18 10:51 - 00096576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2015-07-20 21:16 - 2014-12-18 08:52 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-07-20 21:16 - 2014-12-18 08:51 - 01160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-07-20 21:16 - 2014-12-18 08:50 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-07-20 21:16 - 2014-12-18 08:20 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-07-20 21:16 - 2013-06-10 21:15 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-07-20 21:16 - 2013-06-10 21:10 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-07-20 21:15 - 2015-07-20 21:15 - 00000000 ____D C:\Users\Baris\AppData\Roaming\LolClient
2015-07-20 21:14 - 2014-11-26 08:43 - 00778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-07-20 21:14 - 2014-11-26 06:50 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-07-20 21:14 - 2014-03-11 02:41 - 00559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll
2015-07-20 21:14 - 2014-03-11 02:41 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dimsroam.dll
2015-07-20 21:14 - 2014-03-11 02:38 - 00684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll
2015-07-20 21:14 - 2014-03-11 02:38 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-07-20 21:14 - 2014-03-11 02:38 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dimsroam.dll
2015-07-20 21:12 - 2014-10-30 09:20 - 01890816 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-07-20 21:12 - 2014-10-30 07:22 - 01569792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-07-20 21:11 - 2013-12-05 01:43 - 00583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2015-07-20 21:11 - 2013-12-05 01:37 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll
2015-07-20 21:10 - 2015-07-22 21:55 - 00000000 ____D C:\Users\Baris\AppData\Roaming\TS3Client
2015-07-20 21:10 - 2015-07-20 21:10 - 00000978 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2015-07-20 21:10 - 2015-07-20 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-07-20 21:10 - 2015-07-20 21:10 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2015-07-20 21:09 - 2015-07-20 21:09 - 30014480 _____ (TeamSpeak Systems GmbH) C:\Users\Baris\Downloads\TeamSpeak3-Client-win64-3.0.16.exe
2015-07-20 21:08 - 2015-07-23 00:08 - 00215422 _____ C:\Users\Public\CAFADEBUG.log
2015-07-20 20:51 - 2015-07-20 20:51 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-20 20:51 - 2015-07-20 20:51 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-20 20:47 - 2015-07-20 20:47 - 00000000 ____D C:\sources
2015-07-20 20:39 - 2015-07-20 20:41 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-20 20:39 - 2015-07-03 08:43 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-07-20 19:53 - 2014-06-11 00:44 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-07-20 19:53 - 2014-06-11 00:43 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-07-20 19:40 - 2013-11-20 02:15 - 03842560 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2015-07-20 19:40 - 2013-11-20 01:57 - 03288576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2015-07-20 19:31 - 2015-03-12 07:31 - 02048000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-07-20 19:31 - 2015-03-12 07:31 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPDShServiceObj.dll
2015-07-20 19:31 - 2015-03-12 05:52 - 01933312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-07-20 19:26 - 2015-06-29 18:18 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-07-20 19:26 - 2015-06-29 15:28 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-07-20 19:26 - 2015-06-29 15:27 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-07-20 19:26 - 2015-06-29 15:27 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-07-20 19:26 - 2015-06-29 15:27 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-07-20 19:26 - 2015-06-29 15:27 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-07-20 19:26 - 2015-06-29 15:27 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-07-20 19:26 - 2015-06-26 15:07 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-07-20 19:26 - 2015-05-22 22:44 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-07-20 19:26 - 2015-05-07 15:05 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-20 19:26 - 2015-03-04 08:41 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-07-20 19:26 - 2015-03-04 08:39 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-20 19:26 - 2015-03-04 08:39 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\aelupsvc.dll
2015-07-20 19:26 - 2015-03-04 06:53 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-07-20 19:26 - 2015-03-04 06:52 - 00676864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2015-07-20 19:26 - 2014-12-19 06:35 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-07-20 19:26 - 2014-05-30 00:24 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-07-20 19:26 - 2013-08-23 09:22 - 02062848 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2015-07-20 19:26 - 2013-08-23 03:44 - 01711616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2015-07-20 19:26 - 2013-03-22 05:49 - 02382336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-07-20 19:26 - 2013-03-22 00:47 - 02851840 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-07-20 19:21 - 2015-05-02 08:28 - 00100184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2015-07-20 19:21 - 2015-05-02 05:59 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-07-20 19:21 - 2015-05-02 05:36 - 00413696 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-07-20 19:21 - 2015-04-14 00:09 - 00570248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-07-20 19:21 - 2015-01-15 13:44 - 01043968 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2015-07-20 19:21 - 2015-01-15 13:43 - 01282560 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-20 19:21 - 2015-01-15 12:00 - 00961536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2015-07-20 19:21 - 2015-01-15 11:38 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-07-20 19:21 - 2015-01-15 11:09 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-07-20 19:21 - 2014-09-25 01:29 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2015-07-20 19:21 - 2014-09-25 01:01 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-07-20 19:21 - 2014-06-06 16:06 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2015-07-20 19:21 - 2014-06-06 12:17 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2015-07-20 19:21 - 2014-03-11 02:39 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2015-07-20 19:21 - 2014-03-11 02:38 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2015-07-20 19:21 - 2014-03-11 02:38 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2015-07-20 19:21 - 2014-03-10 03:27 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2015-07-20 19:21 - 2013-04-03 01:37 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdlg.dll
2015-07-20 19:21 - 2013-04-03 01:12 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdlg.dll
2015-07-20 19:20 - 2015-06-25 03:54 - 04064768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-20 19:20 - 2015-01-24 08:43 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-07-20 19:20 - 2015-01-24 07:00 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-07-20 19:19 - 2015-02-18 09:39 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2015-07-20 19:19 - 2015-02-18 09:38 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssdisai.dll
2015-07-20 19:19 - 2014-11-08 13:22 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-07-20 19:19 - 2014-11-08 08:57 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-07-20 19:19 - 2014-10-11 07:41 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-07-20 19:19 - 2014-10-11 07:05 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-07-20 19:19 - 2014-08-22 01:56 - 01418752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-07-20 19:19 - 2014-08-22 01:27 - 01845760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-07-20 19:19 - 2014-05-30 01:02 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-07-20 19:19 - 2014-04-12 11:10 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-07-20 19:19 - 2014-04-12 11:09 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
2015-07-20 19:19 - 2014-04-12 11:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2015-07-20 19:19 - 2014-04-12 11:07 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2015-07-20 19:19 - 2014-04-12 09:23 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdigest.dll
2015-07-20 19:19 - 2014-04-12 09:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2015-07-20 19:19 - 2014-04-12 09:22 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2015-07-20 19:19 - 2014-04-12 08:58 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\workerdd.dll
2015-07-20 19:19 - 2013-09-28 05:35 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2015-07-20 19:19 - 2013-03-02 11:59 - 00411880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-07-20 19:19 - 2012-11-10 06:23 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2015-07-20 19:19 - 2012-11-10 06:22 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDWebAI.dll
2015-07-20 19:19 - 2012-11-10 06:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmHostAI.dll
2015-07-20 19:19 - 2012-11-10 06:20 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appserverai.dll
2015-07-20 19:18 - 2015-04-25 05:41 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-07-20 19:18 - 2015-04-25 01:13 - 00652288 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-07-20 19:18 - 2015-04-06 07:36 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-07-20 19:18 - 2015-04-06 06:08 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-07-20 19:18 - 2015-02-17 08:54 - 19777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-07-20 19:18 - 2015-02-17 07:13 - 17561600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-07-20 19:18 - 2014-12-19 08:48 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-07-20 19:18 - 2014-10-23 14:47 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2015-07-20 19:18 - 2014-10-23 13:04 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2015-07-20 19:18 - 2013-11-01 07:38 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2015-07-20 19:18 - 2013-11-01 05:49 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2015-07-20 18:40 - 2013-08-16 07:21 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-07-20 18:40 - 2013-08-16 07:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-07-20 18:40 - 2013-08-16 00:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-07-20 18:11 - 2015-07-20 18:11 - 00000000 ____D C:\ProgramData\Riot Games
2015-07-20 18:09 - 2015-07-23 19:24 - 00000000 ____D C:\Users\Baris\AppData\Roaming\Nitro PDF
2015-07-20 18:09 - 2015-07-20 18:09 - 00000000 ____D C:\Users\Baris\AppData\Local\LSC
2015-07-20 18:07 - 2015-07-20 21:17 - 00000000 ____D C:\Users\Baris\AppData\Roaming\LSC
2015-07-20 18:07 - 2015-07-20 18:07 - 00000000 ____D C:\Users\Baris\AppData\Local\Adobe
2015-07-20 18:06 - 2015-07-20 18:06 - 00001613 _____ C:\Users\Public\Desktop\League of Legends.lnk
2015-07-20 18:06 - 2015-07-20 18:06 - 00000000 ____D C:\Riot Games
2015-07-20 18:06 - 2015-07-20 18:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2015-07-20 18:06 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2015-07-20 18:06 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2015-07-20 18:06 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2015-07-20 18:06 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2015-07-20 18:06 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2015-07-20 18:04 - 2015-07-20 18:07 - 00000000 ____D C:\Users\Baris\AppData\Roaming\Riot Games
2015-07-20 18:02 - 2015-07-20 18:29 - 00000000 ____D C:\Users\Baris\AppData\Local\CrashDumps
2015-07-20 18:02 - 2015-07-20 18:02 - 00000000 ____D C:\Users\Baris\AppData\Roaming\ATI
2015-07-20 18:02 - 2015-07-20 18:02 - 00000000 ____D C:\Users\Baris\AppData\Local\ATI
2015-07-20 18:02 - 2015-07-20 18:02 - 00000000 ____D C:\ProgramData\ATI
2015-07-20 18:01 - 2015-07-20 18:01 - 00000000 ____D C:\Users\Baris\AppData\Roaming\Intel Corporation
2015-07-20 18:00 - 2015-07-23 19:24 - 00000000 ____D C:\Users\Baris\Documents\Bluetooth Folder
2015-07-20 18:00 - 2015-07-20 18:00 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2015-07-20 18:00 - 2015-07-20 18:00 - 00000000 ____D C:\Users\Baris\AppData\Roaming\Lenovo
2015-07-20 18:00 - 2015-07-20 18:00 - 00000000 ____D C:\Users\Baris\AppData\Roaming\Atheros
2015-07-20 18:00 - 2015-07-20 18:00 - 00000000 ____D C:\Users\Baris\AppData\Local\BMExplorer
2015-07-20 17:59 - 2015-07-20 18:06 - 00000000 ____D C:\Users\Baris\AppData\Roaming\Adobe
2015-07-20 17:59 - 2015-07-20 17:59 - 00001453 _____ C:\Users\Baris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-20 17:59 - 2015-07-20 17:59 - 00000139 _____ C:\Users\Public\Desktop\eBay.url
2015-07-20 17:59 - 2015-07-20 17:59 - 00000000 ____D C:\Users\Baris\AppData\Local\VirtualStore
2015-07-20 17:59 - 2015-07-20 17:59 - 00000000 ____D C:\ProgramData\eBay
2015-07-20 17:58 - 2015-07-23 19:34 - 00000000 ____D C:\Users\Baris
2015-07-20 17:58 - 2015-07-20 18:08 - 00000000 ____D C:\Users\Baris\AppData\Local\Packages
2015-07-20 17:58 - 2015-07-20 17:58 - 00000020 ___SH C:\Users\Baris\ntuser.ini
2015-07-20 17:58 - 2015-07-20 17:58 - 00000000 _SHDL C:\Users\Baris\Vorlagen
2015-07-20 17:58 - 2015-07-20 17:58 - 00000000 _SHDL C:\Users\Baris\Startmenü
2015-07-20 17:58 - 2015-07-20 17:58 - 00000000 _SHDL C:\Users\Baris\Netzwerkumgebung
2015-07-20 17:58 - 2015-07-20 17:58 - 00000000 _SHDL C:\Users\Baris\Lokale Einstellungen
2015-07-20 17:58 - 2015-07-20 17:58 - 00000000 _SHDL C:\Users\Baris\Eigene Dateien
2015-07-20 17:58 - 2015-07-20 17:58 - 00000000 _SHDL C:\Users\Baris\Druckumgebung
2015-07-20 17:58 - 2015-07-20 17:58 - 00000000 _SHDL C:\Users\Baris\Documents\Eigene Musik
2015-07-20 17:58 - 2015-07-20 17:58 - 00000000 _SHDL C:\Users\Baris\Documents\Eigene Bilder
2015-07-20 17:58 - 2015-07-20 17:58 - 00000000 _SHDL C:\Users\Baris\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-07-20 17:58 - 2015-07-20 17:58 - 00000000 _SHDL C:\Users\Baris\AppData\Local\Verlauf
2015-07-20 17:58 - 2015-07-20 17:58 - 00000000 _SHDL C:\Users\Baris\AppData\Local\Anwendungsdaten
2015-07-20 17:58 - 2015-07-20 17:58 - 00000000 _SHDL C:\Users\Baris\Anwendungsdaten
2015-07-20 17:58 - 2015-05-12 13:47 - 00001133 _____ C:\Users\Baris\Desktop\Cyberlink Power2Go.lnk
2015-07-20 17:58 - 2015-05-12 13:47 - 00000000 ____D C:\Users\Baris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-07-20 17:58 - 2015-05-12 13:43 - 00000000 ____D C:\Users\Baris\AppData\Roaming\Macromedia
2015-07-20 17:58 - 2013-02-05 00:18 - 00000189 _____ C:\Users\Baris\Desktop\Lenovo Telephony Start Now.url
2015-07-20 17:58 - 2012-07-26 10:13 - 00000000 ___RD C:\Users\Baris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-20 17:58 - 2012-07-26 10:13 - 00000000 ___RD C:\Users\Baris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-20 17:58 - 2012-07-26 10:13 - 00000000 ___RD C:\Users\Baris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-07-20 17:58 - 2012-07-26 10:13 - 00000000 ____D C:\Users\Baris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-20 17:56 - 2015-07-20 17:56 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2015-07-20 17:56 - 2015-07-20 17:56 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2015-07-20 17:56 - 2015-07-20 17:56 - 00000000 _SHDL C:\Users\Default\Vorlagen
2015-07-20 17:56 - 2015-07-20 17:56 - 00000000 _SHDL C:\Users\Default\Startmenü
2015-07-20 17:56 - 2015-07-20 17:56 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2015-07-20 17:56 - 2015-07-20 17:56 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2015-07-20 17:56 - 2015-07-20 17:56 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2015-07-20 17:56 - 2015-07-20 17:56 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2015-07-20 17:56 - 2015-07-20 17:56 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2015-07-20 17:56 - 2015-07-20 17:56 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2015-07-20 17:56 - 2015-07-20 17:56 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-07-20 17:56 - 2015-07-20 17:56 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2015-07-20 17:56 - 2015-07-20 17:56 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2015-07-20 17:56 - 2015-07-20 17:56 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2015-07-20 17:56 - 2015-07-20 17:56 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2015-07-20 17:56 - 2015-07-20 17:56 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2015-07-20 17:56 - 2015-07-20 17:56 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-07-20 17:56 - 2015-07-20 17:56 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2015-07-20 17:56 - 2015-07-20 17:56 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2015-07-20 17:56 - 2015-07-20 17:56 - 00000000 _SHDL C:\Programme
2015-07-20 17:56 - 2015-07-20 17:56 - 00000000 _SHDL C:\ProgramData\Vorlagen
2015-07-20 17:56 - 2015-07-20 17:56 - 00000000 _SHDL C:\ProgramData\Startmenü
2015-07-20 17:56 - 2015-07-20 17:56 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-07-20 17:56 - 2015-07-20 17:56 - 00000000 _SHDL C:\ProgramData\Dokumente
2015-07-20 17:56 - 2015-07-20 17:56 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2015-07-20 17:56 - 2015-07-20 17:56 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2015-07-20 17:56 - 2015-07-20 17:56 - 00000000 _SHDL C:\Dokumente und Einstellungen

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-23 19:38 - 2015-05-12 13:16 - 01142838 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-23 19:20 - 2015-05-12 23:06 - 00754172 _____ C:\WINDOWS\system32\perfh007.dat
2015-07-23 19:20 - 2015-05-12 23:06 - 00156362 _____ C:\WINDOWS\system32\perfc007.dat
2015-07-23 19:20 - 2012-07-26 09:28 - 01748838 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-23 19:19 - 2015-05-12 13:49 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-07-23 19:13 - 2013-03-25 23:02 - 00010460 _____ C:\WINDOWS\PFRO.log
2015-07-23 19:13 - 2012-07-26 09:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-23 19:00 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-23 18:01 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-23 17:11 - 2015-05-12 13:49 - 00000000 ____D C:\Program Files\Common Files\mcafee
2015-07-23 17:10 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\WinStore
2015-07-23 17:10 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-07-23 17:09 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-07-23 17:09 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-07-23 17:09 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-07-23 17:09 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-07-23 17:08 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-23 17:08 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-23 17:08 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2015-07-23 17:08 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-07-23 17:06 - 2012-07-26 10:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-23 17:06 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-07-23 17:05 - 2012-07-26 10:12 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-23 17:05 - 2012-07-26 09:52 - 00000000 ____D C:\Program Files\Windows Journal
2015-07-23 17:04 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-07-23 17:04 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-07-23 17:04 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-07-23 17:04 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-07-22 19:42 - 2015-05-12 13:49 - 00000000 ____D C:\ProgramData\McAfee
2015-07-21 19:40 - 2012-07-26 10:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-07-21 19:33 - 2015-05-12 13:50 - 00001855 _____ C:\Users\Public\Desktop\McAfee Internet Security.lnk
2015-07-21 19:28 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2015-07-21 16:45 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\AppCompat
2015-07-20 22:46 - 2012-07-26 09:21 - 00023992 _____ C:\WINDOWS\setupact.log
2015-07-20 21:02 - 2012-07-26 07:26 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-20 21:01 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\rescache
2015-07-20 20:58 - 2012-07-26 07:37 - 00000000 ____D C:\WINDOWS\servicing
2015-07-20 20:52 - 2012-07-26 07:26 - 00008192 ___SH C:\WINDOWS\system32\config\BBI
2015-07-20 20:49 - 2012-07-26 10:12 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-07-20 20:49 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-07-20 20:49 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-07-20 20:49 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2015-07-20 20:49 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\migwiz
2015-07-20 20:49 - 2012-07-26 09:51 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2015-07-20 20:49 - 2012-07-26 09:51 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2015-07-20 20:49 - 2012-07-26 09:51 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2015-07-20 20:49 - 2012-07-26 09:51 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2015-07-20 20:49 - 2012-07-26 09:51 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2015-07-20 20:49 - 2012-07-26 09:51 - 00000000 ____D C:\WINDOWS\system32\winrm
2015-07-20 20:49 - 2012-07-26 09:51 - 00000000 ____D C:\WINDOWS\system32\slmgr
2015-07-20 20:49 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-07-20 20:49 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-07-20 20:47 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-07-20 20:47 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-07-20 20:47 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\Com
2015-07-20 20:47 - 2012-07-26 09:51 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-07-20 20:47 - 2012-07-26 09:51 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2015-07-20 18:00 - 2015-05-12 14:01 - 00000000 ____D C:\ProgramData\Atheros
2015-07-20 17:59 - 2015-05-13 00:01 - 00071517 _____ C:\WINDOWS\modules.log
2015-07-20 17:56 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows NT
2015-07-20 17:56 - 2012-07-26 07:37 - 00000000 ___HD C:\Users\Default

==================== Files in the root of some directories =======

2015-05-12 13:26 - 2015-05-12 13:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-05-12 13:51 - 2015-05-12 13:51 - 0000198 ____H () C:\ProgramData\Lenovo-32138.vbs
2015-05-12 13:51 - 2015-05-12 13:51 - 0000198 ____H () C:\ProgramData\Lenovo-32164.vbs

Files to move or delete:
====================
C:\ProgramData\Lenovo-32138.vbs
C:\ProgramData\Lenovo-32164.vbs


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-03-25 23:02

==================== End of log ============================

bkeskin 23.07.2015 19:09
Hier ist das Addition.txt. File

[CODE]Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Baris at 2015-07-23 19:40:24
Running from C:\Users\Baris\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2752069299-2962197746-3765214069-500 - Administrator - Disabled)
Baris (S-1-5-21-2752069299-2962197746-3765214069-1001 - Administrator - Enabled) => C:\Users\Baris
Gast (S-1-5-21-2752069299-2962197746-3765214069-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2752069299-2962197746-3765214069-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{EC394F5E-3BC1-1AC9-820E-B37B76266456}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Benutzerhandbuch (x32 Version: 1.0.0.9 - Lenovo) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.49.0 - Conexant)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2963 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Jazz-Plugin (HKLM-x32\...\{1C92BD87-DC1B-4C4E-BFB4-2C79E88FA752}) (Version: 1.4 - Jazz-Soft)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.13.301.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.14.1 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{B8908ABE-8AAE-41FD-A367-391CD492981B}) (Version: 2.0.018.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 14.0.1076 - McAfee, Inc.)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Ihr Firmenname)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
PowerXpressHybrid (x32 Version: 1.00.0000 - Ihr Firmenname) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.12 - Qualcomm Atheros Communications Inc.)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39041 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

20-07-2015 18:04:48 Microsoft Visual C++ 2005 Redistributable (x64) wird installiert

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {084EE2C2-AA48-4984-9573-B2C6AD8FEBDA} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {22FB5694-B16C-46D6-9756-B381223A91DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-20] (Google Inc.)
Task: {25E61BE2-DC0F-4046-98BF-76B6EB1F47CE} - System32\Tasks\Lenovo\Lenovo-32138 => C:\ProgramData\Lenovo-32138.vbs [2015-05-12] ()
Task: {2618D2D2-B826-47D8-969D-E832E0CE2754} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-02-12] ()
Task: {290F5A5D-F250-4DCC-956B-A5ADB3BEE8BE} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-02-12] ()
Task: {35E5C0B7-9F0B-4DCC-97E5-1D8AA8F545BE} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {426D7668-6E5C-401E-8E0F-A4DDAC12B633} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {89842A03-7618-4272-9826-A51CB2B515D9} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-02-12] ()
Task: {93CEBD37-F546-4899-9CDE-9512F4994033} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-02-12] (Lenovo)
Task: {D48EEDD6-B86F-46BE-B69F-7DE0793DACFB} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\lsc.exe [2013-02-12] ()
Task: {F43CC1FB-0FA0-425A-A58A-5C3FE7ABD91E} - System32\Tasks\Lenovo\Lenovo-32164 => C:\ProgramData\Lenovo-32164.vbs [2015-05-12] ()
Task: {F7C0EC50-D5BE-4AFA-AA01-93896CF39D5F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-20] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-01-25 00:09 - 2013-01-25 00:09 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-25 00:05 - 2013-01-25 00:05 - 00084992 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-01-25 00:12 - 2013-01-25 00:12 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-02-25 12:08 - 2013-01-16 22:27 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-02-12 15:22 - 2013-02-12 15:22 - 00148840 _____ () C:\Program Files\lenovo\lenovo solution center\lsc.exe
2015-07-23 19:33 - 2015-07-23 19:33 - 00050477 _____ () C:\Users\Baris\Downloads\Defogger.exe
2015-05-12 13:21 - 2012-07-18 06:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-07-20 22:13 - 2015-07-13 23:55 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
2015-07-20 22:13 - 2015-07-13 23:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libegl.dll

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2752069299-2962197746-3765214069-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Baris\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{55302E81-9E73-4B03-A5A5-2DEED146232D}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{9476F75B-44DF-4560-9B29-7ED9A8BA72E0}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{78160DD8-4D3B-4990-9A27-71C7E7B27EB8}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{39B34AD5-F04C-426E-B23F-0934C1F4012F}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{03C1534B-757F-4D12-A560-CB44FC962A6A}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{9190CCDD-A1AF-4B5A-A4F3-24EBFDC1F11C}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{CFB9102D-5B5C-4374-B928-8A13740C7D15}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Description: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/23/2015 05:27:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MCUPDA~1.EXE, Version: 3.0.350.0, Zeitstempel: 0x55523a70
Name des fehlerhaften Moduls: McShieldClient.dll, Version: 1.3.2.533, Zeitstempel: 0x55146a5e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002dcbc
ID des fehlerhaften Prozesses: 0x744
Startzeit der fehlerhaften Anwendung: 0xMCUPDA~1.EXE0
Pfad der fehlerhaften Anwendung: MCUPDA~1.EXE1
Pfad des fehlerhaften Moduls: MCUPDA~1.EXE2
Berichtskennung: MCUPDA~1.EXE3
Vollständiger Name des fehlerhaften Pakets: MCUPDA~1.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MCUPDA~1.EXE5

Error: (07/20/2015 06:36:16 PM) (Source: McLogEvent) (EventID: 5022) (User: NT-AUTORITÄT)
Description: 1

Error: (07/20/2015 06:36:04 PM) (Source: McLogEvent) (EventID: 5022) (User: NT-AUTORITÄT)
Description: 1

Error: (07/20/2015 06:29:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: McHlp32.exe, Version: 11.6.334.0, Zeitstempel: 0x4fb00bab
Name des fehlerhaften Moduls: Flash.ocx, Version: 11.6.602.167, Zeitstempel: 0x510d5c95
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001fbd53
ID des fehlerhaften Prozesses: 0x16a8
Startzeit der fehlerhaften Anwendung: 0xMcHlp32.exe0
Pfad der fehlerhaften Anwendung: McHlp32.exe1
Pfad des fehlerhaften Moduls: McHlp32.exe2
Berichtskennung: McHlp32.exe3
Vollständiger Name des fehlerhaften Pakets: McHlp32.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: McHlp32.exe5

Error: (07/20/2015 06:29:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: McHlp32.exe, Version: 11.6.334.0, Zeitstempel: 0x4fb00bab
Name des fehlerhaften Moduls: Flash.ocx, Version: 11.6.602.167, Zeitstempel: 0x510d5c95
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001fbd53
ID des fehlerhaften Prozesses: 0xc20
Startzeit der fehlerhaften Anwendung: 0xMcHlp32.exe0
Pfad der fehlerhaften Anwendung: McHlp32.exe1
Pfad des fehlerhaften Moduls: McHlp32.exe2
Berichtskennung: McHlp32.exe3
Vollständiger Name des fehlerhaften Pakets: McHlp32.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: McHlp32.exe5

Error: (07/20/2015 05:59:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: McHlp32.exe, Version: 11.6.334.0, Zeitstempel: 0x4fb00bab
Name des fehlerhaften Moduls: Flash.ocx, Version: 11.6.602.167, Zeitstempel: 0x510d5c95
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001fbd53
ID des fehlerhaften Prozesses: 0x135c
Startzeit der fehlerhaften Anwendung: 0xMcHlp32.exe0
Pfad der fehlerhaften Anwendung: McHlp32.exe1
Pfad des fehlerhaften Moduls: McHlp32.exe2
Berichtskennung: McHlp32.exe3
Vollständiger Name des fehlerhaften Pakets: McHlp32.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: McHlp32.exe5


System errors:
=============
Error: (07/23/2015 07:27:48 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "BARIS-PC      :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.103
registriert werden. Der Computer mit IP-Adresse 192.168.2.102 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (07/23/2015 07:27:48 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "BARIS-PC      :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.103
registriert werden. Der Computer mit IP-Adresse 192.168.2.102 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (07/23/2015 07:27:48 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{1CC1E401-3DEE-41B5-9233-83C3062221C5} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (07/23/2015 07:14:23 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "BARIS-PC      :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.103
registriert werden. Der Computer mit IP-Adresse 192.168.2.102 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (07/23/2015 07:14:23 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "BARIS-PC      :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.103
registriert werden. Der Computer mit IP-Adresse 192.168.2.102 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (07/23/2015 07:14:23 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{1CC1E401-3DEE-41B5-9233-83C3062221C5} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (07/23/2015 07:14:19 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "BARIS-PC      :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.103
registriert werden. Der Computer mit IP-Adresse 192.168.2.102 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (07/23/2015 07:14:02 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "BARIS-PC      :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.103
registriert werden. Der Computer mit IP-Adresse 192.168.2.102 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (07/23/2015 07:13:45 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎23.‎07.‎2015 um 18:35:36 unerwartet heruntergefahren.

Error: (07/23/2015 05:32:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f0841 fehlgeschlagen: Update für Windows 8 für x64-Systeme (KB2770917)


Microsoft Office:
=========================
Error: (07/23/2015 05:27:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MCUPDA~1.EXE3.0.350.055523a70McShieldClient.dll1.3.2.53355146a5ec0000005000000000002dcbc74401d0c55c10d6c0d1c:\PROGRA~1\COMMON~1\mcafee\updmgr\30350~1.4\MCUPDA~1.EXEC:\Program Files\Common Files\McAfee\AMCore\McShieldClient.dll572e80fb-314f-11e5-be75-24fd52405a8f

Error: (07/20/2015 06:36:16 PM) (Source: McLogEvent) (EventID: 5022) (User: NT-AUTORITÄT)
Description: 1

Error: (07/20/2015 06:36:04 PM) (Source: McLogEvent) (EventID: 5022) (User: NT-AUTORITÄT)
Description: 1

Error: (07/20/2015 06:29:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: McHlp32.exe11.6.334.04fb00babFlash.ocx11.6.602.167510d5c95c0000005001fbd5316a801d0c3093f3ec3f9C:\PROGRA~2\McAfee\MSC\McHlp32.exeC:\Windows\SYSTEM32\Macromed\Flash\Flash.ocx7d7035d5-2efc-11e5-be72-24fd52405a8f

Error: (07/20/2015 06:29:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: McHlp32.exe11.6.334.04fb00babFlash.ocx11.6.602.167510d5c95c0000005001fbd53c2001d0c3093d74d96eC:\PROGRA~2\McAfee\MSC\McHlp32.exeC:\Windows\SYSTEM32\Macromed\Flash\Flash.ocx7bd6b24c-2efc-11e5-be72-24fd52405a8f

Error: (07/20/2015 05:59:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: McHlp32.exe11.6.334.04fb00babFlash.ocx11.6.602.167510d5c95c0000005001fbd53135c01d0c30518fa5677C:\PROGRA~2\McAfee\MSC\McHlp32.exeC:\Windows\SYSTEM32\Macromed\Flash\Flash.ocx5e584fd9-2ef8-11e5-be72-24fd52405a8f


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 33%
Total physical RAM: 8089.77 MB
Available physical RAM: 5352.04 MB
Total Virtual: 12697.77 MB
Available Virtual: 9831.76 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:883.74 GB) (Free:838.95 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 8D042A54)

Partition: GPT Partition Type.

==================== End of log ============================
--- --- ---


Hier das Gmer Logfile

beim Ausführen von Gmer traten 2 Fehlermeldungen auf einmal:

Code:
C:\WINDOWS\system32\config\system Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird
und nach dem ausführen des Scan Vorgangs

Code:
C:\Users\Baris\ntuser.dat Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Gmer log
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-07-23 20:01:12
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000025 ST1000LM024_HN-M101MBB rev.2BA30001 931,51GB
Running: jf03w4lq.exe; Driver: C:\Users\Baris\AppData\Local\Temp\fgdoqpod.sys


---- User code sections - GMER 2.1 ----

.text  C:\WINDOWS\system32\atiesrxx.exe[124] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                          000007fe14ba177a 4 bytes [BA, 14, FE, 07]
.text  C:\WINDOWS\system32\atiesrxx.exe[124] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                          000007fe14ba1782 4 bytes [BA, 14, FE, 07]
.text  C:\WINDOWS\system32\atieclxx.exe[1048] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                        000007fe14ba177a 4 bytes [BA, 14, FE, 07]
.text  C:\WINDOWS\system32\atieclxx.exe[1048] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                        000007fe14ba1782 4 bytes [BA, 14, FE, 07]
.text  C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe[1944] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306    000007fe14ba177a 4 bytes [BA, 14, FE, 07]
.text  C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe[1944] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314    000007fe14ba1782 4 bytes [BA, 14, FE, 07]
.text  C:\WINDOWS\system32\mfevtps.exe[2040] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 306                                          000007fe14ba177a 4 bytes [BA, 14, FE, 07]
.text  C:\WINDOWS\system32\mfevtps.exe[2040] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 314                                          000007fe14ba1782 4 bytes [BA, 14, FE, 07]
.text  C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[940] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                  000007fe14ba177a 4 bytes [BA, 14, FE, 07]
.text  C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[940] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                  000007fe14ba1782 4 bytes [BA, 14, FE, 07]
.text  C:\Program Files\Elantech\ETDCtrl.exe[2512] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                                              000007fe0dd41532 4 bytes [D4, 0D, FE, 07]
.text  C:\Program Files\Elantech\ETDCtrl.exe[2512] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                                              000007fe0dd4153a 4 bytes [D4, 0D, FE, 07]
.text  C:\Program Files\Elantech\ETDCtrl.exe[2512] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                            000007fe0dd4165a 4 bytes [D4, 0D, FE, 07]
.text  C:\WINDOWS\Explorer.EXE[3000] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                  000007fe14ba177a 4 bytes [BA, 14, FE, 07]
.text  C:\WINDOWS\Explorer.EXE[3000] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                  000007fe14ba1782 4 bytes [BA, 14, FE, 07]
.text  C:\WINDOWS\Explorer.EXE[3000] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                            000007fe0dd41532 4 bytes [D4, 0D, FE, 07]
.text  C:\WINDOWS\Explorer.EXE[3000] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                            000007fe0dd4153a 4 bytes [D4, 0D, FE, 07]
.text  C:\WINDOWS\Explorer.EXE[3000] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                          000007fe0dd4165a 4 bytes [D4, 0D, FE, 07]
.text  C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe[3412] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306  000007fe14ba177a 4 bytes [BA, 14, FE, 07]
.text  C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe[3412] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314  000007fe14ba1782 4 bytes [BA, 14, FE, 07]
.text  C:\Program Files\Elantech\ETDCtrlHelper.exe[3488] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                                        000007fe0dd41532 4 bytes [D4, 0D, FE, 07]
.text  C:\Program Files\Elantech\ETDCtrlHelper.exe[3488] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                                        000007fe0dd4153a 4 bytes [D4, 0D, FE, 07]
.text  C:\Program Files\Elantech\ETDCtrlHelper.exe[3488] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                      000007fe0dd4165a 4 bytes [D4, 0D, FE, 07]
.text  C:\Program Files\Elantech\ETDIntelligent.exe[3512] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                                      000007fe0dd41532 4 bytes [D4, 0D, FE, 07]
.text  C:\Program Files\Elantech\ETDIntelligent.exe[3512] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                                      000007fe0dd4153a 4 bytes [D4, 0D, FE, 07]
.text  C:\Program Files\Elantech\ETDIntelligent.exe[3512] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                    000007fe0dd4165a 4 bytes [D4, 0D, FE, 07]
.text  C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4288] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                                000007fe0dd41532 4 bytes [D4, 0D, FE, 07]
.text  C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4288] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                                000007fe0dd4153a 4 bytes [D4, 0D, FE, 07]
.text  C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4288] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                              000007fe0dd4165a 4 bytes [D4, 0D, FE, 07]
.text  C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4288] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742                                    000007fe024f1b32 4 bytes [4F, 02, FE, 07]
.text  C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4288] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750                                    000007fe024f1b3a 4 bytes [4F, 02, FE, 07]
.text  C:\Windows\System32\igfxpers.exe[4496] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                        000007fe14ba177a 4 bytes [BA, 14, FE, 07]
.text  C:\Windows\System32\igfxpers.exe[4496] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                        000007fe14ba1782 4 bytes [BA, 14, FE, 07]
.text  C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4660] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690              000007fe0dd41532 4 bytes [D4, 0D, FE, 07]
.text  C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4660] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698              000007fe0dd4153a 4 bytes [D4, 0D, FE, 07]
.text  C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4660] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246            000007fe0dd4165a 4 bytes [D4, 0D, FE, 07]
.text  C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[4764] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                000007fe14ba177a 4 bytes [BA, 14, FE, 07]
.text  C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[4764] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                000007fe14ba1782 4 bytes [BA, 14, FE, 07]
.text  C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[5444] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306            000007fe14ba177a 4 bytes [BA, 14, FE, 07]
.text  C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[5444] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314            000007fe14ba1782 4 bytes [BA, 14, FE, 07]
.text  C:\WINDOWS\system32\wbem\wmiprvse.exe[6008] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                                              000007fe0dd41532 4 bytes [D4, 0D, FE, 07]
.text  C:\WINDOWS\system32\wbem\wmiprvse.exe[6008] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                                              000007fe0dd4153a 4 bytes [D4, 0D, FE, 07]
.text  C:\WINDOWS\system32\wbem\wmiprvse.exe[6008] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                            000007fe0dd4165a 4 bytes [D4, 0D, FE, 07]

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [708:740]                                                                                                    fffff960008835e8

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                      unknown MBR code

---- EOF - GMER 2.1 ----

schrauber 23.07.2015 21:16
Hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

bkeskin 24.07.2015 13:47
ich entshculdige die späte Rückantwort hier der Mbar Log

Code:
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.07.23.05
  rootkit: v2015.07.22.01

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.17413
Baris :: BARIS-PC [administrator]

23.07.2015 23:30:23
mbar-log-2015-07-23 (23-30-23).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 333342
Time elapsed: 8 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
Viele Grüße

schrauber 25.07.2015 10:32
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

bkeskin 25.07.2015 16:53
ComboFix will auf meinem System (Win 8.1) nicht starten.

schrauber 26.07.2015 13:09
Laut Log hast Du nur 8, nicht 8.1 dort läuft CF :)


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:38 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131