Kaspersky findet HEUR:Trojan.Script.Generic
Hallo,
nachdem das vorinstallierte McAfee vor drei Tagen abgelaufen ist (ohne jegliche Warnmeldungen), habe ich heute auf meinem Laptop Kaspersky Internet Security installiert. Vorher habe ich den McAfee-Virenscanner durch die übliche Windows-Deinstallation und anschließend durch das auf der McAfee-Homepage verfügbare Programm MCPR gelöscht. Leider wurde bei der vollständigen (Erst-)Untersuchung von Kaspersky anscheindend ein Trojaner entdeckt. In zwei Dateien wurde ein HEUR:Trojan.Script.Generic entdeckt. Kaspersky hat die beiden Funde anscheinend sowohl in die Quarantäne verschoben als auch gelöscht.
Nachfolgend die Log-Files:
defogger-disable Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:43 on 20/01/2014 (Henrike)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2014 04
Ran by *** (administrator) on ***SPC on 20-01-2014 21:46:44
Running from C:\Users\***\Downloads
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16422_x64__8wekyb3d8bbwe\glcnd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7830328 2013-05-21] (Motorola Solutions, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-26] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [222504 2013-05-17] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUS InstantKey] - C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe [13936 2013-08-27] (ASUS)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\UpdatusUser\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-10] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2sxis5eo.default
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-20]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-20]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-20]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-20]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-20]
==================== Services (Whitelisted) =================
U2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-08-29] (ASUS)
U2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] ()
U2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
U2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [283296 2013-07-26] (Intel Corporation)
U3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
U2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-06-23] (Intel Corporation)
U2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-08-16] (Intel Corporation)
U2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-06-23] (Intel Corporation)
U3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
U2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
U0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
U3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70416 2013-09-04] (ASUS Corporation)
U3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
U3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
U3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
U3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1385272 2013-08-01] (Motorola Solutions, Inc.)
U3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
U3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
U0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
U3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [113096 2013-08-07] (Intel Corporation)
U0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [74344 2013-08-06] (Intel Corporation)
U0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-12-21] (Microsoft Corporation)
U3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
U0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-20] (Kaspersky Lab ZAO)
U0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-01-20] (Kaspersky Lab)
U1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [623712 2014-01-20] (Kaspersky Lab ZAO)
U1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-17] (Kaspersky Lab ZAO)
U3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
U3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
U1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
U1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [64608 2013-05-07] (Kaspersky Lab ZAO)
U1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-01-20] (Kaspersky Lab ZAO)
U0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
U3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
U3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
U3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [3648480 2013-08-30] (Intel Corporation)
U2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-08-29] (Windows (R) Win 7 DDK provider)
U3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
U3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [423128 2013-07-24] (Realsil Semiconductor Corporation)
U3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-12-21] (Microsoft Corporation)
U0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
U3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
U3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [112224 2013-06-08] (Kaspersky Lab ZAO)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-20 21:46 - 2014-01-20 21:47 - 00019051 _____ C:\Users\***\Downloads\FRST.txt
2014-01-20 21:46 - 2014-01-20 21:46 - 00000000 ____D C:\FRST
2014-01-20 21:45 - 2014-01-20 21:45 - 02076672 _____ (Farbar) C:\Users\***\Downloads\FRST64.exe
2014-01-20 21:43 - 2014-01-20 21:43 - 00000476 _____ C:\Users\***\Downloads\defogger_disable.log
2014-01-20 21:43 - 2014-01-20 21:43 - 00000000 _____ C:\Users\***\defogger_reenable
2014-01-20 21:42 - 2014-01-20 21:42 - 00050477 _____ C:\Users\***\Downloads\Defogger.exe
2014-01-20 21:41 - 2014-01-20 21:41 - 00680584 _____ ( ) C:\Users\***\Downloads\ZipExtractorSetup.exe
2014-01-20 21:41 - 2014-01-20 21:41 - 00001197 _____ C:\Users\***\Desktop\Continue Zip Extractor Installation.lnk
2014-01-20 19:02 - 2014-01-20 19:02 - 00001347 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security.lnk
2014-01-20 19:01 - 2014-01-20 19:01 - 00002352 _____ C:\Users\***\Desktop\Sicherer Zahlungsverkehr.lnk
2014-01-20 19:01 - 2014-01-20 19:01 - 00001142 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-01-20 19:01 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2014-01-20 18:59 - 2014-01-20 21:34 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2014-01-20 18:59 - 2014-01-20 19:33 - 00623712 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys
2014-01-20 18:59 - 2014-01-20 18:59 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2014-01-20 18:59 - 2013-06-08 20:18 - 00112224 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klflt.sys
2014-01-20 18:34 - 2014-01-20 18:34 - 03218352 _____ (McAfee, Inc.) C:\Users\***\Downloads\MCPR.exe
2014-01-20 17:42 - 2014-01-20 18:24 - 256314176 _____ C:\Users\***\Downloads\kis14.0.0.4651abDE_5169.exe
2014-01-19 22:29 - 2014-01-19 22:29 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2014-01-19 22:29 - 2014-01-19 22:29 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2014-01-19 21:44 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-19 21:44 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-19 21:44 - 2013-11-27 11:34 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll
2014-01-19 21:44 - 2013-11-27 10:54 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-19 21:44 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-19 21:44 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-19 21:44 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-19 21:44 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-19 21:44 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-19 21:44 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-19 21:43 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-19 20:42 - 2014-01-19 20:42 - 00000000 ____D C:\Users\***\AppData\Roaming\Mozilla
2014-01-19 20:42 - 2014-01-19 20:42 - 00000000 ____D C:\Users\***\AppData\Local\Mozilla
2014-01-19 16:55 - 2014-01-19 16:55 - 00001165 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-19 16:55 - 2014-01-19 16:55 - 00000000 ____D C:\ProgramData\Mozilla
2014-01-19 16:55 - 2014-01-19 16:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-19 16:54 - 2014-01-19 16:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-14 21:51 - 2014-01-14 21:56 - 00000000 ____D C:\Users\***\Desktop\iTunes
2014-01-14 21:51 - 2014-01-14 21:52 - 00000000 ____D C:\Users\***\AppData\Roaming\Apple Computer
2014-01-14 21:51 - 2014-01-14 21:51 - 00001797 _____ C:\Users\Public\Desktop\iTunes.lnk
2014-01-14 21:51 - 2014-01-14 21:51 - 00000000 ____D C:\Users\***\AppData\Local\Apple Computer
2014-01-14 21:51 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2014-01-14 21:50 - 2014-01-14 21:51 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-14 21:50 - 2014-01-14 21:51 - 00000000 ____D C:\Program Files\iTunes
2014-01-14 21:50 - 2014-01-14 21:51 - 00000000 ____D C:\Program Files (x86)\iTunes
2014-01-14 21:50 - 2014-01-14 21:50 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2014-01-14 21:50 - 2014-01-14 21:50 - 00000000 ____D C:\Users\***\AppData\Local\Apple
2014-01-14 21:50 - 2014-01-14 21:50 - 00000000 ____D C:\ProgramData\Apple Computer
2014-01-14 21:50 - 2014-01-14 21:50 - 00000000 ____D C:\ProgramData\Apple
2014-01-14 21:50 - 2014-01-14 21:50 - 00000000 ____D C:\Program Files\iPod
2014-01-14 21:50 - 2014-01-14 21:50 - 00000000 ____D C:\Program Files\Common Files\Apple
2014-01-14 21:50 - 2014-01-14 21:50 - 00000000 ____D C:\Program Files\Bonjour
2014-01-14 21:50 - 2014-01-14 21:50 - 00000000 ____D C:\Program Files (x86)\Bonjour
2014-01-14 21:50 - 2014-01-14 21:50 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2014-01-14 20:34 - 2014-01-19 16:46 - 00011231 _____ C:\Users\***\Documents\Geschenke Niklas.xlsx
2014-01-14 20:13 - 2014-01-14 20:13 - 00000000 ____D C:\WINDOWS\PCHEALTH
2014-01-14 20:12 - 2014-01-14 20:12 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-01-14 20:10 - 2014-01-20 16:33 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-14 20:10 - 2014-01-14 20:10 - 00000000 ____D C:\Users\***\AppData\Local\Microsoft Help
2014-01-14 20:10 - 2014-01-14 20:10 - 00000000 ____D C:\Program Files\Microsoft Office
2014-01-14 20:10 - 2014-01-14 20:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2014-01-14 20:09 - 2014-01-14 20:09 - 00000000 __RHD C:\MSOCache
2014-01-07 13:49 - 2014-01-07 13:49 - 00000000 ___RD C:\WINDOWS\BrowserChoice
2014-01-05 18:39 - 2014-01-19 08:38 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2013-12-27 16:08 - 2014-01-14 18:13 - 00000000 ____D C:\Users\***\AppData\Local\Windows Live
2013-12-21 17:18 - 2013-12-21 17:18 - 00000000 ____D C:\Users\Public\CyberLink
2013-12-21 17:16 - 2013-12-21 17:16 - 00000000 ____D C:\Users\***\Documents\CyberLink
2013-12-21 17:16 - 2013-12-21 17:16 - 00000000 ____D C:\Users\***\AppData\Roaming\CyberLink
2013-12-21 17:16 - 2013-12-21 17:16 - 00000000 ____D C:\Users\***\AppData\Local\Cyberlink
2013-12-21 16:44 - 2014-01-20 18:57 - 00000000 __RDO C:\Users\***\SkyDrive
2013-12-21 16:42 - 2013-12-21 16:42 - 00001456 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-21 16:42 - 2013-12-21 16:42 - 00000020 ___SH C:\Users\***\ntuser.ini
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Default\Vorlagen
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Programme
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\ProgramData\Vorlagen
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Dokumente und Einstellungen
2013-12-21 16:15 - 2013-12-21 16:15 - 00022960 _____ C:\WINDOWS\system32\emptyregdb.dat
2013-12-21 16:07 - 2013-12-21 16:07 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS Video Magic
2013-12-21 16:07 - 2013-12-21 16:07 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS Video Magic
2013-12-21 16:06 - 2013-12-21 16:06 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2013-12-21 16:05 - 2014-01-20 21:43 - 00000000 ____D C:\Users\***
2013-12-21 16:05 - 2013-12-21 16:15 - 00028578 _____ C:\WINDOWS\diagwrn.xml
2013-12-21 16:05 - 2013-12-21 16:15 - 00028578 _____ C:\WINDOWS\diagerr.xml
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\UpdatusUser\Vorlagen
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\UpdatusUser\Startmenü
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\UpdatusUser\Netzwerkumgebung
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\UpdatusUser\Lokale Einstellungen
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\UpdatusUser\Eigene Dateien
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\UpdatusUser\Druckumgebung
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Musik
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Bilder
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Verlauf
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\UpdatusUser\Anwendungsdaten
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\***\Vorlagen
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\***\Startmenü
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\***\Netzwerkumgebung
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\***\Lokale Einstellungen
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\***\Eigene Dateien
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\***\Druckumgebung
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\***\Documents\Eigene Musik
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\***\Documents\Eigene Bilder
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\***\AppData\Local\Verlauf
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\***\AppData\Local\Anwendungsdaten
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\***\Anwendungsdaten
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 ___RD C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-12-21 16:05 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-21 16:05 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-12-21 16:05 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-21 16:05 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-12-21 16:05 - 2013-08-22 16:36 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-12-21 16:05 - 2013-08-22 16:36 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-12-21 16:02 - 2013-12-21 16:02 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_btmaux_01009.Wdf
2013-12-21 16:01 - 2013-12-21 16:01 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_btmhsf_01011.Wdf
2013-12-21 16:01 - 2013-10-23 09:20 - 06669600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2013-12-21 16:01 - 2013-10-23 09:20 - 03489568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2013-12-21 16:01 - 2013-10-23 09:20 - 03426956 _____ C:\WINDOWS\system32\nvcoproc.bin
2013-12-21 16:01 - 2013-10-23 09:20 - 02559776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2013-12-21 16:01 - 2013-10-23 09:20 - 01064224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2013-12-21 16:01 - 2013-10-23 09:20 - 00922912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2013-12-21 16:01 - 2013-10-23 09:20 - 00219424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2013-12-21 16:01 - 2013-10-23 09:20 - 00067072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2013-12-21 16:01 - 2013-10-23 09:20 - 00063776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2013-12-21 16:00 - 2014-01-20 21:06 - 01178460 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-21 16:00 - 2013-12-21 16:06 - 00000000 ____D C:\Program Files\Intel
2013-12-21 16:00 - 2013-12-21 16:06 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-12-21 16:00 - 2013-12-21 16:06 - 00000000 ____D C:\Program Files (x86)\Intel
2013-12-21 16:00 - 2013-12-21 16:01 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-12-21 16:00 - 2013-12-21 16:00 - 00001316 _____ C:\Users\Public\Desktop\AudioWizard.lnk
2013-12-21 16:00 - 2013-12-21 16:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-12-21 16:00 - 2013-10-01 13:02 - 00064000 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2013-12-21 16:00 - 2013-10-01 13:02 - 00060416 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2013-12-21 15:59 - 2013-12-21 16:00 - 00216867 _____ C:\WINDOWS\system32\Drivers\RTWAVES40.dat
2013-12-21 15:59 - 2013-12-21 15:59 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2013-12-21 15:59 - 2013-12-21 15:59 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2013-12-21 15:59 - 2013-12-21 15:59 - 00000000 ____D C:\Program Files\Realtek
2013-12-21 15:58 - 2013-12-21 16:42 - 00000000 ___DC C:\WINDOWS\Panther
2013-12-21 15:58 - 2013-12-21 15:58 - 00000000 __SHD C:\Recovery
2013-12-21 15:57 - 2013-12-21 15:57 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2013-12-21 15:57 - 2013-12-21 15:57 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2013-12-21 15:57 - 2013-12-21 15:57 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2013-12-21 15:57 - 2013-12-21 15:57 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2013-12-21 15:57 - 2013-12-21 15:57 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2013-12-21 15:57 - 2013-12-21 15:57 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2013-12-21 15:57 - 2013-12-21 15:57 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2013-12-21 15:57 - 2013-12-21 15:57 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2013-12-21 15:57 - 2013-12-21 15:57 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-12-21 15:56 - 2013-12-21 15:56 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-12-21 15:56 - 2013-12-21 15:56 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2013-12-21 15:56 - 2013-12-21 15:56 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2013-12-21 15:56 - 2013-12-21 15:56 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2013-12-21 15:56 - 2013-12-21 15:56 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2013-12-21 15:56 - 2013-12-21 15:56 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-12-21 15:56 - 2013-12-21 15:56 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2013-12-21 15:56 - 2013-12-21 15:56 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2013-12-21 15:56 - 2013-12-21 15:56 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2013-12-21 15:56 - 2013-12-21 15:56 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2013-12-21 15:56 - 2013-12-21 15:56 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2013-12-21 15:56 - 2013-12-21 15:56 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2013-12-21 15:56 - 2013-12-21 15:56 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2013-12-21 15:56 - 2013-12-21 15:56 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2013-12-21 15:56 - 2013-12-21 15:56 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2013-12-21 15:56 - 2013-12-21 15:56 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-12-21 15:56 - 2013-12-21 15:56 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-12-21 15:56 - 2013-12-21 15:56 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2013-12-21 15:56 - 2013-12-21 15:56 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2013-12-21 15:56 - 2013-12-21 15:56 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2013-12-21 15:56 - 2013-12-21 15:56 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2013-12-21 15:55 - 2013-12-21 15:55 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2013-12-21 15:53 - 2013-12-21 15:53 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2013-12-21 15:53 - 2013-12-21 15:53 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-12-21 15:53 - 2013-12-21 15:53 - 00000000 ____D C:\Program Files\MSBuild
2013-12-21 15:53 - 2013-12-21 15:53 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-12-21 15:53 - 2013-12-21 15:53 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-12-21 15:53 - 2013-08-03 05:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2013-12-21 15:53 - 2013-08-03 05:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2013-12-21 15:53 - 2013-08-03 05:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2013-12-21 15:53 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2013-12-21 15:53 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-12-21 15:53 - 2013-08-03 05:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2013-12-21 15:30 - 2013-12-21 16:15 - 00006571 _____ C:\WINDOWS\comsetup.log
2013-12-21 13:36 - 2014-01-09 12:07 - 00003558 _____ C:\WINDOWS\System32\Tasks\CreateChoiceProcessTask
2013-12-21 13:01 - 2013-12-21 13:01 - 00000000 ____D C:\sources
2013-12-21 12:29 - 2013-12-21 12:29 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
==================== One Month Modified Files and Folders =======
2014-01-20 21:47 - 2014-01-20 21:46 - 00019051 _____ C:\Users\***\Downloads\FRST.txt
2014-01-20 21:46 - 2014-01-20 21:46 - 00000000 ____D C:\FRST
2014-01-20 21:45 - 2014-01-20 21:45 - 02076672 _____ (Farbar) C:\Users\***\Downloads\FRST64.exe
2014-01-20 21:43 - 2014-01-20 21:43 - 00000476 _____ C:\Users\***\Downloads\defogger_disable.log
2014-01-20 21:43 - 2014-01-20 21:43 - 00000000 _____ C:\Users\***\defogger_reenable
2014-01-20 21:43 - 2013-12-21 16:05 - 00000000 ____D C:\Users\***
2014-01-20 21:42 - 2014-01-20 21:42 - 00050477 _____ C:\Users\***\Downloads\Defogger.exe
2014-01-20 21:41 - 2014-01-20 21:41 - 00680584 _____ ( ) C:\Users\***\Downloads\ZipExtractorSetup.exe
2014-01-20 21:41 - 2014-01-20 21:41 - 00001197 _____ C:\Users\***\Desktop\Continue Zip Extractor Installation.lnk
2014-01-20 21:34 - 2014-01-20 18:59 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2014-01-20 21:06 - 2013-12-21 16:00 - 01178460 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-20 21:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-20 19:33 - 2014-01-20 18:59 - 00623712 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys
2014-01-20 19:33 - 2013-10-17 15:47 - 00458336 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kl1.sys
2014-01-20 19:33 - 2013-06-06 17:38 - 00178272 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kneps.sys
2014-01-20 19:33 - 2012-07-27 18:38 - 00029792 _____ (Kaspersky Lab) C:\WINDOWS\system32\Drivers\klelam.sys
2014-01-20 19:03 - 2013-11-14 08:27 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-20 19:03 - 2013-11-14 08:11 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2014-01-20 19:03 - 2013-11-14 08:11 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2014-01-20 19:02 - 2014-01-20 19:02 - 00001347 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security.lnk
2014-01-20 19:01 - 2014-01-20 19:01 - 00002352 _____ C:\Users\***\Desktop\Sicherer Zahlungsverkehr.lnk
2014-01-20 19:01 - 2014-01-20 19:01 - 00001142 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-01-20 19:01 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2014-01-20 19:00 - 2012-07-26 09:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2014-01-20 18:59 - 2014-01-20 18:59 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2014-01-20 18:59 - 2013-12-18 14:51 - 00000073 _____ C:\Users\***\AppData\Roaming\sp_data.sys
2014-01-20 18:57 - 2013-12-21 16:44 - 00000000 __RDO C:\Users\***\SkyDrive
2014-01-20 18:57 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-20 18:56 - 2013-11-13 23:18 - 00021096 _____ C:\WINDOWS\PFRO.log
2014-01-20 18:56 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2014-01-20 18:42 - 2013-12-18 14:59 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2031772187-3323974869-1085960495-1002
2014-01-20 18:38 - 2012-07-26 06:37 - 00000000 ____D C:\Users\Default.migrated
2014-01-20 18:34 - 2014-01-20 18:34 - 03218352 _____ (McAfee, Inc.) C:\Users\***\Downloads\MCPR.exe
2014-01-20 18:24 - 2014-01-20 17:42 - 256314176 _____ C:\Users\***\Downloads\kis14.0.0.4651abDE_5169.exe
2014-01-20 16:33 - 2014-01-14 20:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-20 10:49 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2014-01-19 22:29 - 2014-01-19 22:29 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2014-01-19 22:29 - 2014-01-19 22:29 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2014-01-19 22:27 - 2013-12-20 11:45 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-19 22:26 - 2013-12-20 11:45 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-19 20:42 - 2014-01-19 20:42 - 00000000 ____D C:\Users\***\AppData\Roaming\Mozilla
2014-01-19 20:42 - 2014-01-19 20:42 - 00000000 ____D C:\Users\***\AppData\Local\Mozilla
2014-01-19 20:02 - 2013-08-22 15:46 - 00335213 _____ C:\WINDOWS\setupact.log
2014-01-19 16:55 - 2014-01-19 16:55 - 00001165 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-19 16:55 - 2014-01-19 16:55 - 00000000 ____D C:\ProgramData\Mozilla
2014-01-19 16:55 - 2014-01-19 16:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-19 16:54 - 2014-01-19 16:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-19 16:46 - 2014-01-14 20:34 - 00011231 _____ C:\Users\***\Documents\Geschenke Niklas.xlsx
2014-01-19 08:38 - 2014-01-05 18:39 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-01-15 20:35 - 2013-08-22 15:44 - 00409336 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-14 21:56 - 2014-01-14 21:51 - 00000000 ____D C:\Users\***\Desktop\iTunes
2014-01-14 21:52 - 2014-01-14 21:51 - 00000000 ____D C:\Users\***\AppData\Roaming\Apple Computer
2014-01-14 21:51 - 2014-01-14 21:51 - 00001797 _____ C:\Users\Public\Desktop\iTunes.lnk
2014-01-14 21:51 - 2014-01-14 21:51 - 00000000 ____D C:\Users\***\AppData\Local\Apple Computer
2014-01-14 21:51 - 2014-01-14 21:50 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-14 21:51 - 2014-01-14 21:50 - 00000000 ____D C:\Program Files\iTunes
2014-01-14 21:51 - 2014-01-14 21:50 - 00000000 ____D C:\Program Files (x86)\iTunes
2014-01-14 21:50 - 2014-01-14 21:50 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2014-01-14 21:50 - 2014-01-14 21:50 - 00000000 ____D C:\Users\***\AppData\Local\Apple
2014-01-14 21:50 - 2014-01-14 21:50 - 00000000 ____D C:\ProgramData\Apple Computer
2014-01-14 21:50 - 2014-01-14 21:50 - 00000000 ____D C:\ProgramData\Apple
2014-01-14 21:50 - 2014-01-14 21:50 - 00000000 ____D C:\Program Files\iPod
2014-01-14 21:50 - 2014-01-14 21:50 - 00000000 ____D C:\Program Files\Common Files\Apple
2014-01-14 21:50 - 2014-01-14 21:50 - 00000000 ____D C:\Program Files\Bonjour
2014-01-14 21:50 - 2014-01-14 21:50 - 00000000 ____D C:\Program Files (x86)\Bonjour
2014-01-14 21:50 - 2014-01-14 21:50 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2014-01-14 20:13 - 2014-01-14 20:13 - 00000000 ____D C:\WINDOWS\PCHEALTH
2014-01-14 20:13 - 2013-04-26 00:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2014-01-14 20:12 - 2014-01-14 20:12 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-01-14 20:12 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2014-01-14 20:10 - 2014-01-14 20:10 - 00000000 ____D C:\Users\***\AppData\Local\Microsoft Help
2014-01-14 20:10 - 2014-01-14 20:10 - 00000000 ____D C:\Program Files\Microsoft Office
2014-01-14 20:10 - 2014-01-14 20:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2014-01-14 20:10 - 2013-11-14 08:13 - 00000000 ____D C:\WINDOWS\ShellNew
2014-01-14 20:09 - 2014-01-14 20:09 - 00000000 __RHD C:\MSOCache
2014-01-14 18:40 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2014-01-14 18:21 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2014-01-14 18:13 - 2013-12-27 16:08 - 00000000 ____D C:\Users\***\AppData\Local\Windows Live
2014-01-09 12:07 - 2013-12-21 13:36 - 00003558 _____ C:\WINDOWS\System32\Tasks\CreateChoiceProcessTask
2014-01-07 13:49 - 2014-01-07 13:49 - 00000000 ___RD C:\WINDOWS\BrowserChoice
2014-01-07 13:49 - 2013-12-18 14:50 - 00000000 ____D C:\Users\***\AppData\Local\Packages
2014-01-07 13:48 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\restore
2014-01-06 23:31 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-06 23:31 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-21 17:18 - 2013-12-21 17:18 - 00000000 ____D C:\Users\Public\CyberLink
2013-12-21 17:16 - 2013-12-21 17:16 - 00000000 ____D C:\Users\***\Documents\CyberLink
2013-12-21 17:16 - 2013-12-21 17:16 - 00000000 ____D C:\Users\***\AppData\Roaming\CyberLink
2013-12-21 17:16 - 2013-12-21 17:16 - 00000000 ____D C:\Users\***\AppData\Local\Cyberlink
2013-12-21 17:16 - 2013-11-27 02:58 - 00000000 ____D C:\ProgramData\CyberLink
2013-12-21 16:42 - 2013-12-21 16:42 - 00001456 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-21 16:42 - 2013-12-21 16:42 - 00000020 ___SH C:\Users\***\ntuser.ini
2013-12-21 16:42 - 2013-12-21 15:58 - 00000000 ___DC C:\WINDOWS\Panther
2013-12-21 16:42 - 2013-12-18 14:51 - 00000000 ___RD C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-21 16:42 - 2013-12-18 14:51 - 00000000 ___RD C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-21 16:27 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Registration
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Default\Vorlagen
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Programme
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\ProgramData\Vorlagen
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2013-12-21 16:16 - 2013-12-21 16:16 - 00000000 _SHDL C:\Dokumente und Einstellungen
2013-12-21 16:16 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows NT
2013-12-21 16:16 - 2013-08-22 14:36 - 00000000 __RHD C:\Users\Default
2013-12-21 16:15 - 2013-12-21 16:15 - 00022960 _____ C:\WINDOWS\system32\emptyregdb.dat
2013-12-21 16:15 - 2013-12-21 16:05 - 00028578 _____ C:\WINDOWS\diagwrn.xml
2013-12-21 16:15 - 2013-12-21 16:05 - 00028578 _____ C:\WINDOWS\diagerr.xml
2013-12-21 16:15 - 2013-12-21 15:30 - 00006571 _____ C:\WINDOWS\comsetup.log
2013-12-21 16:12 - 2013-08-22 16:36 - 00000000 __RSD C:\WINDOWS\Media
2013-12-21 16:12 - 2013-08-22 16:36 - 00000000 __RHD C:\Users\Public\Libraries
2013-12-21 16:09 - 2013-11-27 02:43 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2013-12-21 16:09 - 2013-11-27 02:43 - 00000000 ____D C:\WINDOWS\system32\NV
2013-12-21 16:08 - 2013-12-18 14:50 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS Video Magic
2013-12-21 16:08 - 2013-11-27 03:01 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS Video Magic
2013-12-21 16:08 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2013-12-21 16:08 - 2013-04-26 00:17 - 00000000 ____D C:\WINDOWS\nl
2013-12-21 16:08 - 2013-04-26 00:17 - 00000000 ____D C:\WINDOWS\it
2013-12-21 16:08 - 2013-04-26 00:17 - 00000000 ____D C:\WINDOWS\fr
2013-12-21 16:08 - 2013-04-26 00:17 - 00000000 ____D C:\WINDOWS\de
2013-12-21 16:08 - 2012-07-26 10:43 - 00000000 ____D C:\WINDOWS\en-GB
2013-12-21 16:07 - 2013-12-21 16:07 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS Video Magic
2013-12-21 16:07 - 2013-12-21 16:07 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS Video Magic
2013-12-21 16:07 - 2013-11-27 02:52 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2013-12-21 16:07 - 2013-11-14 08:11 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2013-12-21 16:07 - 2013-11-14 08:11 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2013-12-21 16:07 - 2013-11-14 08:11 - 00000000 ____D C:\WINDOWS\system32\WCN
2013-12-21 16:07 - 2013-08-22 16:37 - 00004893 _____ C:\WINDOWS\DtcInstall.log
2013-12-21 16:07 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2013-12-21 16:07 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2013-12-21 16:07 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2013-12-21 16:07 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2013-12-21 16:07 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\spool
2013-12-21 16:07 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\MUI
2013-12-21 16:07 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\IME
2013-12-21 16:07 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2013-12-21 16:07 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2013-12-21 16:06 - 2013-12-21 16:06 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2013-12-21 16:06 - 2013-12-21 16:00 - 00000000 ____D C:\Program Files\Intel
2013-12-21 16:06 - 2013-12-21 16:00 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-12-21 16:06 - 2013-12-21 16:00 - 00000000 ____D C:\Program Files (x86)\Intel
2013-12-21 16:06 - 2013-08-22 16:43 - 00000000 ____D C:\WINDOWS\DigitalLocker
2013-12-21 16:06 - 2013-08-22 16:36 - 00000000 __SHD C:\Program Files\Windows Sidebar
2013-12-21 16:06 - 2013-08-22 16:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2013-12-21 16:06 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\Recovery
2013-12-21 16:06 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2013-12-21 16:06 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\IME
2013-12-21 16:06 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Help
2013-12-21 16:06 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\System
2013-12-21 16:06 - 2012-08-02 14:28 - 00000000 ____D C:\ProgramData\PRICache
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\UpdatusUser\Vorlagen
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\UpdatusUser\Startmenü
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\UpdatusUser\Netzwerkumgebung
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\UpdatusUser\Lokale Einstellungen
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\UpdatusUser\Eigene Dateien
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\UpdatusUser\Druckumgebung
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Musik
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Bilder
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Verlauf
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\UpdatusUser\Anwendungsdaten
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\***\Vorlagen
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\***\Startmenü
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\***\Netzwerkumgebung
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\***\Lokale Einstellungen
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\***\Eigene Dateien
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\***\Druckumgebung
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\***\Documents\Eigene Musik
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\***\Documents\Eigene Bilder
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\***\AppData\Local\Verlauf
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\***\AppData\Local\Anwendungsdaten
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 _SHDL C:\Users\***\Anwendungsdaten
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-12-21 16:05 - 2013-12-21 16:05 - 00000000 ___RD C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-12-21 16:02 - 2013-12-21 16:02 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_btmaux_01009.Wdf
2013-12-21 16:01 - 2013-12-21 16:01 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_btmhsf_01011.Wdf
2013-12-21 16:01 - 2013-12-21 16:00 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-12-21 16:01 - 2013-08-22 15:46 - 00000084 _____ C:\WINDOWS\setuperr.log
2013-12-21 16:00 - 2013-12-21 16:00 - 00001316 _____ C:\Users\Public\Desktop\AudioWizard.lnk
2013-12-21 16:00 - 2013-12-21 16:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-12-21 16:00 - 2013-12-21 15:59 - 00216867 _____ C:\WINDOWS\system32\Drivers\RTWAVES40.dat
2013-12-21 15:59 - 2013-12-21 15:59 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2013-12-21 15:59 - 2013-12-21 15:59 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2013-12-21 15:59 - 2013-12-21 15:59 - 00000000 ____D C:\Program Files\Realtek
2013-12-21 15:58 - 2013-12-21 15:58 - 00000000 __SHD C:\Recovery
2013-12-21 15:57 - 2013-12-21 15:57 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2013-12-21 15:57 - 2013-12-21 15:57 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2013-12-21 15:57 - 2013-12-21 15:57 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2013-12-21 15:57 - 2013-12-21 15:57 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2013-12-21 15:57 - 2013-12-21 15:57 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2013-12-21 15:57 - 2013-12-21 15:57 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2013-12-21 15:57 - 2013-12-21 15:57 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2013-12-21 15:57 - 2013-12-21 15:57 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2013-12-21 15:57 - 2013-12-21 15:57 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2013-12-21 15:57 - 2013-08-22 16:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2013-12-21 15:56 - 2013-12-21 15:56 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-12-21 15:56 - 2013-12-21 15:56 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-12-21 15:56 - 2013-12-21 15:56 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2013-12-21 15:56 - 2013-12-21 15:56 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2013-12-21 15:56 - 2013-12-21 15:56 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2013-12-21 15:56 - 2013-12-21 15:56 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2013-12-21 15:56 - 2013-12-21 15:56 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-12-21 15:56 - 2013-12-21 15:56 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2013-12-21 15:56 - 2013-12-21 15:56 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2013-12-21 15:56 - 2013-12-21 15:56 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2013-12-21 15:56 - 2013-12-21 15:56 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2013-12-21 15:56 - 2013-12-21 15:56 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2013-12-21 15:56 - 2013-12-21 15:56 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2013-12-21 15:56 - 2013-12-21 15:56 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2013-12-21 15:56 - 2013-12-21 15:56 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2013-12-21 15:56 - 2013-12-21 15:56 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2013-12-21 15:56 - 2013-12-21 15:56 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-12-21 15:56 - 2013-12-21 15:56 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-12-21 15:56 - 2013-12-21 15:56 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2013-12-21 15:56 - 2013-12-21 15:56 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2013-12-21 15:56 - 2013-12-21 15:56 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2013-12-21 15:56 - 2013-12-21 15:56 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2013-12-21 15:56 - 2013-12-21 15:56 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2013-12-21 15:56 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2013-12-21 15:56 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2013-12-21 15:56 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\FileManager
2013-12-21 15:56 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera
2013-12-21 15:55 - 2013-12-21 15:55 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2013-12-21 15:53 - 2013-12-21 15:53 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2013-12-21 15:53 - 2013-12-21 15:53 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-12-21 15:53 - 2013-12-21 15:53 - 00000000 ____D C:\Program Files\MSBuild
2013-12-21 15:53 - 2013-12-21 15:53 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-12-21 15:53 - 2013-12-21 15:53 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-12-21 15:42 - 2013-11-27 02:42 - 01851803 _____ C:\WINDOWS\WindowsUpdate (1).log
2013-12-21 13:01 - 2013-12-21 13:01 - 00000000 ____D C:\sources
2013-12-21 12:29 - 2013-12-21 12:29 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2013-12-21 12:14 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
Some content of TEMP:
====================
C:\Users\***\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe
C:\Users\***\AppData\Local\Temp\ose00000.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-19 22:06
==================== End Of Log ============================
--- --- ---
--- --- ---
Addition Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2014 04
Ran by *** at 2014-01-20 21:47:09
Running from C:\Users\***\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
Adobe Reader X MUI (x32 Version: 10.0.0 - Adobe Systems Incorporated)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ASUS Instant Key (x32 Version: 1.1.3 - ASUS)
ASUS Live Update (x32 Version: 3.2.6 - ASUS)
ASUS Power4Gear Hybrid (Version: 3.0.6 - ASUS)
ASUS Screen Saver (x32 Version: 1.0.2 - ASUS)
ASUS Smart Gesture (x32 Version: 2.2.4 - ASUS)
ASUS Splendid Video Enhancement Technology (x32 Version: 2.01.0018 - ASUS)
ASUS USB Charger Plus (x32 Version: 3.1.7 - ASUS)
ASUS Video Magic (x32 Version: 6.0.8015 - CyberLink Corp.)
ASUS Video Magic (x32 Version: 6.0.8015 - CyberLink Corp.) Hidden
ASUS WebStorage Sync Agent (x32 Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (x32 Version: 10.0.5520.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.5520.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (x32 Version: 2.0.12.310 - ASUSTEK)
ATK Package (x32 Version: 1.0.0030 - ASUS)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.4103_46746 - CyberLink Corp.)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.4103_46746 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Intel Collaborative Processor Performance Control (x32 Version: 1.0.0.1013 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 9.0.10.1372 - Intel Corporation)
Intel(R) PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden
Intel(R) Processor Graphics (x32 Version: 10.18.10.3308 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 16.1.1.0084 - Intel Corporation) Hidden
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1332.1) (Version: 3.1.1307.0366 - Intel Corporation)
Intel(R) Update Manager (x32 Version: 1.6.3.70 - Intel Corporation) Hidden
Intel(R) WiDi (Version: 4.2.19.0 - Intel Corporation)
Intel® PROSet/Wireless Software (x32 Version: 16.1.5 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
iTunes (Version: 11.1.3.8 - Apple Inc.)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (x32 Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyBitCast 2.0 (x32 Version: 2.0 - ASUS)
NVIDIA Grafiktreiber 331.65 (Version: 331.65 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Optimus 4.11.9 (Version: 4.11.9 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0604 (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Update 4.11.9 (Version: 4.11.9 - NVIDIA Corporation)
NVIDIA Update Components (Version: 4.11.9 - NVIDIA Corporation) Hidden
Peggle (x32 Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Card Reader (x32 Version: 6.2.9200.21236 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (x32 Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Shared C Run-time for x64 (Version: 10.0.0 - McAfee)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
WildTangent Games (x32 Version: 1.0.0.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Driver Package - ASUS (ATP) Mouse (08/19/2013 1.0.0.185) (Version: 08/19/2013 1.0.0.185 - ASUS)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinFlash (x32 Version: 2.42.0 - ASUS)
==================== Restore Points =========================
07-01-2014 12:48:16 Windows Update
14-01-2014 17:35:41 Geplanter Prüfpunkt
19-01-2014 21:25:19 Windows Update
==================== Hosts content: ==========================
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {03046A83-A887-4E8F-8A3A-79C06BD3EA8F} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-08-19] (ASUS)
Task: {0360343D-3918-4B89-9CAB-1A77A453E072} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-08-29] (ASUS)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0E8D9F3C-C93F-49F6-B760-60AB2EC2CCEE} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2DA2ACBE-1318-4555-B63F-220835FCCC4F} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-08-16] (ASUSTeK Computer Inc.)
Task: {2DD61386-DBE3-414F-9646-FF3CFF057206} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2013-08-29] (ASUSTek Computer Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7EBD40E3-9C47-4FBE-8636-658C3DCF533C} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {932D01FD-E2A3-4FBC-84EF-2640978293B0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {961D7191-AE4F-4027-9520-F875516FE5A6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-01-19] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B5A5DEC0-458B-4097-80CA-4D86AD96E94D} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-07-09] ()
Task: {B901E965-7037-4BAF-A2F9-0B160B10ED02} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DEFA8748-0256-4431-B22B-2CDF59D51AE3} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-09-04] (AsusTek)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
==================== Loaded Modules (whitelisted) =============
2013-08-29 17:01 - 2013-08-29 17:01 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2013-12-27 11:33 - 2013-12-27 11:34 - 00183808 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-19 18:16 - 2013-08-19 18:16 - 00015440 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2013-08-16 11:03 - 2013-08-16 11:03 - 00023040 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2013-11-27 02:49 - 2013-06-23 21:05 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-12-10 08:13 - 2013-12-10 08:13 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-01-19 16:54 - 2013-12-05 20:36 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\***\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Could not start eventlog service, could not read events.
Der angeforderte Dienst wurde bereits gestartet.
Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.
==================== Memory info ===========================
Percentage of memory in use: 27%
Total physical RAM: 8075.11 MB
Available physical RAM: 5816.78 MB
Total Pagefile: 9355.11 MB
Available Pagefile: 6941.02 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:372.26 GB) (Free:315.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:537.8 GB) (Free:537.64 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 57788C0B)
Partition: GPT Partition Type
==================== End Of Log ============================
GMER (folgende Fehlermeldungen sind hierbei aufgetreten: 1) Direkt nach dem Aufrufen des Programms und einmal während des Scans kam folgende Meldung: c:\\windows\system32\config.system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. 2) Während des Scans kam einmal die folgende Meldung: c:\\Users\***\ntuser.dat: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird). Code:
GMER 2.1.19324 - hxxp://www.gmer.net
Rootkit scan 2014-01-20 22:03:20
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000034 HGST_HTS541010A9E680 rev.JA0OA560 931,51GB
Running: gmer.exe; Driver: C:\Users\***\AppData\Local\Temp\pfdyifob.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff96000194700 15 bytes [00, EA, 0F, 02, 00, 7F, 6F, ...]
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff96000194710 11 bytes [00, 1F, FC, FF, 80, 52, DE, ...]
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\dwm.exe[960] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffcee1b30e0 7 bytes JMP 00007ffdec7402d0
.text C:\WINDOWS\system32\dwm.exe[960] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffcee1b4478 7 bytes JMP 00007ffdec740308
.text C:\WINDOWS\system32\dwm.exe[960] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffcee2611a8 7 bytes JMP 00007ffdec740340
.text C:\WINDOWS\system32\dwm.exe[960] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffcee26121c 7 bytes JMP 00007ffdec7403b0
.text C:\WINDOWS\system32\dwm.exe[960] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffcee261668 7 bytes JMP 00007ffdec740378
.text C:\WINDOWS\system32\dwm.exe[960] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleFileNameExW 00007ffcee2672d0 7 bytes JMP 00007ffdec740260
.text C:\WINDOWS\system32\dwm.exe[960] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffcee28d5a4 7 bytes JMP 00007ffdec740228
.text C:\WINDOWS\system32\dwm.exe[960] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffcee28d614 7 bytes JMP 00007ffdec740298
.text C:\WINDOWS\system32\dwm.exe[960] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffcec752124 7 bytes JMP 00007ffdec7400d8
.text C:\WINDOWS\system32\dwm.exe[960] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffcec7550e8 5 bytes JMP 00007ffdec740180
.text C:\WINDOWS\system32\dwm.exe[960] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffcec7552a0 5 bytes JMP 00007ffdec740148
.text C:\WINDOWS\system32\dwm.exe[960] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffcec75a9b0 5 bytes JMP 00007ffdec740110
.text C:\WINDOWS\system32\dwm.exe[960] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffceefb7b64 10 bytes JMP 00007ffdec740490
.text C:\WINDOWS\system32\dwm.exe[960] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffceefd2910 5 bytes JMP 00007ffdec740420
.text C:\WINDOWS\system32\dwm.exe[960] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffceefd4578 5 bytes JMP 00007ffdec740458
.text C:\WINDOWS\system32\dwm.exe[960] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffceefd4980 9 bytes JMP 00007ffdec7403e8
.text C:\WINDOWS\system32\dwm.exe[960] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffcee701500 8 bytes JMP 00007ffdec7401b8
.text C:\WINDOWS\system32\dwm.exe[960] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffcee701750 8 bytes JMP 00007ffdec7401f0
.text C:\WINDOWS\system32\dwm.exe[960] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory 00007ffcea43705c 5 bytes JMP 00007ffdea2800d8
.text C:\WINDOWS\system32\dwm.exe[960] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory1 00007ffcea437678 5 bytes JMP 00007ffdea280110
.text C:\WINDOWS\system32\nvvsvc.exe[284] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffcee1a169a 4 bytes [1A, EE, FC, 7F]
.text C:\WINDOWS\system32\nvvsvc.exe[284] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffcee1a16a2 4 bytes [1A, EE, FC, 7F]
.text C:\WINDOWS\system32\nvvsvc.exe[284] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffcee1a181a 4 bytes [1A, EE, FC, 7F]
.text C:\WINDOWS\system32\nvvsvc.exe[284] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffcee1a1832 4 bytes [1A, EE, FC, 7F]
.text C:\WINDOWS\system32\WLANExt.exe[1384] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffcee1a169a 4 bytes [1A, EE, FC, 7F]
.text C:\WINDOWS\system32\WLANExt.exe[1384] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffcee1a16a2 4 bytes [1A, EE, FC, 7F]
.text C:\WINDOWS\system32\WLANExt.exe[1384] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffcee1a181a 4 bytes [1A, EE, FC, 7F]
.text C:\WINDOWS\system32\WLANExt.exe[1384] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffcee1a1832 4 bytes [1A, EE, FC, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1916] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffcee1a169a 4 bytes [1A, EE, FC, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1916] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffcee1a16a2 4 bytes [1A, EE, FC, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1916] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffcee1a181a 4 bytes [1A, EE, FC, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1916] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffcee1a1832 4 bytes [1A, EE, FC, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1916] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffce4a91f6a 4 bytes [A9, E4, FC, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1916] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffce4a91f82 4 bytes [A9, E4, FC, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1620] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffcee1a169a 4 bytes [1A, EE, FC, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1620] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffcee1a16a2 4 bytes [1A, EE, FC, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1620] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffcee1a181a 4 bytes [1A, EE, FC, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1620] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffcee1a1832 4 bytes [1A, EE, FC, 7F]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2312] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffcee1a169a 4 bytes [1A, EE, FC, 7F]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2312] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffcee1a16a2 4 bytes [1A, EE, FC, 7F]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2312] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffcee1a181a 4 bytes [1A, EE, FC, 7F]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2312] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffcee1a1832 4 bytes [1A, EE, FC, 7F]
.text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2336] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffcee1a169a 4 bytes [1A, EE, FC, 7F]
.text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2336] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffcee1a16a2 4 bytes [1A, EE, FC, 7F]
.text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2336] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffcee1a181a 4 bytes [1A, EE, FC, 7F]
.text C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2336] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffcee1a1832 4 bytes [1A, EE, FC, 7F]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2796] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffcee1a169a 4 bytes [1A, EE, FC, 7F]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2796] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffcee1a16a2 4 bytes [1A, EE, FC, 7F]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2796] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffcee1a181a 4 bytes [1A, EE, FC, 7F]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2796] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffcee1a1832 4 bytes [1A, EE, FC, 7F]
.text C:\Program Files\ASUS\P4G\BatteryLife.exe[3524] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffcee1a169a 4 bytes [1A, EE, FC, 7F]
.text C:\Program Files\ASUS\P4G\BatteryLife.exe[3524] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffcee1a16a2 4 bytes [1A, EE, FC, 7F]
.text C:\Program Files\ASUS\P4G\BatteryLife.exe[3524] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffcee1a181a 4 bytes [1A, EE, FC, 7F]
.text C:\Program Files\ASUS\P4G\BatteryLife.exe[3524] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffcee1a1832 4 bytes [1A, EE, FC, 7F]
.text C:\Users\***\Downloads\FRST64.exe[4524] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffce4a91f6a 4 bytes [A9, E4, FC, 7F]
.text C:\Users\***\Downloads\FRST64.exe[4524] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffce4a91f82 4 bytes [A9, E4, FC, 7F]
.text C:\Users\***\Downloads\FRST64.exe[4524] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffcee1a169a 4 bytes [1A, EE, FC, 7F]
.text C:\Users\***\Downloads\FRST64.exe[4524] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffcee1a16a2 4 bytes [1A, EE, FC, 7F]
.text C:\Users\***\Downloads\FRST64.exe[4524] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffcee1a181a 4 bytes [1A, EE, FC, 7F]
.text C:\Users\***\Downloads\FRST64.exe[4524] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffcee1a1832 4 bytes [1A, EE, FC, 7F]
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDefaultNpAcl + 772 00007ffcef31285c 8 bytes {JMP 0xffffffffffffff8c}
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlCheckTokenMembership + 11 00007ffcef312873 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlCheckTokenMembership + 79 00007ffcef3128b7 8 bytes {JMP 0xfffffffffffffff2}
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAddProcessTrustLabelAce + 312 00007ffcef3129f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlSetSaclSecurityDescriptor + 104 00007ffcef312a68 8 bytes {JMP 0xffffffffffffffe9}
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlCreateAndSetSD + 848 00007ffcef312dc0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlNewSecurityObject + 63 00007ffcef312e07 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDeleteAce + 120 00007ffcef312eb8 8 bytes {JMP 0xffffffffffffffdf}
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAllocateAndInitializeSid + 268 00007ffcef313948 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlSidDominates + 751 00007ffcef313c3f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlEqualSid + 43 00007ffcef313c73 8 bytes {JMP 0xffffffffffffffe5}
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAddAce + 339 00007ffcef313f0f 8 bytes {JMP 0xffffffffffffffdc}
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlNewSecurityObjectEx + 99 00007ffcef313f7b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlCheckTokenMembershipEx + 904 00007ffcef314748 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlCheckTokenCapability + 952 00007ffcef314b08 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlSetDaclSecurityDescriptor + 104 00007ffcef314b78 8 bytes {JMP 0xffffffffffffffe5}
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAddMandatoryAce + 356 00007ffcef314ce4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlMapGenericMask + 64 00007ffcef3174d8 8 bytes {JMP 0xffffffffffffffd0}
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlCreateSecurityDescriptor + 43 00007ffcef317617 8 bytes {JMP 0xfffffffffffffff5}
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlSidDominatesForTrust + 135 00007ffcef317fe3 8 bytes {JMP 0xffffffffffffffaa}
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlIsValidProcessTrustLabelSid + 103 00007ffcef318053 8 bytes {JMP 0xffffffffffffffe6}
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInitializeSid + 35 00007ffcef3181f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlCreateServiceSid + 292 00007ffcef318324 8 bytes {JMP 0xffffffffffffffdc}
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLengthRequiredSid + 20 00007ffcef318340 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!A_SHAFinal + 300 00007ffcef318474 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!A_SHAInit + 44 00007ffcef3184a8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDeleteBoundaryDescriptor + 23 00007ffcef31ab33 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAddSIDToBoundaryDescriptor + 8 00007ffcef31ab44 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAddSIDToBoundaryDescriptor + 392 00007ffcef31acc4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwEventWrite + 43 00007ffcef31b0cf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwEventWrite + 615 00007ffcef31b30b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!WinSqmIsSessionDisabled + 792 00007ffcef31bb14 8 bytes {JMP 0xffffffffffffffa9}
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDeleteResource + 60 00007ffcef31c314 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDestroyHeap + 330 00007ffcef31c5fa 8 bytes {JMP 0xf}
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDestroyHeap + 475 00007ffcef31c68b 8 bytes {JMP 0xffffffffffffff90}
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInitializeResource + 244 00007ffcef31c9e8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInitializeResource + 340 00007ffcef31ca48 8 bytes {JMP 0xfffffffffffffff5}
.text ... * 2
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!CsrClientConnectToServer + 412 00007ffcef31cd70 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffcef396640 8 bytes {JMP QWORD [RIP-0x775d3]}
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffcef3967c0 8 bytes {JMP QWORD [RIP-0x7733b]}
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffcef3967f0 8 bytes {JMP QWORD [RIP-0x7822a]}
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffcef396910 8 bytes {JMP QWORD [RIP-0x77d2e]}
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffcef3969c0 8 bytes {JMP QWORD [RIP-0x77f6e]}
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffcef397080 8 bytes {JMP QWORD [RIP-0x77406]}
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffcef397380 8 bytes {JMP QWORD [RIP-0x779b3]}
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffcef397c00 8 bytes {JMP QWORD [RIP-0x78372]}
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 381 0000000077a1137d 16 bytes {JMP 0xffffffffffffffd3}
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 386 0000000077a11512 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077a11551 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 0000000077a11577 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 516 0000000077a11784 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\system32\wow64cpu.dll!CpuThreadInit + 50 0000000077a117c2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077a117e7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077a11834 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 1 0000000077a11841 24 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 513 0000000077a11a41 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 16 0000000077a12ae0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\system32\wow64cpu.dll!CpuInitializeStartupContext + 308 0000000077a12c1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\***\AppData\Local\Temp\Temp1_gmer_2.1.19324.zip\gmer.exe[5528] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000077a12c43 8 bytes [7C, 68, F8, 7F, 00, 00, 00, ...]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [636:668] fffff960008b94d0
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Vielen Dank für Eure Unterstützung!!
T. |
