Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.07.2012, 09:26   #1
pe__ka
 
BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash - Standard

BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash



Hallo,

leider öffnet sich bei mir seit gestern Abend beim PC-Start eine Zahlungsaufforderung ans BKA per Ukash. Ich kann also keinen Scan starten. Kann mir jemand weiterhelfen? Welche Infos werden benötigt?
Abgesicherter Modus geht.. Weiß nicht, ob das was hilft..

Hoffe auf Hilfe!

Grüße

Alt 24.07.2012, 17:47   #2
markusg
/// Malware-holic
 
BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash - Standard

BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash



hi
starte mal in den abgesicherten modus mit netzwerk, melde dich im betroffenen konto an
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 24.07.2012, 19:20   #3
pe__ka
 
BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash - Standard

BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash



Code:
ATTFilter
OTL logfile created on: 24.07.2012 19:54:19 - Run 2
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Versuch\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1021,76 Mb Total Physical Memory | 609,26 Mb Available Physical Memory | 59,63% Memory free
2,25 Gb Paging File | 2,00 Gb Available in Paging File | 89,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290,09 Gb Total Space | 85,37 Gb Free Space | 29,43% Space Free | Partition Type: NTFS
 
Computer Name: xxxxxxxxxxxxxxx-PC | User Name: Versuch | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.05 14:24:02 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Versuch\Desktop\OTL.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.18 13:25:47 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.09 22:22:02 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 22:21:56 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.09 22:21:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.10.31 02:31:52 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Stopped] -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2010.08.04 14:44:24 | 000,266,240 | ---- | M] () [Auto | Stopped] -- C:\Programme\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2010.03.22 20:05:40 | 000,960,992 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Programme\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.10.25 12:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office 2007\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006.12.20 17:30:02 | 000,040,960 | ---- | M] (Softex Inc.) [Auto | Stopped] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Versuch\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.05.09 22:22:03 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.09 22:22:03 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.10.10 19:48:00 | 001,439,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athur.sys -- (athur)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.09.22 04:20:42 | 000,043,520 | ---- | M] (VIA Technologies, Inc.              ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6v.sys -- (FETND6V)
DRV - [2008.07.30 07:51:30 | 000,277,736 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.05.15 02:28:00 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008.01.17 17:15:11 | 000,715,248 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2007.09.29 05:13:56 | 003,154,944 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007.09.29 05:13:56 | 003,154,944 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.01.19 18:20:54 | 000,021,728 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2006.12.20 17:16:22 | 000,139,144 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2006.11.01 22:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006.07.27 18:00:38 | 000,069,810 | ---- | M] (AuthenTec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\FLMckUSB.sys -- (FLMCKUSB) AuthenTec TruePrint USB Driver (AES3400, AES3500, AES4000)
DRV - [2003.10.15 18:52:50 | 000,174,530 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ov519vid.sys -- (ovt519)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig?hl=de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDDD9B-79C5-458B-845D-42EC1411492A}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBS
IE - HKCU\..\SearchScopes\{FABFC7F3-531B-41A7-9C98-CD025E52E25E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-IDW&o=APN10023&src=kw&q={searchTerms}&locale=&apn_ptnrs=LL&apn_dtid=YYYYYYYYDE&apn_uid=5e46069d-e738-4c6d-bfe2-1e22be170fc2&apn_sauid=1D3F205B-C9D1-46D6-A960-31DFA967B1E9
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 13:25:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.31 02:20:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 13:25:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.31 02:20:03 | 000,000,000 | ---D | M]
 
[2008.07.03 22:48:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Versuch\AppData\Roaming\mozilla\Extensions
[2012.07.04 01:25:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Versuch\AppData\Roaming\mozilla\Firefox\Profiles\iqnh3kfq.default\extensions
[2011.11.20 17:00:05 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Versuch\AppData\Roaming\mozilla\Firefox\Profiles\iqnh3kfq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.30 16:24:29 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Versuch\AppData\Roaming\mozilla\Firefox\Profiles\iqnh3kfq.default\extensions\toolbar@ask.com
[2012.01.04 20:17:04 | 000,002,333 | ---- | M] () -- C:\Users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\iqnh3kfq.default\searchplugins\askcom.xml
[2012.07.23 00:55:19 | 000,001,056 | ---- | M] () -- C:\Users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\iqnh3kfq.default\searchplugins\icqplugin.xml
[2012.01.17 12:56:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2008.11.11 20:25:11 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.03.07 18:13:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
[2012.07.18 13:25:48 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008.08.11 01:19:17 | 000,023,552 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\DrvMgt.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPPDLicenseHelper.dll
[2008.08.11 01:19:18 | 000,110,592 | ---- | M] (SkillJam Technologies) -- C:\Program Files\mozilla firefox\plugins\npskilljamloader.dll
[2008.08.11 01:19:18 | 001,303,999 | ---- | M] (SkillJam Technologies, Inc.) -- C:\Program Files\mozilla firefox\plugins\npssp32.dll
[2010.01.14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.04.28 14:16:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.28 14:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.28 14:16:42 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.28 14:16:42 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.28 14:16:42 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.28 14:16:42 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.05.07 15:48:20 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATSwpNav] C:\Program Files\Fingerprint Sensor\ATSwpNav.exe (AuthenTec, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mHotkey] C:\Windows\mHotkey.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [recdisc] C:\Users\Versuch\AppData\Local\Microsoft\Windows\1898\recdisc.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Versuch\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Versuch\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 2007\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 2007\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office 2007\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A8AEE4F-2D2F-4137-AAD7-30240DBA8F10}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9882CDD-660E-44FB-B8E8-4F6BC637ED1A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office 2007\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Versuch\Documents\PATRICK\pictures__O.O\taxi_driver.jpg
O24 - Desktop BackupWallPaper: C:\Users\Versuch\Documents\PATRICK\pictures__O.O\taxi_driver.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 6.0.1
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 6.0.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: HostManager - hkey= - key= - C:\Programme\Common Files\aol\1168853550\ee\aolsoftware.exe (America Online, Inc.)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: OmniPass - hkey= - key= - C:\Programme\Softex\OmniPass\scureapp.exe ()
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.24 01:43:45 | 000,000,000 | ---D | C] -- C:\Users\Versuch\AppData\Roaming\hellomoto
[2012.07.04 19:44:52 | 000,000,000 | ---D | C] -- C:\Users\Versuch\Desktop\GRUNDSCHULMATERIAL
[2010.10.06 21:51:06 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files\Common Files\keyhelp.ocx
[30 C:\Users\Versuch\Desktop\*.tmp files -> C:\Users\Versuch\Desktop\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Versuch\*.tmp files -> C:\Users\Versuch\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.24 19:49:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.24 19:23:28 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.24 19:23:27 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.24 19:23:02 | 000,000,132 | ---- | M] () -- C:\Users\Versuch\AppData\Roaming\-1313340398
[2012.07.24 17:05:03 | 000,000,446 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E71D1D21-BEDF-41DD-9481-F025251F282C}.job
[2012.07.24 17:00:00 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator.job
[2012.07.24 17:00:00 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\Erweiterte Garantie.job
[2012.07.24 10:12:53 | 000,000,680 | ---- | M] () -- C:\Users\Versuch\AppData\Local\d3d9caps.dat
[2012.07.24 02:21:16 | 000,000,000 | ---- | M] () -- C:\Windows\System32\zubehör
[2012.07.18 15:47:33 | 000,642,482 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.18 15:47:33 | 000,607,470 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.18 15:47:33 | 000,131,828 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.18 15:47:33 | 000,108,742 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.17 23:13:03 | 000,060,750 | ---- | M] () -- C:\Users\Versuch\Desktop\tumblr_m7bjmrizhp1qd0ln0o1_500.jpg
[30 C:\Users\Versuch\Desktop\*.tmp files -> C:\Users\Versuch\Desktop\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Versuch\*.tmp files -> C:\Users\Versuch\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.24 19:23:02 | 000,000,132 | ---- | C] () -- C:\Users\Versuch\AppData\Roaming\-1313340398
[2012.07.24 10:12:53 | 000,000,680 | ---- | C] () -- C:\Users\Versuch\AppData\Local\d3d9caps.dat
[2012.07.24 02:21:16 | 000,000,000 | ---- | C] () -- C:\Windows\System32\zubehör
[2012.07.17 23:14:27 | 000,060,750 | ---- | C] () -- C:\Users\Versuch\Desktop\tumblr_m7bjmrizhp1qd0ln0o1_500.jpg
[2012.05.07 15:29:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.05.07 15:29:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.05.07 15:29:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.05.07 15:29:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.05.07 15:29:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.08.16 13:38:40 | 000,000,926 | ---- | C] () -- C:\ProgramData\WavePad Sound Editor.lnk
[2011.08.16 13:38:13 | 000,000,930 | ---- | C] () -- C:\ProgramData\Switch Sound File Converter.lnk
[2010.12.19 19:46:11 | 000,001,194 | ---- | C] () -- C:\ProgramData\Free YouTube to DVD Converter.lnk
 
========== LOP Check ==========
 
[2009.11.04 21:51:14 | 000,000,000 | ---D | M] -- C:\Users\Versuch\AppData\Roaming\Academic Software Zurich
[2009.01.15 19:01:51 | 000,000,000 | ---D | M] -- C:\Users\Versuch\AppData\Roaming\ASCON Installer
[2008.01.17 17:29:03 | 000,000,000 | ---D | M] -- C:\Users\Versuch\AppData\Roaming\DAEMON Tools
[2009.08.21 12:08:12 | 000,000,000 | ---D | M] -- C:\Users\Versuch\AppData\Roaming\DeepBurner
[2012.02.12 20:51:29 | 000,000,000 | ---D | M] -- C:\Users\Versuch\AppData\Roaming\DVDVideoSoft
[2011.11.20 16:59:57 | 000,000,000 | ---D | M] -- C:\Users\Versuch\AppData\Roaming\DVDVideoSoftIEHelpers
[2007.10.22 12:39:19 | 000,000,000 | ---D | M] -- C:\Users\Versuch\AppData\Roaming\eMule
[2012.04.27 10:59:06 | 000,000,000 | ---D | M] -- C:\Users\Versuch\AppData\Roaming\Emwema
[2009.11.08 16:57:48 | 000,000,000 | ---D | M] -- C:\Users\Versuch\AppData\Roaming\FreeVideoConverter
[2007.11.30 19:09:26 | 000,000,000 | ---D | M] -- C:\Users\Versuch\AppData\Roaming\GetRightToGo
[2009.07.07 15:28:29 | 000,000,000 | ---D | M] -- C:\Users\Versuch\AppData\Roaming\gtk-2.0
[2012.07.24 01:43:53 | 000,000,000 | ---D | M] -- C:\Users\Versuch\AppData\Roaming\hellomoto
[2011.04.07 20:40:19 | 000,000,000 | ---D | M] -- C:\Users\Versuch\AppData\Roaming\ICQ
[2007.04.04 23:36:23 | 000,000,000 | ---D | M] -- C:\Users\Versuch\AppData\Roaming\ICQLite
[2012.07.05 19:30:01 | 000,000,000 | ---D | M] -- C:\Users\Versuch\AppData\Roaming\Image Zone Express
[2011.10.31 02:56:23 | 000,000,000 | ---D | M] -- C:\Users\Versuch\AppData\Roaming\My Games
[2011.06.07 14:48:41 | 000,000,000 | ---D | M] -- C:\Users\Versuch\AppData\Roaming\NCH Swift Sound
[2008.01.01 23:36:45 | 000,000,000 | ---D | M] -- C:\Users\Versuch\AppData\Roaming\OpenArena
[2009.03.29 23:32:07 | 000,000,000 | ---D | M] -- C:\Users\Versuch\AppData\Roaming\OpenOffice.org
[2008.08.05 00:30:12 | 000,000,000 | ---D | M] -- C:\Users\Versuch\AppData\Roaming\Opera
[2007.04.30 16:05:15 | 000,000,000 | ---D | M] -- C:\Users\Versuch\AppData\Roaming\Packard Bell
[2007.04.26 14:14:05 | 000,000,000 | ---D | M] -- C:\Users\Versuch\AppData\Roaming\Printer Info Cache
[2007.02.25 16:01:29 | 000,000,000 | ---D | M] -- C:\Users\Versuch\AppData\Roaming\Template
[2009.06.16 23:14:34 | 000,000,000 | ---D | M] -- C:\Users\Versuch\AppData\Roaming\TheLastRipper
[2012.02.07 22:05:06 | 000,000,000 | ---D | M] -- C:\Users\Versuch\AppData\Roaming\TuneUp Software
[2007.11.27 17:57:10 | 000,000,000 | ---D | M] -- C:\Users\Versuch\AppData\Roaming\Uniblue
[2010.07.14 00:55:13 | 000,000,000 | ---D | M] -- C:\Users\Versuch\AppData\Roaming\VistaCodecs
[2007.08.21 23:52:13 | 000,000,000 | ---D | M] -- C:\Users\Versuch\AppData\Roaming\Zylom
[2012.04.27 12:34:24 | 000,000,000 | ---D | M] -- C:\Users\Versuch\AppData\Roaming\Zyyly
[2012.07.24 17:00:00 | 000,000,368 | ---- | M] () -- C:\Windows\Tasks\Erweiterte Garantie.job
[2012.07.24 17:00:00 | 000,000,368 | ---- | M] () -- C:\Windows\Tasks\Recovery DVD Creator.job
[2012.07.24 19:24:15 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.24 17:05:03 | 000,000,446 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E71D1D21-BEDF-41DD-9481-F025251F282C}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.05.07 15:57:11 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2007.03.05 21:20:55 | 000,000,000 | ---D | M] -- C:\ATI
[2009.09.16 19:17:48 | 000,000,000 | ---D | M] -- C:\boot
[2010.01.18 18:37:45 | 000,000,000 | ---D | M] -- C:\cofi
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2007.02.13 21:08:28 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2007.01.15 20:02:33 | 000,000,000 | ---D | M] -- C:\drivers
[2009.03.25 10:16:00 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft
[2008.08.06 15:19:53 | 000,000,000 | ---D | M] -- C:\Games
[2008.04.29 10:08:28 | 000,000,000 | ---D | M] -- C:\MAGIX
[2009.07.01 18:46:51 | 000,000,000 | R--D | M] -- C:\MSOCache
[2008.05.28 11:10:26 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.06.02 18:55:20 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.05.04 21:35:21 | 000,000,000 | ---D | M] -- C:\ProgramData
[2007.02.13 21:08:28 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.05.07 15:57:02 | 000,000,000 | ---D | M] -- C:\Qoobox
[2010.01.15 19:51:22 | 000,000,000 | ---D | M] -- C:\rsit
[2012.07.23 19:18:25 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.04.12 21:38:35 | 000,000,000 | ---D | M] -- C:\Temp
[2007.02.23 01:56:26 | 000,000,000 | R--D | M] -- C:\Users
[2012.07.24 02:09:23 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
[2003.04.27 22:02:28 | 000,647,168 | ---- | M] () -- C:\Program Files\tetris.exe
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2006.12.29 01:51:56 | 000,110,592 | ---- | M] (ATI Technologies Inc.) MD5=67740F91B47434CC6173A35667A4BA66 -- C:\ATI\SUPPORT\7-10_vista32_dd_ccc_wdm_enu_53254\Driver\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.14 04:05:57 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.14 04:05:57 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.14 04:05:56 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.11.15 14:37:45 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.11.15 14:37:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.04.04 12:52:19 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2007.04.04 12:52:19 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2009.07.07 15:27:52 | 000,001,525 | ---- | M] () -- C:\Users\Versuch\.recently-used.xbel
[2012.05.04 10:56:36 | 000,000,020 | ---- | M] () -- C:\Users\Versuch\defogger_reenable
[2012.07.24 20:03:48 | 007,340,032 | -HS- | M] () -- C:\Users\Versuch\ntuser.dat
[2012.07.24 20:03:48 | 000,262,144 | -H-- | M] () -- C:\Users\Versuch\ntuser.dat.LOG1
[2007.02.23 00:11:58 | 000,000,000 | -H-- | M] () -- C:\Users\Versuch\ntuser.dat.LOG2
[2012.07.24 19:48:14 | 000,065,536 | -HS- | M] () -- C:\Users\Versuch\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.14 13:59:44 | 000,524,288 | -HS- | M] () -- C:\Users\Versuch\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2012.07.24 19:48:14 | 000,524,288 | -HS- | M] () -- C:\Users\Versuch\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2007.02.23 00:11:59 | 000,000,020 | -HS- | M] () -- C:\Users\Versuch\ntuser.ini
[1 C:\Users\Versuch\*.tmp files -> C:\Users\Versuch\*.tmp -> ]
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
         
Das kam bei raus.. Einen extra.txt gab es nicht..
Danke!!
__________________

Alt 25.07.2012, 16:48   #4
markusg
/// Malware-holic
 
BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash - Standard

BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash



dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [recdisc] C:\Users\Versuch\AppData\Local\Microsoft\Windows\1898\recdisc.exe ()
 :Files
C:\Users\Versuch\AppData\Local\Microsoft\Windows\1898
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 26.07.2012, 14:07   #5
pe__ka
 
BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash - Standard

BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash



Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\recdisc deleted successfully.
C:\Users\Versuch\AppData\Local\Microsoft\Windows\1898\recdisc.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: Versuch
->Flash cache emptied: 26106 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Versuch
->Temp folder emptied: 3536997 bytes
->Temporary Internet Files folder emptied: 259393394 bytes
->Java cache emptied: 5042043 bytes
->FireFox cache emptied: 1123175172 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 112716 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 93765765 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3064374 bytes
RecycleBin emptied: 27357725 bytes
 
Total Files Cleaned = 1.445,00 mb
 
 
OTL by OldTimer - Version 3.2.42.2 log created on 07262012_144019

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         
was meinst du mit dem roten hinweis ??

ich hab die datei zippen wollen sowie rar.. hat aber immer wieder abgebrochen mit dem hinweis, die datei sei nicht gefunden worden.. irgendwie wurde aber trotzdem was erstellt. das habe ich hochgeladen..

ach du meintest wohl die schritte, die darunter stehen.. (edit)..
danke dir!


Alt 26.07.2012, 15:20   #6
markusg
/// Malware-holic
 
BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash - Standard

BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash



hi
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash

Alt 26.07.2012, 16:44   #7
pe__ka
 
BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash - Standard

BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash



Code:
ATTFilter
ComboFix 12-07-27.02 - Versuch 26.07.2012  17:09:22.6.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.1022.422 [GMT 2:00]
ausgeführt von:: c:\users\Versuch\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-26 bis 2012-07-26  ))))))))))))))))))))))))))))))
.
.
2012-07-26 15:23 . 2012-07-26 15:24	--------	d-----w-	c:\users\Versuch\AppData\Local\temp
2012-07-26 15:23 . 2012-07-26 15:23	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-07-26 15:23 . 2012-07-26 15:23	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-26 12:40 . 2012-07-26 13:02	--------	d-----w-	C:\_OTL
2012-07-23 23:43 . 2012-07-23 23:43	--------	d-----w-	c:\users\Versuch\AppData\Roaming\hellomoto
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 22:19 . 2012-06-24 17:43	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-24 17:43	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-24 17:43	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-24 17:43	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-24 17:43	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-24 17:43	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-24 17:43	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-24 17:42	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-24 17:42	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-05-09 20:22 . 2012-05-04 19:35	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-09 20:22 . 2012-05-04 19:35	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-08 16:40 . 2012-05-18 14:00	6737808	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{06DF0626-1726-4969-9C82-93F7C1ED24A9}\mpengine.dll
2003-04-27 20:02 . 2007-04-13 21:49	647168	----a-w-	c:\program files\tetris.exe
2003-03-21 11:45 . 2010-10-06 19:51	250544	----a-w-	c:\program files\Common Files\keyhelp.ocx
2008-08-10 23:19 . 2008-08-10 23:19	23552	----a-w-	c:\program files\mozilla firefox\plugins\DrvMgt.dll
2012-07-18 11:25 . 2012-04-28 12:16	136672	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-05-07_13.48.43   )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-24 17:43 . 2012-06-02 22:19	45080              c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_79d6786e99338140\wups2.dll
+ 2012-06-24 17:43 . 2012-06-02 22:19	53784              c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_79d6786e99338140\wuauclt.exe
+ 2012-06-24 17:42 . 2012-06-02 13:12	33792              c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.6.7600.256_none_09f272fb52ab0c3f\wuapp.exe
+ 2012-06-24 17:43 . 2012-06-02 22:19	35864              c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.6.7600.256_none_5fe7b2baacf3da43\wups.dll
+ 2012-06-24 17:43 . 2012-06-02 22:12	88576              c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.6.7600.256_none_5fe7b2baacf3da43\wudriver.dll
+ 2012-05-11 09:05 . 2012-02-01 14:48	47104              c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.0.6002.22789_none_19d42b54bb14d4c9\NBMapTIP.dll
+ 2009-09-14 01:03 . 2009-04-11 06:28	47104              c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.0.6002.18579_none_19555c8fa1ef1be7\NBMapTIP.dll
+ 2012-05-11 09:05 . 2012-02-01 14:47	22528              c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.0.6002.22789_none_4fbadd1495216d8a\jnwppr.dll
+ 2012-05-11 09:05 . 2012-02-01 14:47	19968              c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.0.6002.22789_none_4fbadd1495216d8a\jnwmon.dll
+ 2012-05-11 09:05 . 2012-02-01 14:47	83968              c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.0.6002.22789_none_4fbadd1495216d8a\jnwdui.dll
+ 2006-11-02 12:35 . 2006-11-02 12:35	22528              c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.0.6002.18579_none_4f3c0e4f7bfbb4a8\jnwppr.dll
+ 2006-11-02 12:35 . 2006-11-02 12:35	19968              c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.0.6002.18579_none_4f3c0e4f7bfbb4a8\jnwmon.dll
+ 2008-05-28 00:50 . 2008-01-19 07:34	83968              c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.0.6002.18579_none_4f3c0e4f7bfbb4a8\jnwdui.dll
+ 2012-05-11 09:05 . 2012-02-01 13:43	47104              c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.0.6002.22789_none_4487926d63821c10\PDIALOG.exe
+ 2012-05-11 09:05 . 2012-02-01 14:47	22528              c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.0.6002.22789_none_4487926d63821c10\jnwppr.dll
+ 2012-05-11 09:05 . 2012-02-01 14:47	19968              c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.0.6002.22789_none_4487926d63821c10\jnwmon.dll
+ 2012-05-11 09:05 . 2012-02-01 14:47	83968              c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.0.6002.22789_none_4487926d63821c10\jnwdui.dll
+ 2012-05-11 09:05 . 2012-02-01 13:58	47104              c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.0.6002.18579_none_4408c3a84a5c632e\PDIALOG.exe
+ 2006-11-02 12:35 . 2006-11-02 12:35	22528              c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.0.6002.18579_none_4408c3a84a5c632e\jnwppr.dll
+ 2006-11-02 12:35 . 2006-11-02 12:35	19968              c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.0.6002.18579_none_4408c3a84a5c632e\jnwmon.dll
+ 2008-05-28 00:50 . 2008-01-19 07:34	83968              c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.0.6002.18579_none_4408c3a84a5c632e\jnwdui.dll
+ 2012-05-11 09:07 . 2012-03-20 23:28	52608              c:\windows\winsxs\x86_microsoft-windows-partitionmanager_31bf3856ad364e35_6.0.6002.22821_none_e3f795acd0c2ba40\partmgr.sys
+ 2012-05-11 09:07 . 2012-03-20 23:28	53120              c:\windows\winsxs\x86_microsoft-windows-partitionmanager_31bf3856ad364e35_6.0.6002.18600_none_e3829689b795cc16\partmgr.sys
+ 2012-01-31 12:18 . 2011-11-16 16:23	72704              c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18643_none_a808ceee5a0f2f82\secur32.dll
+ 2012-05-11 09:07 . 2012-03-29 13:39	31232              c:\windows\winsxs\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22828_none_887fba2e1bb9d59a\tcpipreg.sys
+ 2009-09-14 01:03 . 2009-03-30 04:42	24576              c:\windows\winsxs\msil_system.drawing.resources_b03f5f7f11d50a3a_6.0.6002.22840_de-de_a5572dc832c724c4\System.Drawing.Resources.dll
+ 2009-09-14 01:03 . 2009-03-30 04:42	24576              c:\windows\winsxs\msil_system.drawing.resources_b03f5f7f11d50a3a_6.0.6002.18618_de-de_bc211d8e19234570\System.Drawing.Resources.dll
+ 2007-02-23 18:09 . 2012-07-26 12:47	66336              c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-02-22 23:51 . 2012-07-26 12:47	11602              c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2978858628-215539607-716368754-1003_UserData.bin
+ 2012-05-11 09:07 . 2012-03-20 23:28	53120              c:\windows\System32\drivers\partmgr.sys
+ 2007-02-13 19:09 . 2012-07-26 12:49	16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-02-13 19:09 . 2012-05-07 12:29	16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-02-13 19:09 . 2012-07-26 12:49	49152              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-02-13 19:09 . 2012-05-07 12:29	49152              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-02-13 19:09 . 2012-07-26 12:49	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-02-13 19:09 . 2012-05-07 12:29	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-02-22 22:09 . 2012-07-23 23:55	49120              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
- 2009-07-01 16:43 . 2010-11-20 12:48	90112              c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2009-07-01 16:43 . 2012-05-20 13:03	90112              c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2009-07-01 16:43 . 2010-11-20 12:48	45056              c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2009-07-01 16:43 . 2012-05-20 13:03	45056              c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2009-07-01 16:43 . 2012-05-20 13:03	22528              c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2009-07-01 16:43 . 2010-11-20 12:48	22528              c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2009-07-01 16:43 . 2010-11-20 12:48	30720              c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2009-07-01 16:43 . 2012-05-20 13:03	30720              c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2009-07-01 16:43 . 2012-05-20 13:03	16384              c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2009-07-01 16:43 . 2010-11-20 12:48	16384              c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2009-07-01 16:43 . 2010-11-20 12:48	34304              c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2009-07-01 16:43 . 2012-05-20 13:03	34304              c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2009-07-01 16:43 . 2010-11-20 12:48	81920              c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2009-07-01 16:43 . 2012-05-20 13:03	81920              c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2009-12-01 15:37 . 2012-05-18 14:07	35088              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-12-01 15:37 . 2012-04-16 16:40	35088              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-12-01 15:37 . 2012-05-18 14:07	18704              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-12-01 15:37 . 2012-04-16 16:40	18704              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-12-01 15:37 . 2012-05-18 14:07	20240              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-12-01 15:37 . 2012-04-16 16:40	20240              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-11-12 19:07 . 2012-05-18 13:48	49152              c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-11-12 19:07 . 2012-02-21 16:45	49152              c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2012-05-18 17:34 . 2012-05-18 17:34	24064              c:\windows\assembly\NativeImages_v2.0.50727_32\WiaProxy32\9cb310353abcdcc24a64f4db2501aa02\WiaProxy32.ni.exe
+ 2012-05-18 13:52 . 2012-05-18 13:52	60928              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\d79fbb634edd91438e69d7a016befee6\UIAutomationProvider.ni.dll
+ 2012-05-18 17:36 . 2012-05-18 17:36	60928              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5fd0071c259b92078ced7cd752a14730\UIAutomationProvider.ni.dll
+ 2012-05-18 18:00 . 2012-05-18 18:00	37888              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\ca40e5899faf8370b08b746d19e59374\System.Windows.Presentation.ni.dll
+ 2012-05-18 13:52 . 2012-05-18 13:52	37888              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\720949a235ebad340634bc4e8bd760ca\System.Windows.Presentation.ni.dll
+ 2012-05-18 18:00 . 2012-05-18 18:00	36864              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\71b54071bbbc06635f5edf3cd179b499\System.Web.DynamicData.Design.ni.dll
+ 2012-05-18 17:37 . 2012-05-18 17:37	94208              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\8346ba5de36fcea2fe0397e8126f1e7d\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-05-18 17:37 . 2012-05-18 17:37	82944              c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\5739f9bcab6a880ce911252751579918\System.AddIn.Contract.ni.dll
+ 2012-05-18 17:35 . 2012-05-18 17:35	44032              c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\c0a4c84b83fcc10c3ea3ed9b3f20046c\stdole.ni.dll
+ 2012-05-18 17:37 . 2012-05-18 17:37	47104              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\b57a0cd0fae107256365e988c9fe3395\PresentationFontCache.ni.exe
+ 2012-05-18 13:52 . 2012-05-18 13:52	47104              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\9719449612dcf182a5b1ebe4745d6c59\PresentationFontCache.ni.exe
+ 2012-05-18 17:36 . 2012-05-18 17:36	39424              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\6e1aa62b07ad7a0f21448099927d3de2\PresentationCFFRasterizer.ni.dll
+ 2012-05-18 13:52 . 2012-05-18 13:52	39424              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\67c8a79bcc2200a5fcd81720c8a16c66\PresentationCFFRasterizer.ni.dll
+ 2012-05-18 17:33 . 2012-05-18 17:33	25600              c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.StylusR#\b088b9b0c4240c3acbebf6ed66031e68\PaintDotNet.StylusReader.ni.dll
+ 2012-05-18 17:37 . 2012-05-18 17:37	79872              c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\f35ea215449a9b2f3d1c281a83bf8db6\napcrypt.ni.dll
+ 2012-05-18 17:37 . 2012-05-18 17:37	17920              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\e48756c89aad809db34274b048f8630a\Microsoft.WSMan.Runtime.ni.dll
+ 2012-05-18 17:36 . 2012-05-18 17:36	55296              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\fb2cc92e2aa127fefa1672c78a5c6aaa\Microsoft.Vsa.ni.dll
+ 2012-05-18 17:33 . 2012-05-18 17:33	15872              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\be3c3ca8bfb03375bc89f799349b03f3\Microsoft.VisualC.ni.dll
+ 2012-05-18 17:34 . 2012-05-18 17:34	74752              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\cf2240ba58c2d94b41a74344dc5f64a0\Microsoft.Build.Framework.ni.dll
+ 2012-05-18 17:36 . 2012-05-18 17:36	65024              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\5c46d310587bd60cdc5a1e6a3bcdef27\Microsoft.Build.Framework.ni.dll
+ 2012-05-18 17:35 . 2012-05-18 17:35	68608              c:\windows\assembly\NativeImages_v2.0.50727_32\loadmxf\3713e414a1dade2bdd0ac8d8b6b621f6\loadmxf.ni.exe
+ 2012-05-18 17:33 . 2012-05-18 17:33	94208              c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.WIA\3de41f22b0c4cdc1e8f07ac5af4be42c\Interop.WIA.ni.dll
+ 2012-05-18 17:35 . 2012-05-18 17:35	57856              c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\255a7647cad0ec58c01053d7bdddd928\ehiUserXp.ni.dll
+ 2012-05-18 17:35 . 2012-05-18 17:35	55296              c:\windows\assembly\NativeImages_v2.0.50727_32\ehiReplay\a3f7c7da452ed56ff97ddc37f1b3f60e\ehiReplay.ni.dll
+ 2012-05-18 17:35 . 2012-05-18 17:35	23552              c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtCOM\bc07bf1aeb176548dde8971360cfa5a9\ehiExtCOM.ni.dll
+ 2012-05-18 17:35 . 2012-05-18 17:35	39424              c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtCOM\8122af1ab8c449705ced9e8844f002bd\ehExtCOM.ni.dll
+ 2012-05-18 17:35 . 2012-05-18 17:35	14336              c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\005dde0bf145dbbd30b5e832feb956e9\dfsvc.ni.exe
+ 2012-05-18 17:34 . 2012-05-18 17:34	81408              c:\windows\assembly\NativeImages_v2.0.50727_32\DdsFileType\bd1e1a7a92fd4f61b7c6a90b6c0748c9\DdsFileType.ni.dll
+ 2012-05-18 17:33 . 2012-05-18 17:33	25600              c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll
+ 2006-11-02 08:26 . 2006-11-02 09:41	2048              c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6002.18644_none_8a2d40b894197fc2\msxml6r.dll
+ 2006-11-02 08:26 . 2006-11-02 09:41	2048              c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.18644_none_8a2d8510941932df\msxml3r.dll
+ 2012-01-31 12:18 . 2011-11-16 14:12	9728              c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18643_none_a808ceee5a0f2f82\lsass.exe
- 2012-05-07 12:24 . 2012-05-07 12:24	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-26 12:43 . 2012-07-26 12:43	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-07 12:24 . 2012-05-07 12:24	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-26 12:43 . 2012-07-26 12:43	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-01 16:43 . 2012-05-20 13:03	3584              c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2009-07-01 16:43 . 2010-11-20 12:48	3584              c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2009-07-01 16:43 . 2010-11-20 12:48	8192              c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2009-07-01 16:43 . 2012-05-20 13:03	8192              c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2009-07-01 16:43 . 2010-11-20 12:48	2560              c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2009-07-01 16:43 . 2012-05-20 13:03	2560              c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2012-05-11 09:05 . 2012-01-03 10:54	299792              c:\windows\winsxs\x86_wpf-xpsviewerexe_31bf3856ad364e35_6.0.6002.22771_none_cb58dd201f0af867\XPSViewer.exe
+ 2012-05-11 09:05 . 2012-01-03 10:57	299280              c:\windows\winsxs\x86_wpf-xpsviewerexe_31bf3856ad364e35_6.0.6002.18565_none_cade0f8305e1a4e1\XPSViewer.exe
+ 2012-05-11 09:05 . 2012-02-13 11:00	532480              c:\windows\winsxs\x86_wpf-reachframework_31bf3856ad364e35_6.0.6002.22797_none_023ffdb33f40088b\ReachFramework.dll
+ 2012-05-11 09:05 . 2012-02-13 11:02	532480              c:\windows\winsxs\x86_wpf-reachframework_31bf3856ad364e35_6.0.6002.18582_none_01bc2d7c261ed0f6\ReachFramework.dll
+ 2012-05-11 09:05 . 2012-02-13 11:00	131360              c:\windows\winsxs\x86_wpf-presentationhostdll_31bf3856ad364e35_6.0.6002.22797_none_72213fbc3685c3ee\PresentationHostDLL.dll
+ 2012-05-11 09:05 . 2012-01-03 10:54	131360              c:\windows\winsxs\x86_wpf-presentationhostdll_31bf3856ad364e35_6.0.6002.22771_none_7230ddd8367af402\PresentationHostDLL.dll
+ 2012-05-11 09:05 . 2012-02-13 11:02	130848              c:\windows\winsxs\x86_wpf-presentationhostdll_31bf3856ad364e35_6.0.6002.18582_none_719d6f851d648c59\PresentationHostDLL.dll
+ 2012-05-11 09:05 . 2012-01-03 10:57	130848              c:\windows\winsxs\x86_wpf-presentationhostdll_31bf3856ad364e35_6.0.6002.18565_none_71b6103b1d51a07c\PresentationHostDLL.dll
+ 2012-05-11 09:05 . 2012-02-13 11:00	368640              c:\windows\winsxs\x86_system.printing_31bf3856ad364e35_6.0.6002.22797_none_755635408ca2d5ce\System.Printing.dll
+ 2012-05-11 09:05 . 2012-02-13 11:02	368640              c:\windows\winsxs\x86_system.printing_31bf3856ad364e35_6.0.6002.18582_none_74d2650973819e39\System.Printing.dll
+ 2012-05-11 09:07 . 2012-01-03 10:57	389888              c:\windows\winsxs\x86_netfx-sos_dll_b03f5f7f11d50a3a_6.0.6002.22770_none_fd05108e14caec14\SOS.dll
+ 2012-05-11 09:07 . 2012-01-03 10:58	389888              c:\windows\winsxs\x86_netfx-sos_dll_b03f5f7f11d50a3a_6.0.6002.18564_none_13d15c07fb24d8ea\SOS.dll
+ 2012-05-11 09:07 . 2012-01-03 10:55	364816              c:\windows\winsxs\x86_netfx-mscorjit_dll_b03f5f7f11d50a3a_6.0.6002.22770_none_a871fb614b219c32\mscorjit.dll
+ 2012-05-11 09:07 . 2012-01-03 10:57	364816              c:\windows\winsxs\x86_netfx-mscorjit_dll_b03f5f7f11d50a3a_6.0.6002.18564_none_bf3e46db317b8908\mscorjit.dll
+ 2012-05-11 09:07 . 2012-01-03 10:55	990480              c:\windows\winsxs\x86_netfx-mscordacwks_b03f5f7f11d50a3a_6.0.6002.22770_none_1436c8cd20d60fff\mscordacwks.dll
+ 2012-05-11 09:07 . 2012-01-03 10:57	989968              c:\windows\winsxs\x86_netfx-mscordacwks_b03f5f7f11d50a3a_6.0.6002.18564_none_2b031447072ffcd5\mscordacwks.dll
+ 2012-06-24 17:42 . 2012-06-02 13:19	171904              c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.6.7600.256_none_09f272fb52ab0c3f\wuwebv.dll
+ 2012-06-24 17:43 . 2012-06-02 22:19	577048              c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.6.7600.256_none_5fe7b2baacf3da43\wuapi.dll
+ 2012-05-11 09:07 . 2012-03-30 12:39	914304              c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22828_none_b58096797cb31c04\tcpip.sys
+ 2012-05-11 09:07 . 2012-03-30 12:39	905600              c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18604_none_b50896786388e1d5\tcpip.sys
+ 2012-05-11 09:05 . 2012-02-01 14:48	484352              c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.0.6002.22789_none_19d42b54bb14d4c9\MSPVWCTL.DLL
+ 2012-05-11 09:05 . 2012-02-01 14:47	983040              c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.0.6002.22789_none_19d42b54bb14d4c9\JNTFiltr.dll
+ 2012-05-11 09:05 . 2012-02-01 14:47	672768              c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.0.6002.22789_none_19d42b54bb14d4c9\InkSeg.dll
+ 2008-05-28 00:51 . 2008-01-19 07:35	484352              c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.0.6002.18579_none_19555c8fa1ef1be7\MSPVWCTL.DLL
+ 2012-05-11 09:05 . 2012-02-01 15:10	983040              c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.0.6002.18579_none_19555c8fa1ef1be7\JNTFiltr.dll
+ 2008-05-28 00:51 . 2008-01-19 07:34	672768              c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.0.6002.18579_none_19555c8fa1ef1be7\InkSeg.dll
+ 2012-05-11 09:05 . 2012-02-01 14:48	153600              c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.0.6002.22789_none_ccb32adc4d8c00b7\rtscom.dll
+ 2012-05-11 09:05 . 2012-02-01 14:47	936960              c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.0.6002.22789_none_ccb32adc4d8c00b7\journal.dll
+ 2012-05-11 09:05 . 2012-02-01 14:47	217600              c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.0.6002.22789_none_ccb32adc4d8c00b7\InkEd.dll
+ 2012-05-11 09:05 . 2012-02-01 14:47	276992              c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.0.6002.22789_none_ccb32adc4d8c00b7\InkDiv.dll
+ 2009-09-14 01:03 . 2009-04-11 06:28	153600              c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.0.6002.18579_none_cc345c17346647d5\rtscom.dll
+ 2012-05-11 09:05 . 2012-02-01 15:10	936960              c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.0.6002.18579_none_cc345c17346647d5\journal.dll
+ 2009-09-14 01:04 . 2009-04-11 06:28	217600              c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.0.6002.18579_none_cc345c17346647d5\InkEd.dll
+ 2008-05-28 00:51 . 2008-01-19 07:34	276992              c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.0.6002.18579_none_cc345c17346647d5\InkDiv.dll
+ 2012-05-11 09:05 . 2012-02-01 14:47	964608              c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.0.6002.22789_none_4fbadd1495216d8a\JNWDRV.dll
+ 2012-05-11 09:05 . 2012-02-01 15:10	964608              c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.0.6002.18579_none_4f3c0e4f7bfbb4a8\JNWDRV.dll
+ 2012-05-11 09:05 . 2012-02-01 14:47	964608              c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.0.6002.22789_none_4487926d63821c10\JNWDRV.dll
+ 2012-05-11 09:05 . 2012-02-01 15:10	964608              c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.0.6002.18579_none_4408c3a84a5c632e\JNWDRV.dll
+ 2012-05-11 09:05 . 2012-03-01 14:46	219648              c:\windows\winsxs\x86_microsoft-windows-directx-direct3d10.1_31bf3856ad364e35_7.0.6002.22807_none_44111d604ab6499e\d3d10_1core.dll
+ 2012-05-11 09:05 . 2012-03-01 14:46	160768              c:\windows\winsxs\x86_microsoft-windows-directx-direct3d10.1_31bf3856ad364e35_7.0.6002.22807_none_44111d604ab6499e\d3d10_1.dll
+ 2012-05-11 09:05 . 2012-02-29 15:09	219648              c:\windows\winsxs\x86_microsoft-windows-directx-direct3d10.1_31bf3856ad364e35_7.0.6002.18592_none_43212c0b31e62c4c\d3d10_1core.dll
+ 2012-05-11 09:05 . 2012-02-29 15:09	160768              c:\windows\winsxs\x86_microsoft-windows-directx-direct3d10.1_31bf3856ad364e35_7.0.6002.18592_none_43212c0b31e62c4c\d3d10_1.dll
+ 2012-05-11 09:05 . 2012-03-01 13:31	683008              c:\windows\winsxs\x86_microsoft-windows-d2d_31bf3856ad364e35_7.0.6002.22807_none_9b8486befd152bd6\d2d1.dll
+ 2012-05-11 09:05 . 2012-02-29 13:44	683008              c:\windows\winsxs\x86_microsoft-windows-d2d_31bf3856ad364e35_7.0.6002.18592_none_9a949569e4450e84\d2d1.dll
+ 2009-09-14 01:03 . 2009-03-30 04:42	434176              c:\windows\winsxs\msil_system.windows.forms.resources_b77a5c561934e089_6.0.6002.22823_de-de_9f2630f2eea844db\System.Windows.Forms.Resources.dll
+ 2009-09-14 01:03 . 2009-03-30 04:42	434176              c:\windows\winsxs\msil_system.windows.forms.resources_b77a5c561934e089_6.0.6002.22770_de-de_9f2b76e0eea3765a\System.Windows.Forms.Resources.dll
+ 2009-09-14 01:03 . 2009-03-30 04:42	434176              c:\windows\winsxs\msil_system.windows.forms.resources_b77a5c561934e089_6.0.6002.18601_de-de_b5f204d2d5027e94\System.Windows.Forms.Resources.dll
+ 2009-09-14 01:03 . 2009-03-30 04:42	434176              c:\windows\winsxs\msil_system.windows.forms.resources_b77a5c561934e089_6.0.6002.18564_de-de_b5f7c25ad4fd6330\System.Windows.Forms.Resources.dll
+ 2009-09-14 01:03 . 2009-03-30 04:42	212992              c:\windows\winsxs\msil_system.resources_b77a5c561934e089_6.0.6002.22770_de-de_4f34d409d6329154\system.resources.dll
+ 2009-09-14 01:03 . 2009-03-30 04:42	212992              c:\windows\winsxs\msil_system.resources_b77a5c561934e089_6.0.6002.18564_de-de_66011f83bc8c7e2a\system.resources.dll
+ 2009-09-14 01:03 . 2009-03-30 04:42	544768              c:\windows\winsxs\msil_system.design.resources_b03f5f7f11d50a3a_6.0.6002.22823_de-de_fd972f61fa4c39d7\System.Design.Resources.dll
+ 2009-09-14 01:03 . 2009-03-30 04:42	544768              c:\windows\winsxs\msil_system.design.resources_b03f5f7f11d50a3a_6.0.6002.18601_de-de_14630341e0a67390\System.Design.Resources.dll
+ 2012-05-11 09:05 . 2012-02-13 11:00	532480              c:\windows\winsxs\msil_reachframework_31bf3856ad364e35_6.0.6002.22797_none_43c52a271807407a\ReachFramework.dll
+ 2012-05-11 09:05 . 2012-02-13 11:02	532480              c:\windows\winsxs\msil_reachframework_31bf3856ad364e35_6.0.6002.18582_none_434159effee608e5\ReachFramework.dll
+ 2009-09-14 01:03 . 2009-03-30 04:42	315392              c:\windows\winsxs\msil_mscorlib.resources_b77a5c561934e089_6.0.6002.22770_de-de_4e617901b4c0e6ec\mscorlib.resources.dll
+ 2009-09-14 01:03 . 2009-03-30 04:42	315392              c:\windows\winsxs\msil_mscorlib.resources_b77a5c561934e089_6.0.6002.18564_de-de_652dc47b9b1ad3c2\mscorlib.resources.dll
+ 2012-05-11 09:05 . 2012-01-03 10:57	299280              c:\windows\System32\XPSViewer\XPSViewer.exe
+ 2007-02-15 20:28 . 2012-07-17 17:51	830008              c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2006-11-02 13:05 . 2012-07-26 12:47	120004              c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2012-05-11 09:05 . 2012-02-01 15:10	964608              c:\windows\System32\spool\drivers\w32x86\3\JNWDRV.dll
- 2008-05-28 00:52 . 2008-01-19 07:34	964608              c:\windows\System32\spool\drivers\w32x86\3\JNWDRV.dll
+ 2006-11-02 10:33 . 2012-07-18 13:47	607470              c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2012-05-02 20:14	607470              c:\windows\System32\perfh009.dat
+ 2007-01-15 18:12 . 2012-07-18 13:47	642482              c:\windows\System32\perfh007.dat
- 2007-01-15 18:12 . 2012-05-02 20:14	642482              c:\windows\System32\perfh007.dat
+ 2006-11-02 10:33 . 2012-07-18 13:47	108742              c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2012-05-02 20:14	108742              c:\windows\System32\perfc009.dat
+ 2007-01-15 18:12 . 2012-07-18 13:47	131828              c:\windows\System32\perfc007.dat
- 2007-01-15 18:12 . 2012-05-02 20:14	131828              c:\windows\System32\perfc007.dat
+ 2006-11-02 12:47 . 2012-05-18 17:12	466664              c:\windows\System32\FNTCACHE.DAT
- 2006-11-02 12:47 . 2012-04-06 16:34	466664              c:\windows\System32\FNTCACHE.DAT
+ 2012-05-11 09:07 . 2012-03-30 12:39	905600              c:\windows\System32\drivers\tcpip.sys
- 2012-03-13 23:15 . 2012-02-14 15:45	219648              c:\windows\System32\d3d10_1core.dll
+ 2012-05-11 09:05 . 2012-03-01 14:46	219648              c:\windows\System32\d3d10_1core.dll
- 2012-03-13 23:15 . 2012-02-14 15:45	160768              c:\windows\System32\d3d10_1.dll
+ 2012-05-11 09:05 . 2012-03-01 14:46	160768              c:\windows\System32\d3d10_1.dll
- 2012-03-13 23:15 . 2012-02-13 13:47	683008              c:\windows\System32\d2d1.dll
+ 2012-05-11 09:05 . 2012-02-29 13:44	683008              c:\windows\System32\d2d1.dll
+ 2009-06-16 17:10 . 2012-05-29 17:53	262144              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-06-16 17:10 . 2012-05-04 18:59	262144              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-02-16 00:33 . 2012-05-06 22:45	462740              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-16 00:33 . 2012-07-24 15:05	462740              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-24 15:05 . 2012-07-24 15:05	463508              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-05-11 09:05 . 2012-02-13 11:02	130848              c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2012-05-11 09:07 . 2012-01-03 10:58	389888              c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2012-05-11 09:07 . 2012-01-03 10:57	364816              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2012-05-11 09:07 . 2012-01-03 10:57	989968              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2009-07-01 16:43 . 2010-11-20 12:48	114688              c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2009-07-01 16:43 . 2012-05-20 13:03	114688              c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2009-07-01 16:43 . 2010-11-20 12:48	167936              c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2009-07-01 16:43 . 2012-05-20 13:03	167936              c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2009-12-01 15:37 . 2012-05-18 14:07	888080              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-12-01 15:37 . 2012-04-16 16:40	888080              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-12-01 15:37 . 2012-05-18 14:07	272648              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-12-01 15:37 . 2012-04-16 16:40	272648              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-12-01 15:37 . 2012-05-18 14:07	922384              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-12-01 15:37 . 2012-04-16 16:40	922384              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-12-01 15:37 . 2012-04-16 16:40	845584              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-12-01 15:37 . 2012-05-18 14:07	845584              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-12-01 15:37 . 2012-05-18 14:07	217864              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-12-01 15:37 . 2012-04-16 16:40	217864              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-12-01 15:37 . 2012-04-16 16:40	184080              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-12-01 15:37 . 2012-05-18 14:07	184080              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-12-01 15:37 . 2012-04-16 16:40	159504              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-12-01 15:37 . 2012-05-18 14:07	159504              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2012-05-18 18:00 . 2012-05-18 18:00	321536              c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\fbf74afe74e81261415b050305c2a870\WsatConfig.ni.exe
+ 2012-05-18 13:53 . 2012-05-18 13:53	240128              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\c5d3ce0f4bd207d6304b2348c3e621de\WindowsFormsIntegration.ni.dll
+ 2012-05-18 18:00 . 2012-05-18 18:00	240128              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\be701ce708835e0162cb863d3a4eeb49\WindowsFormsIntegration.ni.dll
+ 2012-05-18 17:36 . 2012-05-18 17:36	187904              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\5ebaa15cccc356bc3afba0c8f56977f7\UIAutomationTypes.ni.dll
+ 2012-05-18 13:52 . 2012-05-18 13:52	447488              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\b9321e183f2450c35a544a5a125ac030\UIAutomationClient.ni.dll
+ 2012-05-18 17:36 . 2012-05-18 17:36	447488              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\2250edc2c1512efa1c5788b787c93420\UIAutomationClient.ni.dll
+ 2012-05-18 18:00 . 2012-05-18 18:00	235520              c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\aaccc6d20e77e0f082e5af55a18079b8\TaskScheduler.ni.dll
+ 2012-05-18 18:00 . 2012-05-18 18:00	400896              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\f925b35bd6833e57067ad1f5c1bb5f17\System.Xml.Linq.ni.dll
+ 2012-05-18 18:00 . 2012-05-18 18:00	129536              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\c8ab679cadce23450692652d699c4e85\System.Web.Routing.ni.dll
+ 2012-05-18 17:34 . 2012-05-18 17:34	202240              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\2b12e6b3c3c29fdcfd7675deb0286c51\System.Web.RegularExpressions.ni.dll
+ 2012-05-18 18:00 . 2012-05-18 18:00	859648              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\56964f70f3ba0388dedc87982c88da55\System.Web.Extensions.Design.ni.dll
+ 2012-05-18 18:00 . 2012-05-18 18:00	328704              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\e8ced8a9d13f997516c6f6da6ff27823\System.Web.Entity.ni.dll
+ 2012-05-18 18:00 . 2012-05-18 18:00	301056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\711b34b33420fd054c5f1f8bd760f513\System.Web.Entity.Design.ni.dll
+ 2012-05-18 18:00 . 2012-05-18 18:00	547328              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\e8096caba914910c629bc5ea5eaceb26\System.Web.DynamicData.ni.dll
+ 2012-05-18 18:00 . 2012-05-18 18:00	141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\3812cf943328524a6c5b468dea70510b\System.Web.Abstractions.ni.dll
+ 2012-05-18 17:34 . 2012-05-18 17:34	627200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll
+ 2012-05-18 17:34 . 2012-05-18 17:34	212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\675632907c226b0c67a2407f2ddd4bf7\System.ServiceProcess.ni.dll
+ 2012-05-18 17:33 . 2012-05-18 17:33	679936              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\442135bc0b503b42ab2d752c23bea631\System.Security.ni.dll
+ 2012-05-18 17:33 . 2012-05-18 17:33	311296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1ee6b56dc9985fbbdeb373b611ac4fb3\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-05-18 17:34 . 2012-05-18 17:34	771584              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
+ 2012-05-18 17:59 . 2012-05-18 17:59	621056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\934c97ed4999b35cb0b81bf8aba085bd\System.Net.ni.dll
+ 2012-05-18 17:35 . 2012-05-18 17:35	593408              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\d93c05ef66a875441065ccce2a399577\System.Messaging.ni.dll
+ 2012-05-18 17:36 . 2012-05-18 17:36	998400              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
+ 2012-05-18 17:59 . 2012-05-18 17:59	330752              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\d33a548d929f66fe400903ffe768d0f0\System.Management.Instrumentation.ni.dll
+ 2012-05-18 17:59 . 2012-05-18 17:59	381440              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\998dfe1266cf798e1ff574eb7fd2bfa8\System.IO.Log.ni.dll
+ 2012-05-18 17:35 . 2012-05-18 17:35	212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\75df548d77c2833a48c5da51424c93f1\System.IdentityModel.Selectors.ni.dll
+ 2012-05-18 17:34 . 2012-05-18 17:34	280064              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.Wrapper.dll
+ 2012-05-18 17:34 . 2012-05-18 17:34	627712              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.ni.dll
+ 2012-05-18 17:20 . 2012-05-18 17:20	208384              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\11dd8eecb9bcf7bcc550c50d68555588\System.Drawing.Design.ni.dll
+ 2012-05-18 17:59 . 2012-05-18 17:59	881152              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\dc66ec040f382fef55b98e1f20ea783f\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-05-18 17:34 . 2012-05-18 17:34	455680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\99e4eb6fb13794d1a0b10e4f2b14d106\System.DirectoryServices.Protocols.ni.dll
+ 2012-05-18 17:38 . 2012-05-18 17:38	939008              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\72714f72a04c6233a2b50324eec8cc4a\System.Data.Services.Client.ni.dll
+ 2012-05-18 17:59 . 2012-05-18 17:59	354816              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\0213b2a09139aa03e485fd4b66753809\System.Data.Services.Design.ni.dll
+ 2012-05-18 17:38 . 2012-05-18 17:38	756736              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\6f763ae9a8467a9871dd6780d4d2c6a7\System.Data.Entity.Design.ni.dll
+ 2012-05-18 17:37 . 2012-05-18 17:37	135680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\fcda8e8e987949b85a1fe6ce03ecba9b\System.Data.DataSetExtensions.ni.dll
+ 2012-05-18 17:33 . 2012-05-18 17:33	971264              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
+ 2012-05-18 17:34 . 2012-05-18 17:34	141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f55611b6eee35375eaaf903f302e8a14\System.Configuration.Install.ni.dll
+ 2012-05-18 17:37 . 2012-05-18 17:37	633856              c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\2e06b217b01a361f04d8f7640a3b5ae1\System.AddIn.ni.dll
+ 2012-05-18 18:00 . 2012-05-18 18:00	232448              c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\4440dde36b8d3ba20512beb05505451b\sysglobl.ni.dll
+ 2012-05-18 17:37 . 2012-05-18 17:37	366080              c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\5d10dacced9bb34b5e0e6e0bdd0f7631\SMSvcHost.ni.exe
+ 2012-05-18 17:35 . 2012-05-18 17:35	256000              c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\521fb04fdfbb0039a34cc91111d11804\SMDiagnostics.ni.dll
+ 2012-05-18 17:37 . 2012-05-18 17:37	320512              c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\90ee142ef8d567092c7afdf3c79c814b\ServiceModelReg.ni.exe
+ 2012-05-18 17:19 . 2012-05-18 17:19	224768              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d81872939252c65b6f1127f331b84de0\PresentationFramework.Classic.ni.dll
+ 2012-05-18 13:49 . 2012-05-18 13:49	368128              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ce5577dc50faa48b5d07c25632c53462\PresentationFramework.Aero.ni.dll
+ 2012-05-18 13:49 . 2012-05-18 13:49	258048              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ce086d618c19258a6682a2a29af55dd9\PresentationFramework.Royale.ni.dll
+ 2012-05-18 17:19 . 2012-05-18 17:19	368128              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
+ 2012-05-18 17:20 . 2012-05-18 17:20	539648              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bbfbadb527a3ce339eef5f304a12f0c7\PresentationFramework.Luna.ni.dll
+ 2012-05-18 13:49 . 2012-05-18 13:49	539648              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6a9e0d3cec0e844931df8c0eb43fca12\PresentationFramework.Luna.ni.dll
+ 2012-05-18 13:49 . 2012-05-18 13:49	224768              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\118d9ec1a0bbf3fd006cbe0a6090d7e6\PresentationFramework.Classic.ni.dll
+ 2012-05-18 17:20 . 2012-05-18 17:20	258048              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\00112c66cb7cb4c8f8a284320a2fa2b1\PresentationFramework.Royale.ni.dll
+ 2012-05-18 17:33 . 2012-05-18 17:33	601088              c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.SystemL#\ca62e8ceac06d7409672855cecc10ea4\PaintDotNet.SystemLayer.ni.dll
+ 2012-05-18 17:33 . 2012-05-18 17:33	322048              c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Resourc#\c723259332d98607ae6e3276b673da08\PaintDotNet.Resources.ni.dll
+ 2012-05-18 17:34 . 2012-05-18 17:34	643072              c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Effects\23080b4832fb7c25866ee008ecec6648\PaintDotNet.Effects.ni.dll
+ 2012-05-18 17:33 . 2012-05-18 17:33	695808              c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Data\a1a279a3725183d1ec70c029dafc4fab\PaintDotNet.Data.ni.dll
+ 2012-05-18 17:33 . 2012-05-18 17:33	227328              c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Base\a87322fc0bcc8abb5e8682abfcf342a0\PaintDotNet.Base.ni.dll
+ 2012-05-18 17:37 . 2012-05-18 17:37	724992              c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\c3d993293f0dcb7a30204c7096c2a5bb\napsnap.ni.dll
+ 2012-05-18 17:37 . 2012-05-18 17:37	110080              c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\48520a91e99e86416014b9b6d2a7c2a6\napinit.ni.dll
+ 2012-05-18 17:37 . 2012-05-18 17:37	115712              c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\fafb8f5ecc491637dd61c7efd321a68a\naphlpr.ni.dll
+ 2012-05-18 17:34 . 2012-05-18 17:34	133632              c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\91ba322c3cb72f03d15016e81f2f08e8\MSBuild.ni.exe
+ 2012-05-18 17:36 . 2012-05-18 17:36	285184              c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\e8aacd74110db73e98fb9f66dd87a0cd\MMCFxCommon.ni.dll
+ 2012-05-18 17:37 . 2012-05-18 17:37	508928              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\ee837f53d1dfa574e7f908907cde5762\Microsoft.WSMan.Management.ni.dll
+ 2012-05-18 17:36 . 2012-05-18 17:36	386560              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\2561c194ae93e7d81c1921d7f8bc4d9d\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-05-18 13:52 . 2012-05-18 13:52	729600              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\fe2f0dcb5833316d267719565307b0d1\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2012-05-18 17:36 . 2012-05-18 17:36	156160              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\ece80059173e49adf749b12ab865d21e\Microsoft.PowerShell.Security.ni.dll
+ 2012-05-18 17:36 . 2012-05-18 17:36	729600              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a253fd3940797d138fc8c5974b7e1f7a\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2012-05-18 17:36 . 2012-05-18 17:36	737792              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\74dbe658cfe06e384430fe5ae7d29310\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-05-18 17:36 . 2012-05-18 17:36	515584              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\12925e39b3ba4256b20d62aa94df1043\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-05-18 17:36 . 2012-05-18 17:36	291328              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\012d9816bed18f463f1a7997acdc3d15\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2012-05-18 17:35 . 2012-05-18 17:35	593408              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\ed2a004821673496979d825ce6b333b6\Microsoft.MediaCenter.ni.dll
+ 2012-05-18 17:35 . 2012-05-18 17:35	659968              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\49708553beac29dc425492f9520f607b\Microsoft.MediaCenter.Sports.ni.dll
+ 2012-05-18 17:35 . 2012-05-18 17:35	227840              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\40ed5b7a3dc409d4bfb5cbc22b2de3f9\Microsoft.MediaCenter.Shell.ni.dll
+ 2012-05-18 17:36 . 2012-05-18 17:36	558592              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\7e0bd3eec312b342c4c1b718bb1ba0ae\Microsoft.ManagementConsole.ni.dll
+ 2012-05-18 17:36 . 2012-05-18 17:36	144384              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\66b5642e7fb6c41c7c9f320c39cc04ad\Microsoft.Build.Utilities.ni.dll
+ 2012-05-18 17:36 . 2012-05-18 17:36	175104              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\33d8c9635b28feaeb2711f402e1afac2\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-05-18 17:36 . 2012-05-18 17:36	888320              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\c424f04095959cd8a5c03f2904cbd698\Microsoft.Build.Engine.ni.dll
+ 2012-05-18 17:36 . 2012-05-18 17:36	222720              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\1e48dcddad33d81cd6e0c429c17094a1\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-05-18 17:35 . 2012-05-18 17:35	238592              c:\windows\assembly\NativeImages_v2.0.50727_32\Mcx2Dvcs\d9ef7a0b14036b65f7d8b0c39542f679\Mcx2Dvcs.ni.dll
+ 2012-05-18 17:36 . 2012-05-18 17:36	254976              c:\windows\assembly\NativeImages_v2.0.50727_32\mcupdate\f6536b4c26373b75c1037433213d7fb0\mcupdate.ni.exe
+ 2012-05-18 17:35 . 2012-05-18 17:35	225280              c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\a49b94a226262de9fc167c662d9175e6\mcstoredb.ni.dll
+ 2012-05-18 17:35 . 2012-05-18 17:35	642560              c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\cb292a571ceb92b81b41cf52eac16d83\mcstore.ni.dll
+ 2012-05-18 17:34 . 2012-05-18 17:34	504320              c:\windows\assembly\NativeImages_v2.0.50727_32\ICSharpCode.SharpZi#\de8baf94d243697760a340c96e5a4bec\ICSharpCode.SharpZipLib.ni.dll
+ 2012-05-18 17:36 . 2012-05-18 17:36	543744              c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\81fff530629c9ff044083998fc608618\EventViewer.ni.dll
+ 2012-05-18 17:35 . 2012-05-18 17:35	103936              c:\windows\assembly\NativeImages_v2.0.50727_32\ehiWUapi\026110bb02fb6ad6ca94b7b2fde54013\ehiWUapi.ni.dll
+ 2012-05-18 17:35 . 2012-05-18 17:35	338432              c:\windows\assembly\NativeImages_v2.0.50727_32\ehiwmp\7d7fb67c9ca0865f01c81615bfa39752\ehiwmp.ni.dll
+ 2012-05-18 17:35 . 2012-05-18 17:35	797696              c:\windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\517658fd6bfd5187c3293b54121b057e\ehiVidCtl.ni.dll
+ 2012-05-18 17:35 . 2012-05-18 17:35	965632              c:\windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\286a98a691096f98d57f0f9cb9d03690\ehiProxy.ni.dll
+ 2012-05-18 17:35 . 2012-05-18 17:35	565760              c:\windows\assembly\NativeImages_v2.0.50727_32\ehiPlay\67ddb639b0e4210abaf7d19d72013cb5\ehiPlay.ni.dll
+ 2012-05-18 17:35 . 2012-05-18 17:35	160768              c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\07d99efbb39707d01236f56cb1299524\ehiExtens.ni.dll
+ 2012-05-18 17:35 . 2012-05-18 17:35	243200              c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost\9467ebde730619d44e3f9338563b52b5\ehExtHost.ni.exe
+ 2012-05-18 17:35 . 2012-05-18 17:35	305152              c:\windows\assembly\NativeImages_v2.0.50727_32\ehepgdat\7bb80e892853c7ddec7925a7278c03ea\ehepgdat.ni.dll
+ 2012-05-18 17:35 . 2012-05-18 17:35	220160              c:\windows\assembly\NativeImages_v2.0.50727_32\ehCIR\2794be5c73dd6a6efe1ec1c5e8396024\ehCIR.ni.dll
+ 2012-05-18 17:35 . 2012-05-18 17:35	220672              c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\8455a2be044530a091b714f5a6415d6b\CustomMarshalers.ni.dll
+ 2012-05-18 17:34 . 2012-05-18 17:34	410112              c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\b434a5d366e71df6c19d51bfab284ed8\ComSvcConfig.ni.exe
+ 2012-05-18 17:33 . 2012-05-18 17:33	386560              c:\windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\e20f2a67e463b0096433b4473c5aedfe\BDATunePIA.ni.dll
+ 2012-05-18 17:33 . 2012-05-18 17:33	842240              c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\bc7c2b8dced50ff2a4e7dc937f9a5022\AspNetMMCExt.ni.dll
+ 2012-05-11 09:05 . 2012-02-13 11:02	532480              c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2009-09-14 01:06 . 2009-02-18 18:39	532480              c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2009-09-14 01:05 . 2009-02-18 18:39	368640              c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-05-11 09:05 . 2012-02-13 11:02	368640              c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-05-11 09:05 . 2012-02-13 11:00	1253376              c:\windows\winsxs\x86_wpf-windowsbase_31bf3856ad364e35_6.0.6002.22797_none_5982df675e4ca7a6\WindowsBase.dll
+ 2012-05-11 09:05 . 2012-01-03 10:54	1253376              c:\windows\winsxs\x86_wpf-windowsbase_31bf3856ad364e35_6.0.6002.22771_none_59927d835e41d7ba\WindowsBase.dll
+ 2012-05-11 09:05 . 2012-02-13 11:02	1249280              c:\windows\winsxs\x86_wpf-windowsbase_31bf3856ad364e35_6.0.6002.18582_none_58ff0f30452b7011\WindowsBase.dll
+ 2012-05-11 09:05 . 2012-01-03 10:57	1249280              c:\windows\winsxs\x86_wpf-windowsbase_31bf3856ad364e35_6.0.6002.18565_none_5917afe645188434\WindowsBase.dll
+ 2012-05-11 09:05 . 2012-02-13 11:00	5283840              c:\windows\winsxs\x86_wpf-presentationframework_31bf3856ad364e35_6.0.6002.22797_none_709c2e896c7cefd0\PresentationFramework.dll
+ 2012-05-11 09:05 . 2012-01-03 10:54	5283840              c:\windows\winsxs\x86_wpf-presentationframework_31bf3856ad364e35_6.0.6002.22771_none_70abcca56c721fe4\PresentationFramework.dll
+ 2012-05-11 09:05 . 2012-02-13 11:02	5283840              c:\windows\winsxs\x86_wpf-presentationframework_31bf3856ad364e35_6.0.6002.18582_none_70185e52535bb83b\PresentationFramework.dll
+ 2012-05-11 09:05 . 2012-01-03 10:57	5283840              c:\windows\winsxs\x86_wpf-presentationframework_31bf3856ad364e35_6.0.6002.18565_none_7030ff085348cc5e\PresentationFramework.dll
+ 2012-05-11 09:05 . 2012-02-13 11:00	1738008              c:\windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6002.22797_none_ae46e4c2a67ad1a3\wpfgfx_v0300.dll
+ 2012-05-11 09:05 . 2012-02-13 11:00	4218880              c:\windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6002.22797_none_ae46e4c2a67ad1a3\PresentationCore.dll
+ 2012-05-11 09:05 . 2012-01-03 10:54	1737496              c:\windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6002.22771_none_ae5682dea67001b7\wpfgfx_v0300.dll
+ 2012-05-11 09:05 . 2012-01-03 10:54	4218880              c:\windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6002.22771_none_ae5682dea67001b7\PresentationCore.dll
+ 2012-05-11 09:05 . 2012-02-13 11:02	1736984              c:\windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6002.18582_none_adc3148b8d599a0e\wpfgfx_v0300.dll
+ 2012-05-11 09:05 . 2012-02-13 11:02	4214784              c:\windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6002.18582_none_adc3148b8d599a0e\PresentationCore.dll
+ 2009-09-14 01:06 . 2009-02-18 18:39	1737064              c:\windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6002.18565_none_addbb5418d46ae31\wpfgfx_v0300.dll
+ 2012-05-11 09:05 . 2012-01-03 10:56	4214784              c:\windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6002.18565_none_addbb5418d46ae31\PresentationCore.dll
+ 2012-05-11 09:07 . 2012-01-03 10:55	5925648              c:\windows\winsxs\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.0.6002.22770_none_1b72a5e648d5042c\mscorwks.dll
+ 2012-05-11 09:07 . 2012-01-03 10:57	5913872              c:\windows\winsxs\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.0.6002.18564_none_323ef1602f2ef102\mscorwks.dll
+ 2012-05-11 09:07 . 2012-01-03 10:55	4550656              c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6002.22770_none_b0cbd6f8db4d9fa7\mscorlib.dll
+ 2012-05-11 09:07 . 2012-01-03 10:57	4550656              c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6002.18564_none_c7982272c1a78c7d\mscorlib.dll
+ 2012-05-11 09:05 . 2012-02-10 16:22	1838592              c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.6002.22795_none_76dd7d7d7cbccda9\GdiPlus.dll
+ 2012-05-11 09:05 . 2012-02-03 15:11	1838592              c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.6002.18581_none_8daa7f376315ed77\GdiPlus.dll
+ 2012-05-11 09:05 . 2012-02-10 16:22	1748992              c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.22795_none_878c0e98e3b6f402\GdiPlus.dll
+ 2012-05-11 09:05 . 2012-02-03 15:11	1748992              c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\GdiPlus.dll
+ 2012-06-24 17:43 . 2012-06-02 22:12	2422272              c:\windows\winsxs\x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.6.7600.256_none_f7839c193937c3f1\wucltux.dll
+ 2012-05-11 09:05 . 2012-04-02 13:23	2053120              c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22831_none_bb442befb0e20f5e\win32k.sys
+ 2012-05-11 09:05 . 2012-04-02 13:36	2044928              c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18607_none_bae0febe97a6b6a4\win32k.sys
+ 2012-06-24 17:43 . 2012-06-02 22:19	1933848              c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_79d6786e99338140\wuaueng.dll
+ 2012-05-11 09:05 . 2012-02-01 14:48	1218048              c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.0.6002.22789_none_19d42b54bb14d4c9\NBDoc.DLL
+ 2012-05-11 09:05 . 2012-02-01 13:44	1850880              c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.0.6002.22789_none_19d42b54bb14d4c9\Journal.exe
+ 2012-05-11 09:05 . 2012-02-01 15:11	1218048              c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.0.6002.18579_none_19555c8fa1ef1be7\NBDoc.DLL
+ 2009-09-14 01:04 . 2009-04-11 06:27	1850880              c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.0.6002.18579_none_19555c8fa1ef1be7\Journal.exe
+ 2012-05-11 09:05 . 2012-02-01 14:47	1404416              c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.0.6002.22789_none_ccb32adc4d8c00b7\InkObj.dll
+ 2012-05-11 09:05 . 2012-02-01 15:10	1404928              c:\windows\winsxs\x86_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_6.0.6002.18579_none_cc345c17346647d5\InkObj.dll
+ 2012-05-11 09:05 . 2012-04-03 08:16	3552640              c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22831_none_6e8113d5ca7e5806\ntoskrnl.exe
+ 2012-05-11 09:05 . 2012-04-03 08:16	3604352              c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22831_none_6e8113d5ca7e5806\ntkrnlpa.exe
+ 2012-05-11 09:05 . 2012-04-03 08:16	3550080              c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18607_none_6e1de6a4b142ff4c\ntoskrnl.exe
+ 2012-05-11 09:05 . 2012-04-03 08:16	3602816              c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18607_none_6e1de6a4b142ff4c\ntkrnlpa.exe
+ 2012-01-31 12:18 . 2011-11-16 16:21	1259008              c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18643_none_a808ceee5a0f2f82\lsasrv.dll
+ 2012-05-11 09:05 . 2012-03-01 13:50	1172480              c:\windows\winsxs\x86_microsoft-windows-directx-warp10_31bf3856ad364e35_7.0.6002.22807_none_de4b43def7d09125\d3d10warp.dll
+ 2012-05-11 09:05 . 2012-02-29 14:08	1172480              c:\windows\winsxs\x86_microsoft-windows-directx-warp10_31bf3856ad364e35_7.0.6002.18592_none_dd5b5289df0073d3\d3d10warp.dll
+ 2012-05-11 09:05 . 2012-03-01 13:27	1069056              c:\windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_7.0.6002.22807_none_c6850f1ca0934258\DWrite.dll
+ 2012-05-11 09:05 . 2012-02-29 13:41	1069056              c:\windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_7.0.6002.18592_none_c5951dc787c32506\DWrite.dll
+ 2012-05-11 09:05 . 2012-02-13 11:00	1253376              c:\windows\winsxs\msil_windowsbase_31bf3856ad364e35_6.0.6002.22797_none_9934bcf6462a1fdd\WindowsBase.dll
+ 2012-05-11 09:05 . 2012-01-03 10:54	1253376              c:\windows\winsxs\msil_windowsbase_31bf3856ad364e35_6.0.6002.22771_none_99445b12461f4ff1\WindowsBase.dll
+ 2012-05-11 09:05 . 2012-02-13 11:02	1249280              c:\windows\winsxs\msil_windowsbase_31bf3856ad364e35_6.0.6002.18582_none_98b0ecbf2d08e848\WindowsBase.dll
+ 2012-05-11 09:05 . 2012-01-03 10:57	1249280              c:\windows\winsxs\msil_windowsbase_31bf3856ad364e35_6.0.6002.18565_none_98c98d752cf5fc6b\WindowsBase.dll
+ 2012-05-11 09:07 . 2012-01-03 10:57	3190784              c:\windows\winsxs\msil_system_b77a5c561934e089_6.0.6002.22770_none_c3a51da375ea59e4\System.dll
+ 2012-05-11 09:07 . 2012-01-03 10:58	3186688              c:\windows\winsxs\msil_system_b77a5c561934e089_6.0.6002.18564_none_da71691d5c4446ba\System.dll
+ 2012-05-11 09:07 . 2012-01-03 10:57	5025792              c:\windows\winsxs\msil_system.windows.forms_b77a5c561934e089_6.0.6002.22770_none_1a012a7c5d7cabdc\System.Windows.Forms.dll
+ 2012-05-11 09:07 . 2012-01-03 10:58	5025792              c:\windows\winsxs\msil_system.windows.forms_b77a5c561934e089_6.0.6002.18564_none_30cd75f643d698b2\System.Windows.Forms.dll
+ 2012-05-11 09:05 . 2012-02-13 11:00	5283840              c:\windows\winsxs\msil_presentationframework_31bf3856ad364e35_6.0.6002.22797_none_78cd68880a83439f\PresentationFramework.dll
+ 2012-05-11 09:05 . 2012-01-03 10:54	5283840              c:\windows\winsxs\msil_presentationframework_31bf3856ad364e35_6.0.6002.22771_none_78dd06a40a7873b3\PresentationFramework.dll
+ 2012-05-11 09:05 . 2012-02-13 11:02	5283840              c:\windows\winsxs\msil_presentationframework_31bf3856ad364e35_6.0.6002.18582_none_78499850f1620c0a\PresentationFramework.dll
+ 2012-05-11 09:05 . 2012-01-03 10:57	5283840              c:\windows\winsxs\msil_presentationframework_31bf3856ad364e35_6.0.6002.18565_none_78623906f14f202d\PresentationFramework.dll
+ 2012-05-11 09:05 . 2012-04-02 13:36	2044928              c:\windows\System32\win32k.sys
- 2006-11-02 10:22 . 2012-04-17 22:21	6815744              c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:22 . 2012-07-11 09:42	6815744              c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2012-05-11 09:05 . 2012-04-03 08:16	3550080              c:\windows\System32\ntoskrnl.exe
- 2012-04-16 16:37 . 2012-03-06 06:39	3550080              c:\windows\System32\ntoskrnl.exe
+ 2012-05-11 09:05 . 2012-04-03 08:16	3602816              c:\windows\System32\ntkrnlpa.exe
- 2012-04-16 16:37 . 2012-03-06 06:39	3602816              c:\windows\System32\ntkrnlpa.exe
+ 2012-05-11 09:05 . 2012-02-29 13:41	1069056              c:\windows\System32\DWrite.dll
- 2012-03-13 23:15 . 2012-02-13 14:12	1172480              c:\windows\System32\d3d10warp.dll
+ 2012-05-11 09:05 . 2012-02-29 14:08	1172480              c:\windows\System32\d3d10warp.dll
+ 2011-10-28 01:04 . 2012-07-23 19:48	7066668              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2978858628-215539607-716368754-1003-8192.dat
+ 2012-05-11 09:05 . 2012-02-13 11:02	1736984              c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
- 2011-06-28 12:58 . 2011-03-29 10:53	5025792              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2012-05-11 09:07 . 2012-01-03 10:58	5025792              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2012-05-11 09:07 . 2012-01-03 10:58	3186688              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2012-02-15 17:18 . 2011-11-01 11:23	3186688              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2012-05-11 09:07 . 2012-01-03 10:57	5913872              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2012-05-11 09:07 . 2012-01-03 10:57	4550656              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2011-10-12 18:23 . 2011-07-08 11:53	4550656              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2012-04-04 20:38 . 2012-04-04 20:38	2831360              c:\windows\Installer\687b7c.msp
+ 2012-04-28 19:44 . 2012-04-28 19:44	9101824              c:\windows\Installer\687b66.msp
+ 2012-04-28 19:44 . 2012-04-28 19:44	9586176              c:\windows\Installer\687b50.msp
+ 2012-04-30 12:38 . 2012-04-30 12:38	5011456              c:\windows\Installer\687b38.msp
+ 2012-04-04 20:38 . 2012-04-04 20:38	3620864              c:\windows\Installer\687b22.msp
+ 2012-03-15 00:24 . 2012-03-15 00:24	1795584              c:\windows\Installer\687b0c.msp
+ 2012-04-28 19:43 . 2012-04-28 19:43	8459264              c:\windows\Installer\687af6.msp
+ 2012-02-17 06:45 . 2012-02-17 06:45	2299392              c:\windows\Installer\687ae0.msp
- 2009-12-01 15:37 . 2012-04-16 16:40	1172240              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-12-01 15:37 . 2012-05-18 14:07	1172240              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-12-01 15:37 . 2012-05-18 14:07	1165584              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2009-12-01 15:37 . 2012-04-16 16:40	1165584              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2012-05-18 17:19 . 2012-05-18 17:19	3325952              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
+ 2012-05-18 13:47 . 2012-05-18 13:47	3325952              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\51d48bc9237197f60243fb8b14f27e9f\WindowsBase.ni.dll
+ 2012-05-18 13:53 . 2012-05-18 13:53	1049600              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\c12b7122aa96b3d39582604b8a1d04dd\UIAutomationClientsideProviders.ni.dll
+ 2012-05-18 18:00 . 2012-05-18 18:00	1049600              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\5554cc3dcd06e8820c9db3d509d9fae7\UIAutomationClientsideProviders.ni.dll
+ 2012-05-18 17:19 . 2012-05-18 17:19	7953408              c:\windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
+ 2012-05-18 17:21 . 2012-05-18 17:21	5450752              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
+ 2012-05-18 18:00 . 2012-05-18 18:00	1356288              c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\3934cd5857a60c454030d1c9a14a5a21\System.WorkflowServices.ni.dll
+ 2012-05-18 17:21 . 2012-05-18 17:21	1911296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\2b734aec63ce9276dfd271ef0a4458a0\System.Workflow.Runtime.ni.dll
+ 2012-05-18 17:21 . 2012-05-18 17:21	4514304              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\414aa8fab914a3418860fb61a0746fd2\System.Workflow.ComponentModel.ni.dll
+ 2012-05-18 17:21 . 2012-05-18 17:21	2992640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\c4b6c4a3246cc0660008ad7701d888c6\System.Workflow.Activities.ni.dll
+ 2012-05-18 17:34 . 2012-05-18 17:34	1840640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\24556241d64589a6b95b7eaa7432295b\System.Web.Services.ni.dll
+ 2012-05-18 18:00 . 2012-05-18 18:00	2209280              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\0978e723c6d6741c5f2d1c37e3660345\System.Web.Mobile.ni.dll
+ 2012-05-18 18:00 . 2012-05-18 18:00	2405888              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\9bea9b43c9c4fefff36d42e6aa6b0eec\System.Web.Extensions.ni.dll
+ 2012-05-18 18:00 . 2012-05-18 18:00	1917440              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\7ed29e11a515872908672cb05b7ff4d3\System.Speech.ni.dll
+ 2012-05-18 18:00 . 2012-05-18 18:00	1705984              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\6546e0f4253ce30900e5ff902672a8bc\System.ServiceModel.Web.ni.dll
+ 2012-05-18 17:35 . 2012-05-18 17:35	2346496              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1619144e1a9eaca847e53b952b21820b\System.Runtime.Serialization.ni.dll
+ 2012-05-18 17:36 . 2012-05-18 17:36	1035776              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\f95c423a31ac401b5d81c9cd455e3676\System.Printing.ni.dll
+ 2012-05-18 13:52 . 2012-05-18 13:52	1035776              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\64ac5d6492dcd9965324ea3c3c100bca\System.Printing.ni.dll
+ 2012-05-18 17:36 . 2012-05-18 17:36	8365056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\6a54f9f4af6fd2a19111200f0082349d\System.Management.Automation.ni.dll
+ 2012-05-18 17:35 . 2012-05-18 17:35	1070080              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\32983e3f4c5c20053e6673f37a58a874\System.IdentityModel.ni.dll
+ 2012-05-18 17:20 . 2012-05-18 17:20	1591808              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll
+ 2012-05-18 17:34 . 2012-05-18 17:34	1116672              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\2352398c304c3cb6c0909099e39cfb19\System.DirectoryServices.ni.dll
+ 2012-05-18 17:33 . 2012-05-18 17:33	1801216              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\d374b09ce3f31ebd3e4cb3c64ca91a42\System.Deployment.ni.dll
+ 2012-05-18 17:20 . 2012-05-18 17:20	6621696              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll
+ 2012-05-18 17:33 . 2012-05-18 17:33	2510336              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\761fe0d0364a9a9515b8fd20b72150af\System.Data.SqlXml.ni.dll
+ 2012-05-18 17:38 . 2012-05-18 17:38	1328128              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\7080e56dddae7f08a2dacf0451a27d54\System.Data.Services.ni.dll
+ 2012-05-18 17:34 . 2012-05-18 17:34	1119232              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\35930a8bda01bcaa3f992622bc63e17a\System.Data.OracleClient.ni.dll
+ 2012-05-18 17:20 . 2012-05-18 17:20	2516480              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\25cbbaeba2e4efdca4bee27760ffb36d\System.Data.Linq.ni.dll
+ 2012-05-18 17:37 . 2012-05-18 17:37	9924096              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\5a93198249be78f582fc89d835403fe8\System.Data.Entity.ni.dll
+ 2012-05-18 17:20 . 2012-05-18 17:20	2295296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
+ 2012-05-18 17:36 . 2012-05-18 17:36	2146816              c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\e840ddcecb65ec23d027b253950d5a00\ReachFramework.ni.dll
+ 2012-05-18 13:52 . 2012-05-18 13:52	2146816              c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\497159d4e758485579c0b3350d2bf1c6\ReachFramework.ni.dll
+ 2012-05-18 13:52 . 2012-05-18 13:52	1657856              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\ed6ddd5bc1c26383bcc29fd4a5565bb4\PresentationUI.ni.dll
+ 2012-05-18 17:36 . 2012-05-18 17:36	1657856              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\7cd9d41ca84c508d58475df4db9d220d\PresentationUI.ni.dll
+ 2012-05-18 17:37 . 2012-05-18 17:37	1451008              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\fc59920e9bbba90d812714c1748e2cec\PresentationBuildTasks.ni.dll
+ 2012-05-18 17:34 . 2012-05-18 17:34	2019840              c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet\71c8609d5d91907e37646bae0a37e4dc\PaintDotNet.ni.exe
+ 2012-05-18 17:33 . 2012-05-18 17:33	1812480              c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Core\88df4c36bc126aa9f09b1a1cc902685b\PaintDotNet.Core.ni.dll
+ 2012-05-18 17:37 . 2012-05-18 17:37	2538496              c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\210233057a1cdfb7b1f304282b2b3988\Narrator.ni.exe
+ 2012-05-18 17:37 . 2012-05-18 17:37	1536512              c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\d91a5256dee77a6bdb2767c6c9e01a54\MMCEx.ni.dll
+ 2012-05-18 17:36 . 2012-05-18 17:36	6340096              c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\085ec54d0a1e305de561b55836c5ec91\MIGUIControls.ni.dll
+ 2012-05-18 17:37 . 2012-05-18 17:37	1711616              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3c92d4b3ec56936eab8e17ed81940c10\Microsoft.VisualBasic.ni.dll
+ 2012-05-18 17:35 . 2012-05-18 17:35	1093120              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\e606f5aa1e01220753f6a032c07b43a7\Microsoft.Transactions.Bridge.ni.dll
+ 2012-05-18 17:36 . 2012-05-18 17:36	1704448              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\d5d216b357e42d79f4f2e942200a2261\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-05-18 17:36 . 2012-05-18 17:36	3722752              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\d2a8cd6eba3bd57c1c5b2974b0342f93\Microsoft.PowerShell.Editor.ni.dll
+ 2012-05-18 17:36 . 2012-05-18 17:36	1609728              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\cf2a0189e9d197bee8411e3711f76782\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-05-18 13:52 . 2012-05-18 13:52	3722752              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\9e74526a69e08ce0d02188a8bb43e3c8\Microsoft.PowerShell.Editor.ni.dll
+ 2012-05-18 13:52 . 2012-05-18 13:52	1704448              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\1772065664dbdc906b1434d8b0e776d5\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-05-18 17:35 . 2012-05-18 17:35	5486080              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\516a383324800a15493cfe6412cbb71d\Microsoft.MediaCenter.UI.ni.dll
+ 2012-05-18 17:36 . 2012-05-18 17:36	2332160              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\47b205f629edc7e1065e1bd6c3d50834\Microsoft.JScript.ni.dll
+ 2012-05-18 17:33 . 2012-05-18 17:33	1356288              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\c6fa5ed85e03c8437847bf51eefda7bb\Microsoft.Ink.ni.dll
+ 2012-05-18 17:36 . 2012-05-18 17:36	1966080              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\fcf4a03940394213dfc5ccc00fc7dd83\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-05-18 17:36 . 2012-05-18 17:36	1620992              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\26e5108aa22d39b2054c544eca7f7023\Microsoft.Build.Tasks.ni.dll
+ 2012-05-18 17:34 . 2012-05-18 17:34	1888768              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\452da9a588cd455890d8762dcae073af\Microsoft.Build.Engine.ni.dll
+ 2012-05-18 17:35 . 2012-05-18 17:35	1732608              c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\b7bef07ca1e5abb7a55dbbbc318903fe\ehRecObj.ni.dll
+ 2012-05-18 17:35 . 2012-05-18 17:35	2130432              c:\windows\assembly\NativeImages_v2.0.50727_32\ehepg\00d9844d50e9752452263da331a3fd8c\ehepg.ni.dll
- 2010-06-23 10:06 . 2010-04-05 12:19	1249280              c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-05-11 09:05 . 2012-02-13 11:02	1249280              c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2012-02-15 17:18 . 2011-11-01 11:23	3186688              c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-05-11 09:07 . 2012-01-03 10:58	3186688              c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-06-28 12:58 . 2011-03-29 10:53	5025792              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-05-11 09:07 . 2012-01-03 10:58	5025792              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-05-11 09:05 . 2012-02-13 11:02	5283840              c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-05-11 09:05 . 2012-02-13 11:02	1736984              c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll
- 2010-06-23 10:06 . 2010-04-05 12:19	4214784              c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-05-11 09:05 . 2012-02-13 11:02	4214784              c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-10-12 18:23 . 2011-07-08 11:53	4550656              c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-05-11 09:07 . 2012-01-03 10:57	4550656              c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2006-11-02 10:24 . 2012-05-18 14:03	55656824              c:\windows\System32\mrt.exe
+ 2012-05-18 13:47 . 2012-05-18 13:47	20343808              c:\windows\Installer\687acc.msp
+ 2012-05-18 17:20 . 2012-05-18 17:20	12430848              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll
+ 2012-05-18 17:34 . 2012-05-18 17:34	11820032              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\ef684a2ee2f7276eec3973a0654d2bd4\System.Web.ni.dll
+ 2012-05-18 17:35 . 2012-05-18 17:35	17404416              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1dac5ff29f483e19c77b23b00ba533f9\System.ServiceModel.ni.dll
+ 2012-05-18 17:20 . 2012-05-18 17:20	10683392              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\b03386569c9ce7b2079f3fb3aaf370e6\System.Design.ni.dll
+ 2012-05-18 17:19 . 2012-05-18 17:19	14329856              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c466fbf8e50c7c11b2fa994707124290\PresentationFramework.ni.dll
+ 2012-05-18 13:49 . 2012-05-18 13:49	14328832              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\947a2f5a83624cc61512e2a8be8d7f4a\PresentationFramework.ni.dll
+ 2012-05-18 17:19 . 2012-05-18 17:19	12219392              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b4ade6954a61a7626858c123dc951ba6\PresentationCore.ni.dll
+ 2012-05-18 13:48 . 2012-05-18 13:48	12216832              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\47de04e504b5adeba3b6855231eff282\PresentationCore.ni.dll
+ 2012-05-18 17:18 . 2012-05-18 17:18	11492352              c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
+ 2012-05-18 17:35 . 2012-05-18 17:35	11588096              c:\windows\assembly\NativeImages_v2.0.50727_32\ehshell\620e624cf59935af07591fba2bf80e70\ehshell.ni.dll
+ 2009-06-03 21:18 . 2012-07-11 08:39	359534175              c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-04 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-04 18:20	1514152	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-04 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"mHotkey"="mHotkey.exe" [2006-06-19 559104]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-20 228088]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 81920]
"GrooveMonitor"="c:\program files\Microsoft Office 2007\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-04 1391272]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA1100 Setup-Assistent.lnk - c:\program files\NETGEAR\WNA1100\WNA1100.exe [2012-4-12 4545024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux8"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59	937920	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58	37296	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46	1135912	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44	31072	----a-w-	c:\program files\Microsoft Office 2007\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-11-14 13:47	50736	----a-w-	c:\program files\Common Files\aol\1168853550\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 19:52	49152	----a-w-	c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 16:06	421736	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-04-04 13:56	981680	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPass]
2006-12-20 15:32	2519040	----a-w-	c:\program files\Softex\OmniPass\scureapp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 11:35	90112	----a-w-	c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44	37888	----a-w-	c:\program files\winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-26 c:\windows\Tasks\Erweiterte Garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2007-01-15 16:38]
.
2012-07-26 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-01-15 16:34]
.
2012-07-26 c:\windows\Tasks\User_Feed_Synchronization-{E71D1D21-BEDF-41DD-9481-F025251F282C}.job
- c:\windows\system32\msfeedssync.exe [2012-02-08 11:36]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/ig?hl=de
mStart Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = <local>;*.local
IE: Free YouTube Download - c:\users\Versuch\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Versuch\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\iqnh3kfq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-26 17:23
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2978858628-215539607-716368754-1003\Software\SecuROM\License information*]
"datasecu"=hex:b0,6a,1b,a3,df,24,54,68,dd,34,fd,3e,4e,e5,41,e9,96,bf,be,1f,dd,
   cd,0d,ac,d7,48,20,6d,08,92,3f,84,47,f2,d1,8a,90,57,a4,91,dd,95,3e,90,d3,07,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
Zeit der Fertigstellung: 2012-07-26  17:32:54
ComboFix-quarantined-files.txt  2012-07-26 15:32
ComboFix2.txt  2012-05-07 13:56
ComboFix3.txt  2010-08-14 09:57
.
Vor Suchlauf: 17 Verzeichnis(se), 91.948.859.392 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 97.754.877.952 Bytes frei
.
- - End Of File - - FB3C27BC0A6DCDB4C1DBA97D01C76A0E
         
da ist das ding

Alt 26.07.2012, 19:03   #8
markusg
/// Malware-holic
 
BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash - Standard

BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash



hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.07.2012, 13:37   #9
pe__ka
 
BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash - Standard

BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash



Code:
ATTFilter
14:32:34.0291 7104	TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
14:32:34.0490 7104	============================================================
14:32:34.0490 7104	Current date / time: 2012/07/27 14:32:34.0490
14:32:34.0490 7104	SystemInfo:
14:32:34.0490 7104	
14:32:34.0490 7104	OS Version: 6.0.6002 ServicePack: 2.0
14:32:34.0490 7104	Product type: Workstation
14:32:34.0490 7104	ComputerName: PATRICKUNDDÉ-PC
14:32:34.0491 7104	UserName: Versuch
14:32:34.0491 7104	Windows directory: C:\Windows
14:32:34.0491 7104	System windows directory: C:\Windows
14:32:34.0491 7104	Processor architecture: Intel x86
14:32:34.0491 7104	Number of processors: 2
14:32:34.0491 7104	Page size: 0x1000
14:32:34.0491 7104	Boot type: Normal boot
14:32:34.0491 7104	============================================================
14:32:36.0279 7104	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:32:36.0500 7104	============================================================
14:32:36.0500 7104	\Device\Harddisk0\DR0:
14:32:36.0513 7104	MBR partitions:
14:32:36.0513 7104	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x10029D5, BlocksNum 0x2442B8DB
14:32:36.0513 7104	============================================================
14:32:36.0704 7104	C: <-> \Device\Harddisk0\DR0\Partition0
14:32:36.0722 7104	============================================================
14:32:36.0722 7104	Initialize success
14:32:36.0722 7104	============================================================
14:33:04.0838 7656	============================================================
14:33:04.0838 7656	Scan started
14:33:04.0838 7656	Mode: Manual; SigCheck; TDLFS; 
14:33:04.0838 7656	============================================================
14:33:05.0725 7656	61883           (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys
14:33:06.0178 7656	61883 - ok
14:33:06.0257 7656	acedrv11        (27f954120babb8a00f8745d8f5bc9b82) C:\Windows\system32\drivers\acedrv11.sys
14:33:06.0372 7656	acedrv11 - ok
14:33:06.0433 7656	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:33:06.0463 7656	ACPI - ok
14:33:06.0540 7656	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
14:33:06.0618 7656	adp94xx - ok
14:33:06.0647 7656	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
14:33:06.0696 7656	adpahci - ok
14:33:06.0712 7656	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
14:33:06.0755 7656	adpu160m - ok
14:33:06.0777 7656	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
14:33:06.0815 7656	adpu320 - ok
14:33:06.0877 7656	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
14:33:07.0065 7656	AeLookupSvc - ok
14:33:07.0144 7656	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
14:33:07.0270 7656	AFD - ok
14:33:07.0363 7656	agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
14:33:07.0394 7656	agp440 - ok
14:33:07.0447 7656	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:33:07.0477 7656	aic78xx - ok
14:33:07.0503 7656	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
14:33:07.0564 7656	ALG - ok
14:33:07.0592 7656	aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
14:33:07.0636 7656	aliide - ok
14:33:07.0681 7656	amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
14:33:07.0714 7656	amdagp - ok
14:33:07.0738 7656	amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
14:33:07.0764 7656	amdide - ok
14:33:07.0806 7656	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
14:33:07.0989 7656	AmdK7 - ok
14:33:08.0009 7656	AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
14:33:08.0106 7656	AmdK8 - ok
14:33:08.0189 7656	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
14:33:08.0247 7656	AntiVirSchedulerService - ok
14:33:08.0270 7656	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
14:33:08.0290 7656	AntiVirService - ok
14:33:08.0324 7656	AntiVirWebService (676894fa57b671fec5c3f05f8929e03b) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
14:33:08.0408 7656	AntiVirWebService - ok
14:33:08.0489 7656	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
14:33:08.0557 7656	Appinfo - ok
14:33:08.0664 7656	Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:33:08.0693 7656	Apple Mobile Device - ok
14:33:08.0751 7656	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
14:33:08.0790 7656	arc - ok
14:33:08.0850 7656	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
14:33:08.0883 7656	arcsas - ok
14:33:09.0108 7656	aspnet_state    (40c145f12ff461a0220303bda134f598) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:33:09.0220 7656	aspnet_state - ok
14:33:09.0267 7656	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:33:09.0342 7656	AsyncMac - ok
14:33:09.0383 7656	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
14:33:09.0396 7656	atapi - ok
14:33:09.0510 7656	athur           (f1fc2fd87ff77f63cd7f8bf95940b40c) C:\Windows\system32\DRIVERS\athur.sys
14:33:09.0725 7656	athur - ok
14:33:09.0860 7656	Ati External Event Utility (33ae5829bc9e8a71a493895b2ff7032c) C:\Windows\system32\Ati2evxx.exe
14:33:09.0969 7656	Ati External Event Utility - ok
14:33:10.0199 7656	atikmdag        (05853dc3d0549b6a0f2111840ba2ca26) C:\Windows\system32\DRIVERS\atikmdag.sys
14:33:10.0513 7656	atikmdag - ok
14:33:10.0660 7656	ATSWPDRV        (3ee6c0dc85872ad65447aa9b8dfeff30) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
14:33:10.0696 7656	ATSWPDRV - ok
14:33:10.0767 7656	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:33:10.0858 7656	AudioEndpointBuilder - ok
14:33:10.0867 7656	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:33:10.0896 7656	Audiosrv - ok
14:33:10.0924 7656	Avc             (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys
14:33:10.0984 7656	Avc - ok
14:33:11.0014 7656	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
14:33:11.0053 7656	avgntflt - ok
14:33:11.0098 7656	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
14:33:11.0141 7656	avipbb - ok
14:33:11.0165 7656	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
14:33:11.0193 7656	avkmgr - ok
14:33:11.0288 7656	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:33:11.0328 7656	Beep - ok
14:33:11.0404 7656	BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
14:33:11.0508 7656	BFE - ok
14:33:11.0585 7656	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
14:33:11.0698 7656	BITS - ok
14:33:11.0703 7656	blbdrive - ok
14:33:11.0825 7656	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:33:11.0857 7656	Bonjour Service - ok
14:33:11.0892 7656	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:33:11.0978 7656	bowser - ok
14:33:12.0024 7656	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:33:12.0085 7656	BrFiltLo - ok
14:33:12.0106 7656	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:33:12.0172 7656	BrFiltUp - ok
14:33:12.0202 7656	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
14:33:12.0268 7656	Browser - ok
14:33:12.0321 7656	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:33:12.0399 7656	Brserid - ok
14:33:12.0424 7656	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:33:12.0509 7656	BrSerWdm - ok
14:33:12.0541 7656	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:33:12.0630 7656	BrUsbMdm - ok
14:33:12.0659 7656	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:33:12.0732 7656	BrUsbSer - ok
14:33:12.0782 7656	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:33:12.0874 7656	BTHMODEM - ok
14:33:13.0057 7656	catchme - ok
14:33:13.0114 7656	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:33:13.0188 7656	cdfs - ok
14:33:13.0257 7656	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:33:13.0332 7656	cdrom - ok
14:33:13.0431 7656	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:33:13.0495 7656	CertPropSvc - ok
14:33:13.0531 7656	circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
14:33:13.0611 7656	circlass - ok
14:33:13.0650 7656	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:33:13.0702 7656	CLFS - ok
14:33:13.0775 7656	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:33:13.0807 7656	clr_optimization_v2.0.50727_32 - ok
14:33:13.0883 7656	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:33:13.0910 7656	clr_optimization_v4.0.30319_32 - ok
14:33:13.0923 7656	cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
14:33:13.0954 7656	cmdide - ok
14:33:13.0973 7656	Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
14:33:14.0002 7656	Compbatt - ok
14:33:14.0008 7656	COMSysApp - ok
14:33:14.0030 7656	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
14:33:14.0062 7656	crcdisk - ok
14:33:14.0083 7656	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
14:33:14.0171 7656	Crusoe - ok
14:33:14.0251 7656	CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
14:33:14.0293 7656	CryptSvc - ok
14:33:14.0408 7656	DBService       (48297bf3339bc56dd7d7524d7a1740aa) C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
14:33:14.0466 7656	DBService ( UnsignedFile.Multi.Generic ) - warning
14:33:14.0466 7656	DBService - detected UnsignedFile.Multi.Generic (1)
14:33:14.0533 7656	DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:33:14.0657 7656	DcomLaunch - ok
14:33:14.0697 7656	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:33:14.0778 7656	DfsC - ok
14:33:14.0924 7656	DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
14:33:15.0225 7656	DFSR - ok
14:33:15.0382 7656	Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
14:33:15.0461 7656	Dhcp - ok
14:33:15.0563 7656	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:33:15.0600 7656	disk - ok
14:33:15.0648 7656	Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
14:33:15.0732 7656	Dnscache - ok
14:33:15.0777 7656	dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
14:33:15.0856 7656	dot3svc - ok
14:33:15.0911 7656	Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
14:33:15.0984 7656	Dot4 - ok
14:33:16.0015 7656	Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:33:16.0075 7656	Dot4Print - ok
14:33:16.0099 7656	dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
14:33:16.0146 7656	dot4usb - ok
14:33:16.0203 7656	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
14:33:16.0253 7656	DPS - ok
14:33:16.0285 7656	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:33:16.0333 7656	drmkaud - ok
14:33:16.0392 7656	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:33:16.0471 7656	DXGKrnl - ok
14:33:16.0541 7656	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:33:16.0652 7656	E1G60 - ok
14:33:16.0722 7656	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
14:33:16.0780 7656	EapHost - ok
14:33:16.0843 7656	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:33:16.0874 7656	Ecache - ok
14:33:16.0938 7656	ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
14:33:17.0057 7656	ehRecvr - ok
14:33:17.0082 7656	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
14:33:17.0189 7656	ehSched - ok
14:33:17.0206 7656	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
14:33:17.0240 7656	ehstart - ok
14:33:17.0292 7656	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
14:33:17.0336 7656	elxstor - ok
14:33:17.0403 7656	EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
14:33:17.0591 7656	EMDMgmt - ok
14:33:17.0681 7656	EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
14:33:17.0762 7656	EventSystem - ok
14:33:17.0864 7656	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:33:17.0976 7656	exfat - ok
14:33:18.0036 7656	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:33:18.0089 7656	fastfat - ok
14:33:18.0137 7656	fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
14:33:18.0219 7656	fdc - ok
14:33:18.0259 7656	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
14:33:18.0293 7656	fdPHost - ok
14:33:18.0321 7656	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
14:33:18.0408 7656	FDResPub - ok
14:33:18.0459 7656	FETND6V         (403bedad0226653ba8d05aefc3f04a0c) C:\Windows\system32\DRIVERS\fetnd6v.sys
14:33:18.0512 7656	FETND6V - ok
14:33:18.0541 7656	FETNDIS         (b2b2c38e916184ff8523c7439ddd417f) C:\Windows\system32\DRIVERS\fetnd5.sys
14:33:18.0615 7656	FETNDIS - ok
14:33:18.0657 7656	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:33:18.0702 7656	FileInfo - ok
14:33:18.0728 7656	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:33:18.0781 7656	Filetrace - ok
14:33:18.0817 7656	FLMCKUSB        (7b854c3d489f38b5a031a5330d356ac3) C:\Windows\system32\drivers\flmckusb.sys
14:33:18.0881 7656	FLMCKUSB - ok
14:33:18.0911 7656	flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
14:33:18.0973 7656	flpydisk - ok
14:33:19.0017 7656	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:33:19.0070 7656	FltMgr - ok
14:33:19.0173 7656	FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
14:33:19.0277 7656	FontCache - ok
14:33:19.0452 7656	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:33:19.0553 7656	FontCache3.0.0.0 - ok
14:33:19.0582 7656	Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
14:33:19.0660 7656	Fs_Rec - ok
14:33:19.0687 7656	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
14:33:19.0716 7656	gagp30kx - ok
14:33:19.0787 7656	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
14:33:19.0810 7656	GEARAspiWDM - ok
14:33:19.0886 7656	gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
14:33:19.0977 7656	gpsvc - ok
14:33:20.0050 7656	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:33:20.0129 7656	HDAudBus - ok
14:33:20.0186 7656	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:33:20.0253 7656	HidBth - ok
14:33:20.0289 7656	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:33:20.0371 7656	HidIr - ok
14:33:20.0404 7656	hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
14:33:20.0466 7656	hidserv - ok
14:33:20.0506 7656	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:33:20.0538 7656	HidUsb - ok
14:33:20.0564 7656	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
14:33:20.0634 7656	hkmsvc - ok
14:33:20.0678 7656	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
14:33:20.0706 7656	HpCISSs - ok
14:33:20.0817 7656	hpqcxs08        (e4e285a3766b4a57401feeaf66cb07b5) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
14:33:20.0850 7656	hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
14:33:20.0850 7656	hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
14:33:20.0888 7656	hpqddsvc        (ee4c7a4cf2316701ffde90f404520265) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
14:33:20.0900 7656	hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
14:33:20.0900 7656	hpqddsvc - detected UnsignedFile.Multi.Generic (1)
14:33:20.0941 7656	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
14:33:21.0075 7656	HTTP - ok
14:33:21.0120 7656	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
14:33:21.0152 7656	i2omp - ok
14:33:21.0230 7656	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:33:21.0292 7656	i8042prt - ok
14:33:21.0322 7656	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
14:33:21.0370 7656	iaStorV - ok
14:33:21.0509 7656	IDriverT        (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
14:33:21.0551 7656	IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:33:21.0551 7656	IDriverT - detected UnsignedFile.Multi.Generic (1)
14:33:21.0700 7656	idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:33:21.0889 7656	idsvc - ok
14:33:22.0010 7656	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:33:22.0038 7656	iirsp - ok
14:33:22.0139 7656	IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
14:33:22.0253 7656	IKEEXT - ok
14:33:22.0361 7656	IntcAzAudAddService (a47b2875680ad67b35c6150bd0203056) C:\Windows\system32\drivers\RTKVHDA.sys
14:33:22.0683 7656	IntcAzAudAddService - ok
14:33:22.0811 7656	intelide        (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
14:33:22.0840 7656	intelide - ok
14:33:22.0910 7656	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:33:22.0951 7656	intelppm - ok
14:33:22.0987 7656	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
14:33:23.0039 7656	IPBusEnum - ok
14:33:23.0075 7656	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:33:23.0126 7656	IpFilterDriver - ok
14:33:23.0176 7656	iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
14:33:23.0266 7656	iphlpsvc - ok
14:33:23.0271 7656	IpInIp - ok
14:33:23.0304 7656	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
14:33:23.0374 7656	IPMIDRV - ok
14:33:23.0408 7656	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:33:23.0485 7656	IPNAT - ok
14:33:23.0582 7656	iPod Service    (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
14:33:23.0717 7656	iPod Service - ok
14:33:23.0773 7656	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:33:23.0834 7656	IRENUM - ok
14:33:23.0870 7656	isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
14:33:23.0896 7656	isapnp - ok
14:33:23.0948 7656	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:33:23.0978 7656	iScsiPrt - ok
14:33:23.0992 7656	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:33:24.0021 7656	iteatapi - ok
14:33:24.0061 7656	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:33:24.0090 7656	iteraid - ok
14:33:24.0185 7656	jswpsapi        (cf9ba304b8047b9582d72d9bfef42eae) C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe
14:33:24.0314 7656	jswpsapi - ok
14:33:24.0381 7656	jswpslwf        (55c9b4252b751226b838eed2bc50bb64) C:\Windows\system32\DRIVERS\jswpslwf.sys
14:33:24.0459 7656	jswpslwf - ok
14:33:24.0516 7656	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:33:24.0593 7656	kbdclass - ok
14:33:24.0663 7656	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
14:33:24.0701 7656	kbdhid - ok
14:33:24.0731 7656	KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:33:24.0799 7656	KeyIso - ok
14:33:24.0852 7656	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
14:33:24.0938 7656	KSecDD - ok
14:33:25.0011 7656	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
14:33:25.0097 7656	KtmRm - ok
14:33:25.0166 7656	LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
14:33:25.0261 7656	LanmanServer - ok
14:33:25.0327 7656	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
14:33:25.0433 7656	LanmanWorkstation - ok
14:33:25.0464 7656	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:33:25.0524 7656	lltdio - ok
14:33:25.0575 7656	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
14:33:25.0654 7656	lltdsvc - ok
14:33:25.0685 7656	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
14:33:25.0764 7656	lmhosts - ok
14:33:25.0804 7656	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
14:33:25.0824 7656	LSI_FC - ok
14:33:25.0848 7656	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
14:33:25.0868 7656	LSI_SAS - ok
14:33:25.0912 7656	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
14:33:25.0943 7656	LSI_SCSI - ok
14:33:25.0966 7656	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:33:26.0029 7656	luafv - ok
14:33:26.0057 7656	Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
14:33:26.0110 7656	Mcx2Svc - ok
14:33:26.0179 7656	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
14:33:26.0208 7656	megasas - ok
14:33:26.0310 7656	Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files\Microsoft Office 2007\Office12\GrooveAuditService.exe
14:33:26.0332 7656	Microsoft Office Groove Audit Service - ok
14:33:26.0355 7656	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:33:26.0422 7656	MMCSS - ok
14:33:26.0463 7656	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:33:26.0528 7656	Modem - ok
14:33:26.0572 7656	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:33:26.0599 7656	monitor - ok
14:33:26.0626 7656	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:33:26.0646 7656	mouclass - ok
14:33:26.0677 7656	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:33:26.0708 7656	mouhid - ok
14:33:26.0731 7656	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:33:26.0769 7656	MountMgr - ok
14:33:26.0816 7656	MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:33:26.0852 7656	MozillaMaintenance - ok
14:33:26.0879 7656	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
14:33:26.0924 7656	mpio - ok
14:33:26.0950 7656	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:33:27.0006 7656	mpsdrv - ok
14:33:27.0055 7656	MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
14:33:27.0152 7656	MpsSvc - ok
14:33:27.0191 7656	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:33:27.0226 7656	Mraid35x - ok
14:33:27.0267 7656	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:33:27.0319 7656	MRxDAV - ok
14:33:27.0353 7656	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:33:27.0405 7656	mrxsmb - ok
14:33:27.0441 7656	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:33:27.0515 7656	mrxsmb10 - ok
14:33:27.0552 7656	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:33:27.0607 7656	mrxsmb20 - ok
14:33:27.0633 7656	msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
14:33:27.0667 7656	msahci - ok
14:33:27.0698 7656	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
14:33:27.0728 7656	msdsm - ok
14:33:27.0758 7656	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
14:33:27.0830 7656	MSDTC - ok
14:33:27.0905 7656	MSDV            (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys
14:33:27.0940 7656	MSDV - ok
14:33:27.0969 7656	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:33:28.0035 7656	Msfs - ok
14:33:28.0082 7656	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:33:28.0118 7656	msisadrv - ok
14:33:28.0162 7656	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
14:33:28.0242 7656	MSiSCSI - ok
14:33:28.0249 7656	MSIServer - ok
14:33:28.0310 7656	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:33:28.0356 7656	MSKSSRV - ok
14:33:28.0380 7656	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:33:28.0435 7656	MSPCLOCK - ok
14:33:28.0465 7656	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:33:28.0532 7656	MSPQM - ok
14:33:28.0569 7656	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:33:28.0620 7656	MsRPC - ok
14:33:28.0652 7656	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:33:28.0668 7656	mssmbios - ok
14:33:28.0694 7656	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:33:28.0756 7656	MSTEE - ok
14:33:28.0802 7656	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:33:28.0836 7656	Mup - ok
14:33:28.0891 7656	napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
14:33:28.0951 7656	napagent - ok
14:33:28.0993 7656	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:33:29.0057 7656	NativeWifiP - ok
14:33:29.0125 7656	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:33:29.0165 7656	NDIS - ok
14:33:29.0199 7656	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:33:29.0256 7656	NdisTapi - ok
14:33:29.0291 7656	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:33:29.0327 7656	Ndisuio - ok
14:33:29.0376 7656	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:33:29.0428 7656	NdisWan - ok
14:33:29.0461 7656	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:33:29.0523 7656	NDProxy - ok
14:33:29.0582 7656	Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\Windows\system32\HPZinw12.dll
14:33:29.0613 7656	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:33:29.0613 7656	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:33:29.0673 7656	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:33:29.0824 7656	NetBIOS - ok
14:33:29.0883 7656	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
14:33:29.0976 7656	netbt - ok
14:33:30.0004 7656	Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:33:30.0020 7656	Netlogon - ok
14:33:30.0090 7656	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
14:33:30.0194 7656	Netman - ok
14:33:30.0243 7656	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
14:33:30.0302 7656	netprofm - ok
14:33:30.0394 7656	NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:33:30.0424 7656	NetTcpPortSharing - ok
14:33:30.0464 7656	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:33:30.0485 7656	nfrd960 - ok
14:33:30.0527 7656	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
14:33:30.0584 7656	NlaSvc - ok
14:33:30.0620 7656	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:33:30.0701 7656	Npfs - ok
14:33:30.0743 7656	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
14:33:30.0798 7656	nsi - ok
14:33:30.0826 7656	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:33:30.0861 7656	nsiproxy - ok
14:33:30.0952 7656	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:33:31.0130 7656	Ntfs - ok
14:33:31.0168 7656	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:33:31.0259 7656	ntrigdigi - ok
14:33:31.0292 7656	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:33:31.0350 7656	Null - ok
14:33:31.0389 7656	nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
14:33:31.0416 7656	nvraid - ok
14:33:31.0435 7656	nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
14:33:31.0469 7656	nvstor - ok
14:33:31.0493 7656	nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
14:33:31.0520 7656	nv_agp - ok
14:33:31.0527 7656	NwlnkFlt - ok
14:33:31.0537 7656	NwlnkFwd - ok
14:33:31.0627 7656	odserv          (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:33:31.0701 7656	odserv - ok
14:33:31.0754 7656	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
14:33:31.0796 7656	ohci1394 - ok
14:33:31.0836 7656	omniserv        (b26c72b847054fd053d060818ab3278f) C:\Program Files\Softex\OmniPass\OmniServ.exe
14:33:31.0871 7656	omniserv ( UnsignedFile.Multi.Generic ) - warning
14:33:31.0871 7656	omniserv - detected UnsignedFile.Multi.Generic (1)
14:33:31.0933 7656	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:33:31.0972 7656	ose - ok
14:33:32.0047 7656	ovt519          (4cdadec3dc1300ee1d313ea5494e6472) C:\Windows\system32\Drivers\ov519vid.sys
14:33:32.0109 7656	ovt519 ( UnsignedFile.Multi.Generic ) - warning
14:33:32.0109 7656	ovt519 - detected UnsignedFile.Multi.Generic (1)
14:33:32.0200 7656	p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:33:32.0378 7656	p2pimsvc - ok
14:33:32.0393 7656	p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:33:32.0470 7656	p2psvc - ok
14:33:32.0496 7656	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:33:32.0574 7656	Parport - ok
14:33:32.0598 7656	partmgr         (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
14:33:32.0633 7656	partmgr - ok
14:33:32.0653 7656	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:33:32.0740 7656	Parvdm - ok
14:33:32.0809 7656	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
14:33:32.0894 7656	PcaSvc - ok
14:33:32.0942 7656	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:33:32.0984 7656	pci - ok
14:33:33.0007 7656	pciide          (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
14:33:33.0051 7656	pciide - ok
14:33:33.0080 7656	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:33:33.0137 7656	pcmcia - ok
14:33:33.0222 7656	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:33:33.0426 7656	PEAUTH - ok
14:33:33.0543 7656	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
14:33:33.0765 7656	pla - ok
14:33:33.0894 7656	PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
14:33:33.0985 7656	PlugPlay - ok
14:33:34.0037 7656	Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\Windows\system32\HPZipm12.dll
14:33:34.0071 7656	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:33:34.0071 7656	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:33:34.0136 7656	PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:33:34.0236 7656	PNRPAutoReg - ok
14:33:34.0251 7656	PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:33:34.0318 7656	PNRPsvc - ok
14:33:34.0377 7656	PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
14:33:34.0498 7656	PolicyAgent - ok
14:33:34.0574 7656	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:33:34.0626 7656	PptpMiniport - ok
14:33:34.0661 7656	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
14:33:34.0735 7656	Processor - ok
14:33:34.0779 7656	ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
14:33:34.0833 7656	ProfSvc - ok
14:33:34.0901 7656	ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:33:34.0944 7656	ProtectedStorage - ok
14:33:35.0009 7656	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:33:35.0057 7656	PSched - ok
14:33:35.0088 7656	PxHelp20        (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
14:33:35.0136 7656	PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
14:33:35.0136 7656	PxHelp20 - detected UnsignedFile.Multi.Generic (1)
14:33:35.0224 7656	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
14:33:35.0403 7656	ql2300 - ok
14:33:35.0429 7656	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:33:35.0457 7656	ql40xx - ok
14:33:35.0517 7656	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
14:33:35.0596 7656	QWAVE - ok
14:33:35.0622 7656	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:33:35.0658 7656	QWAVEdrv - ok
14:33:35.0815 7656	R300            (05853dc3d0549b6a0f2111840ba2ca26) C:\Windows\system32\DRIVERS\atikmdag.sys
14:33:36.0004 7656	R300 - ok
14:33:36.0134 7656	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:33:36.0187 7656	RasAcd - ok
14:33:36.0213 7656	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
14:33:36.0290 7656	RasAuto - ok
14:33:36.0328 7656	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:33:36.0397 7656	Rasl2tp - ok
14:33:36.0443 7656	RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
14:33:36.0523 7656	RasMan - ok
14:33:36.0571 7656	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:33:36.0628 7656	RasPppoe - ok
14:33:36.0667 7656	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:33:36.0704 7656	RasSstp - ok
14:33:36.0752 7656	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:33:36.0832 7656	rdbss - ok
14:33:36.0864 7656	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:33:36.0912 7656	RDPCDD - ok
14:33:36.0970 7656	rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
14:33:37.0066 7656	rdpdr - ok
14:33:37.0098 7656	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:33:37.0152 7656	RDPENCDD - ok
14:33:37.0194 7656	RDPWD           (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
14:33:37.0242 7656	RDPWD - ok
14:33:37.0302 7656	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
14:33:37.0372 7656	RemoteAccess - ok
14:33:37.0408 7656	RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
14:33:37.0477 7656	RemoteRegistry - ok
14:33:37.0599 7656	RoxMediaDB9     (9c19e4419a6acf8fff53f1dd1c305e9e) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
14:33:37.0685 7656	RoxMediaDB9 - ok
14:33:37.0727 7656	RoxWatch9       (9d95da35ec22511a1ceb38a8c3a0bc7e) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
14:33:37.0785 7656	RoxWatch9 - ok
14:33:37.0814 7656	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
14:33:37.0884 7656	RpcLocator - ok
14:33:37.0942 7656	RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:33:37.0982 7656	RpcSs - ok
14:33:38.0041 7656	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:33:38.0092 7656	rspndr - ok
14:33:38.0116 7656	SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:33:38.0134 7656	SamSs - ok
14:33:38.0157 7656	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:33:38.0193 7656	sbp2port - ok
14:33:38.0255 7656	SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
14:33:38.0299 7656	SCardSvr - ok
14:33:38.0352 7656	Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
14:33:38.0455 7656	Schedule - ok
14:33:38.0477 7656	SCMNdisP        (3b68015683c27cb00c7a6b60a37cbcfd) C:\Windows\system32\DRIVERS\scmndisp.sys
14:33:38.0497 7656	SCMNdisP - ok
14:33:38.0554 7656	SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:33:38.0580 7656	SCPolicySvc - ok
14:33:38.0609 7656	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
14:33:38.0775 7656	SDRSVC - ok
14:33:38.0801 7656	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:33:38.0888 7656	secdrv - ok
14:33:38.0930 7656	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
14:33:38.0988 7656	seclogon - ok
14:33:39.0019 7656	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
14:33:39.0062 7656	SENS - ok
14:33:39.0084 7656	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:33:39.0154 7656	Serenum - ok
14:33:39.0181 7656	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:33:39.0266 7656	Serial - ok
14:33:39.0315 7656	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:33:39.0350 7656	sermouse - ok
14:33:39.0407 7656	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
14:33:39.0483 7656	SessionEnv - ok
14:33:39.0517 7656	sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
14:33:39.0596 7656	sffdisk - ok
14:33:39.0626 7656	sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
14:33:39.0711 7656	sffp_mmc - ok
14:33:39.0732 7656	sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
14:33:39.0812 7656	sffp_sd - ok
14:33:39.0847 7656	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:33:39.0904 7656	sfloppy - ok
14:33:39.0930 7656	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
14:33:40.0113 7656	SharedAccess - ok
14:33:40.0152 7656	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
14:33:40.0269 7656	ShellHWDetection - ok
14:33:40.0305 7656	sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
14:33:40.0357 7656	sisagp - ok
14:33:40.0409 7656	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
14:33:40.0437 7656	SiSRaid2 - ok
14:33:40.0453 7656	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
14:33:40.0477 7656	SiSRaid4 - ok
14:33:40.0656 7656	slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
14:33:41.0233 7656	slsvc - ok
14:33:41.0365 7656	SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
14:33:41.0426 7656	SLUINotify - ok
14:33:41.0495 7656	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:33:41.0544 7656	Smb - ok
14:33:41.0591 7656	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
14:33:41.0624 7656	SNMPTRAP - ok
14:33:41.0674 7656	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:33:41.0704 7656	spldr - ok
14:33:41.0730 7656	Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
14:33:41.0801 7656	Spooler - ok
14:33:41.0901 7656	sptd            (0c1dad75274cb6e31f053ce3e08bf9c3) C:\Windows\System32\Drivers\sptd.sys
14:33:42.0007 7656	sptd - ok
14:33:42.0049 7656	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:33:42.0158 7656	srv - ok
14:33:42.0193 7656	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:33:42.0263 7656	srv2 - ok
14:33:42.0282 7656	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:33:42.0323 7656	srvnet - ok
14:33:42.0352 7656	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
14:33:42.0398 7656	SSDPSRV - ok
14:33:42.0437 7656	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
14:33:42.0482 7656	ssmdrv - ok
14:33:42.0548 7656	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
14:33:42.0631 7656	SstpSvc - ok
14:33:42.0678 7656	StillCam        (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
14:33:42.0744 7656	StillCam - ok
14:33:42.0808 7656	stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
14:33:42.0878 7656	stisvc - ok
14:33:42.0943 7656	stllssvr        (51778fd315c9882f1cbd932743e62a72) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
14:33:43.0001 7656	stllssvr ( UnsignedFile.Multi.Generic ) - warning
14:33:43.0001 7656	stllssvr - detected UnsignedFile.Multi.Generic (1)
14:33:43.0038 7656	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:33:43.0059 7656	swenum - ok
14:33:43.0129 7656	swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
14:33:43.0198 7656	swprv - ok
14:33:43.0237 7656	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:33:43.0259 7656	Symc8xx - ok
14:33:43.0280 7656	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:33:43.0310 7656	Sym_hi - ok
14:33:43.0331 7656	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:33:43.0362 7656	Sym_u3 - ok
14:33:43.0426 7656	SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
14:33:43.0551 7656	SysMain - ok
14:33:43.0588 7656	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
14:33:43.0653 7656	TabletInputService - ok
14:33:43.0707 7656	TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
14:33:43.0791 7656	TapiSrv - ok
14:33:43.0829 7656	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
14:33:43.0862 7656	TBS - ok
14:33:43.0933 7656	Tcpip           (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
14:33:44.0031 7656	Tcpip - ok
14:33:44.0050 7656	Tcpip6          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
14:33:44.0094 7656	Tcpip6 - ok
14:33:44.0137 7656	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
14:33:44.0205 7656	tcpipreg - ok
14:33:44.0224 7656	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:33:44.0287 7656	TDPIPE - ok
14:33:44.0311 7656	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:33:44.0386 7656	TDTCP - ok
14:33:44.0423 7656	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:33:44.0468 7656	tdx - ok
14:33:44.0505 7656	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:33:44.0545 7656	TermDD - ok
14:33:44.0608 7656	TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
14:33:44.0717 7656	TermService - ok
14:33:44.0765 7656	Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
14:33:44.0800 7656	Themes - ok
14:33:44.0829 7656	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:33:44.0862 7656	THREADORDER - ok
14:33:44.0895 7656	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
14:33:44.0967 7656	TrkWks - ok
14:33:45.0041 7656	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
14:33:45.0088 7656	TrustedInstaller - ok
14:33:45.0187 7656	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:33:45.0356 7656	tssecsrv - ok
14:33:45.0419 7656	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:33:45.0472 7656	tunmp - ok
14:33:45.0497 7656	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:33:45.0564 7656	tunnel - ok
14:33:45.0624 7656	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
14:33:45.0656 7656	uagp35 - ok
14:33:45.0705 7656	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:33:45.0763 7656	udfs - ok
14:33:45.0802 7656	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
14:33:45.0876 7656	UI0Detect - ok
14:33:45.0913 7656	uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
14:33:45.0946 7656	uliagpkx - ok
14:33:45.0977 7656	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
14:33:46.0026 7656	uliahci - ok
14:33:46.0050 7656	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:33:46.0088 7656	UlSata - ok
14:33:46.0117 7656	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:33:46.0151 7656	ulsata2 - ok
14:33:46.0180 7656	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:33:46.0217 7656	umbus - ok
14:33:46.0257 7656	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
14:33:46.0326 7656	upnphost - ok
14:33:46.0377 7656	USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
14:33:46.0424 7656	USBAAPL - ok
14:33:46.0470 7656	usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
14:33:46.0541 7656	usbaudio - ok
14:33:46.0598 7656	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:33:46.0671 7656	usbccgp - ok
14:33:46.0703 7656	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:33:46.0785 7656	usbcir - ok
14:33:46.0827 7656	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:33:46.0876 7656	usbehci - ok
14:33:46.0922 7656	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:33:46.0993 7656	usbhub - ok
14:33:47.0033 7656	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
14:33:47.0100 7656	usbohci - ok
14:33:47.0130 7656	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:33:47.0166 7656	usbprint - ok
14:33:47.0190 7656	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
14:33:47.0233 7656	usbscan - ok
14:33:47.0286 7656	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:33:47.0355 7656	USBSTOR - ok
14:33:47.0383 7656	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:33:47.0442 7656	usbuhci - ok
14:33:47.0478 7656	UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
14:33:47.0522 7656	UxSms - ok
14:33:47.0589 7656	vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
14:33:47.0674 7656	vds - ok
14:33:47.0748 7656	vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
14:33:47.0831 7656	vga - ok
14:33:47.0867 7656	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:33:47.0905 7656	VgaSave - ok
14:33:47.0935 7656	viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
14:33:47.0965 7656	viaagp - ok
14:33:47.0992 7656	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
14:33:48.0079 7656	ViaC7 - ok
14:33:48.0122 7656	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
14:33:48.0142 7656	viaide - ok
14:33:48.0156 7656	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:33:48.0193 7656	volmgr - ok
14:33:48.0251 7656	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:33:48.0317 7656	volmgrx - ok
14:33:48.0384 7656	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:33:48.0431 7656	volsnap - ok
14:33:48.0458 7656	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
14:33:48.0499 7656	vsmraid - ok
14:33:48.0586 7656	VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
14:33:48.0797 7656	VSS - ok
14:33:48.0856 7656	W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
14:33:48.0927 7656	W32Time - ok
14:33:48.0989 7656	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:33:49.0074 7656	WacomPen - ok
14:33:49.0109 7656	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:33:49.0150 7656	Wanarp - ok
14:33:49.0154 7656	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:33:49.0179 7656	Wanarpv6 - ok
14:33:49.0214 7656	wanatw          (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
14:33:49.0260 7656	wanatw - ok
14:33:49.0320 7656	wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
14:33:49.0383 7656	wcncsvc - ok
14:33:49.0418 7656	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
14:33:49.0482 7656	WcsPlugInService - ok
14:33:49.0536 7656	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
14:33:49.0566 7656	Wd - ok
14:33:49.0607 7656	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:33:49.0687 7656	Wdf01000 - ok
14:33:49.0723 7656	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:33:49.0781 7656	WdiServiceHost - ok
14:33:49.0788 7656	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:33:49.0822 7656	WdiSystemHost - ok
14:33:49.0869 7656	WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
14:33:49.0928 7656	WebClient - ok
14:33:49.0954 7656	Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
14:33:50.0081 7656	Wecsvc - ok
14:33:50.0112 7656	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
14:33:50.0162 7656	wercplsupport - ok
14:33:50.0206 7656	WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
14:33:50.0295 7656	WerSvc - ok
14:33:50.0532 7656	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
14:33:50.0587 7656	WinDefend - ok
14:33:50.0598 7656	WinHttpAutoProxySvc - ok
14:33:50.0698 7656	Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
14:33:50.0741 7656	Winmgmt - ok
14:33:50.0817 7656	WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
14:33:50.0983 7656	WinRM - ok
14:33:51.0051 7656	Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
14:33:51.0186 7656	Wlansvc - ok
14:33:51.0263 7656	WmiAcpi         (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
14:33:51.0347 7656	WmiAcpi - ok
14:33:51.0436 7656	wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
14:33:51.0491 7656	wmiApSrv - ok
14:33:51.0620 7656	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
14:33:51.0763 7656	WMPNetworkSvc - ok
14:33:51.0813 7656	WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
14:33:51.0932 7656	WPCSvc - ok
14:33:51.0959 7656	WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
14:33:52.0013 7656	WPDBusEnum - ok
14:33:52.0095 7656	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
14:33:52.0136 7656	WpdUsb - ok
14:33:52.0267 7656	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:33:52.0381 7656	WPFFontCache_v0400 - ok
14:33:52.0423 7656	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:33:52.0458 7656	ws2ifsl - ok
14:33:52.0509 7656	wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
14:33:52.0548 7656	wscsvc - ok
14:33:52.0555 7656	WSearch - ok
14:33:52.0644 7656	WSWNA1100       (35a20217c4d06d1d36a3addfd8ce58c2) C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
14:33:52.0693 7656	WSWNA1100 ( UnsignedFile.Multi.Generic ) - warning
14:33:52.0693 7656	WSWNA1100 - detected UnsignedFile.Multi.Generic (1)
14:33:52.0796 7656	wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
14:33:53.0046 7656	wuauserv - ok
14:33:53.0211 7656	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:33:53.0262 7656	WUDFRd - ok
14:33:53.0300 7656	wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
14:33:53.0392 7656	wudfsvc - ok
14:33:53.0433 7656	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:33:53.0630 7656	\Device\Harddisk0\DR0 - ok
14:33:53.0635 7656	Boot (0x1200)   (c8408a63f50033328f0c0b27932aed48) \Device\Harddisk0\DR0\Partition0
14:33:53.0639 7656	\Device\Harddisk0\DR0\Partition0 - ok
14:33:53.0640 7656	============================================================
14:33:53.0640 7656	Scan finished
14:33:53.0640 7656	============================================================
14:33:53.0661 7888	Detected object count: 11
14:33:53.0661 7888	Actual detected object count: 11
14:35:22.0262 7888	DBService ( UnsignedFile.Multi.Generic ) - skipped by user
14:35:22.0262 7888	DBService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:35:22.0268 7888	hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
14:35:22.0268 7888	hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:35:22.0268 7888	hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:35:22.0268 7888	hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:35:22.0271 7888	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
14:35:22.0272 7888	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:35:22.0275 7888	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:35:22.0277 7888	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:35:22.0282 7888	omniserv ( UnsignedFile.Multi.Generic ) - skipped by user
14:35:22.0282 7888	omniserv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:35:22.0285 7888	ovt519 ( UnsignedFile.Multi.Generic ) - skipped by user
14:35:22.0286 7888	ovt519 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:35:22.0291 7888	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:35:22.0291 7888	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:35:22.0294 7888	PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
14:35:22.0295 7888	PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:35:22.0298 7888	stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
14:35:22.0301 7888	stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:35:22.0303 7888	WSWNA1100 ( UnsignedFile.Multi.Generic ) - skipped by user
14:35:22.0303 7888	WSWNA1100 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
der report.
11 threats gefunden.

Alt 27.07.2012, 18:56   #10
markusg
/// Malware-holic
 
BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash - Standard

BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash



sind alle io
lade den CCleaner standard:
CCleaner Download - CCleaner 3.21.1767
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 28.07.2012, 16:16   #11
pe__ka
 
BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash - Standard

BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash



hier die liste:

Code:
ATTFilter
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	20.08.2011		10.3.183.5		benötigt
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	03.10.2011		11.0.1.152			benöt.
Adobe Reader 9.4.6 - Deutsch	Adobe Systems Incorporated	20.09.2011	169,2MB	9.4.6			benöt.
ALUpdate	ESTsoft Corp.	09.01.2008	2,05MB						benöt
ALZip	ESTsoft Corp.	09.01.2008	11,8MB	7.0 beta1						benöt
Apple Application Support	Apple Inc.	01.02.2012	61,2MB	2.1.6				unbek
Apple Mobile Device Support	Apple Inc.	26.10.2011	24,1MB	4.0.0.96				unbek
Apple Software Update	Apple Inc.	26.10.2011	2,38MB	2.1.3.127				benöt
ATI Catalyst Install Manager	ATI Technologies, Inc.	05.04.2010	13,7MB	3.0.708.0			benöt
Avira Free Antivirus	Avira	08.05.2012	184,9MB	12.0.0.1125					benöt
Avira SearchFree Toolbar plus Web Protection	Ask.com	30.04.2012	4,25MB	1.14.1.0			unnöt
Avira SearchFree Toolbar plus Web Protection Updater	Ask.com	29.04.2012	1,36MB	1.2.0.20064	unnöt
Bonjour	Apple Inc.	27.10.2011	0,92MB	3.0.0.10						unnöt
CCleaner	Piriform	02.05.2012	2,73MB	3.18							benöt
Creator 9		12.02.2007									benöt
D-Link VGA Webcam		16.01.2008							unnöt
DATA BECKER Stream Catcher 2 FREE		30.10.2011	36,0MB					unnöt
DeepBurner v1.9.0.228		06.02.2012	7,68MB						unnöt
DivX Converter	DivX, Inc.	25.04.2010	52,7MB	7.1.0						unbek
DivX Plus DirectShow Filters	DivX, Inc.	25.04.2010	1,22MB						unbek
DivX-Setup	DivX, Inc. 	25.04.2010	1,77MB	1.0.0.450					unbek
Free DVD Video Burner version 2.4.10	DVDVideoSoft Limited.	18.12.2010	5,07MB			unnöt
Free Studio version 5.2.1	DVDVideoSoft Ltd.	19.11.2011	41,4MB					unnöt
Free Video Converter V 2.3	Koyote Soft	07.11.2009	13,1MB	2.3.0.0				unnöt
Free Video to iPhone Converter version 5.0.4.1228	DVDVideoSoft Ltd.	11.02.2012	14,0MB			unnöt
Free Video to Mp3 Converter version 3.1	DVD Video Soft Limited.	22.08.2008	2,50MB			unnöt
Free YouTube Download 2.9	DVDVideoSoft Limited.	28.09.2010	2,30MB				unnöt
Free YouTube to DVD Converter version 2.7.21	DVDVideoSoft Limited.	18.12.2010	2,98MB		unnöt
FUSSBALL MANAGER 06		22.02.2007	1.807MB						unnöt
Guitar Pro 5.0	Arobas Music	17.12.2007	363MB						bekannt
HijackThis 2.0.2	TrendMicro	14.01.2010	0,39MB	2.0.2					bekannt
HotPotatoes v 6.3.0.4	HalfBaked	05.10.2010	26,2MB						unnöt
HP Customer Participation Program 8.0	HP	15.04.2007	192,2MB	8.0				unbekannt
HP Imaging Device Functions 8.0	HP	15.04.2007	1,54MB	8.0				unbekannt
HP OCR Software 8.0	HP	15.04.2007	1,53MB	8.0					unbekannt
HP Photosmart Essential	HP	15.04.2007	10,2MB	1.12.0.46					unbekannt
HP Photosmart.All-In-One Driver Software 8.0 .A	HP	15.04.2007	30,7MB	8.0			unbekannt
HP Solution Center 8.0	HP	15.04.2007	1,53MB	8.0					unbekannt
HP Update	Hewlett-Packard	25.10.2008	3,71MB	4.000.012.001				unbekannt
ICQ7.2	ICQ	30.10.2010	45,1MB	7.2							unnötig
Infocentre Rev. 2.0		12.02.2007	59,4MB							unbekannt
iTunes	Apple Inc.	27.10.2011	168,7MB	10.5.0.142						bekannt
Java(TM) 6 Update 29	Sun Microsystems, Inc.	12.01.2009	94,4MB	6.0.290			bekannt
Keyboard Hotkey V1.03		12.02.2007							unbekannt
Last.fm 1.5.4.27091	Last.fm	13.12.2010	18,3MB							bekannt
MAGIX Online Druck Service	Silverwire Software GmbH	28.04.2008	6,36MB					unbekannt
MAGIX Video deLuxe 2005 PLUS	MAGIX AG	28.04.2008	25.521MB	4.5.0.76				unbekannt
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	01.05.2012	4,09MB	1.61.0.1400	bekannt
Microsoft .NET Framework 1.1		07.02.2012								unbekannt
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	09.08.2009	37,1MB		unbekannt
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	15.06.2009	27,8MB				unbekannt
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	24.06.2010	120,3MB	4.0.30319		unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	24.06.2010	24,5MB	4.0.30319		unbekannt
Microsoft Encarta 99 Enzyklopädie	Microsoft Corporation	25.02.2009	13,3MB	99D			unnötig
Microsoft Office Enterprise 2007	Microsoft Corporation	12.11.2010	615MB	12.0.6425.1000		unbekannt
Microsoft Office File Validation Add-In	Microsoft Corporation	19.09.2011	7,95MB	14.0.5130.5003		unbekannt
Microsoft Office Live Add-in 1.5	Microsoft Corporation	02.05.2012	0,49MB	2.0.4024.1			unbekannt
Microsoft Office XP Professional mit FrontPage	Microsoft Corporation	01.07.2009	235MB	10.0.2701.0	bekannt
Microsoft Silverlight	Microsoft Corporation	18.05.2012	159,4MB	4.1.10329.0				unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	12.11.2010	0,25MB	8.0.50727.4053	unbekannt
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	16.06.2011	0,29MB	8.0.61001				unbekannt
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	13.11.2010	0,19MB	9.0.30729.4148	unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	04.11.2009	1,41MB	9.0.21022			unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	10.06.2009	0,58MB	9.0.30729			unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	16.06.2011	0,58MB	9.0.30729.6161		unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	01.05.2012	16,5MB	10.0.40219			unbekannt
Microsoft WSE 3.0 Runtime	Microsoft Corp.	01.07.2009	0,92MB	3.0.5305.0							unbekannt
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme	Microsoft Corporation	17.02.2010	0,13MB	12.0.4518.1014  unnötig
Mozilla Firefox 14.0.1 (x86 de)	Mozilla	17.07.2012	41,9MB	14.0.1						bekannt
Mozilla Maintenance Service	Mozilla	17.07.2012	0,21MB	14.0.1						bekannt
MSXML 4.0 SP2 (KB927978)	Microsoft Corporation	03.04.2007	1,24MB	4.20.9841.0			unbekannt
MSXML 4.0 SP2 (KB936181)	Microsoft Corporation	14.08.2007	1,27MB	4.20.9848.0			unbekannt
MSXML 4.0 SP2 (KB941833)	Microsoft Corporation	10.10.2007	1,27MB	4.20.9849.0			unbekannt
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	13.11.2008	1,28MB	4.20.9870.0			unbekannt
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	03.12.2009	1,34MB	4.20.9876.0			unbekannt
NETGEAR WNA1100 N150 Wireless USB Adapter	NETGEAR	11.04.2012	12,4MB	1.0.0.133			bekannt
NIS2007		12.02.2007										unbekannt
Omnipass 5		12.02.2007	23,5MB								unbekannt
OpenOffice.org 3.0	OpenOffice.org	28.03.2009	333MB	3.0.9379						bekannt
Packard Bell Updator		12.02.2007	68,4MB							unbekannt
Paint.NET v3.36	dotPDN LLC	22.02.2009	3,97MB	3.36.0						bekannt
Protect Disc License Helper 1.0.118	Protect Disc	30.10.2011	0,84MB	1.0.118				unbekannt
ProtectDisc Driver, Version 11	ProtectDisc Software GmbH	30.10.2011	96,00KB	11.0.0.11				unbekannt
QuickTime	Apple Inc.	06.01.2011	73,7MB	7.69.80.9						bekannt
Realtek HD Audio V6.0.1.5322		12.02.2007								bekannt
RTC Client API v1.2	Microsoft	15.01.2007	0,11MB	1.2.0000							unbekannt
Safari	Apple Inc.	02.02.2012	43,3MB	5.34.52.7							unnötig
SetUp My PC		12.02.2007									unbekannt
Shop for HP Supplies	HP	22.04.2008	195,4MB	10.0						unbekannt
Sicherer Spieltreiber		10.08.2008	1,28MB								unbekannt
Skype 2.5.2.151		12.02.2007	20,7MB								bekannt
Skype web features	Skype Technologies S.A.	22.07.2009	4,96MB	1.0.3810					bekannt
Skype™ 4.1	Skype Technologies S.A.	22.07.2009	31,1MB	4.1.141					bekannt
Spelling Dictionaries Support For Adobe Reader 9	Adobe Systems Incorporated	28.11.2008	30,3MB	9.0.0		unbekannt
Switch Sound File Converter	NCH Software	15.08.2011	2,78MB						unbekannt
TurnierPlaner Version 4.0	CilexSoft	28.03.2011	17,4MB	4.0						bekannt
Uninstall 1.0.0.1		28.09.2010	16,3MB								unbekannt
VIA Rhine Family Fast Ethernet Adapter		07.02.2012							bekannt
Video ATI v8.31		12.02.2007									unbekannt
VideoLAN VLC media player 0.8.5	VideoLAN Team	13.02.2007	34,4MB	0.8.5				bekannt
Vista Codec Package	Shark007	14.07.2010	57,7MB	5.7.8							bekannt
WavePad Sound Editor	NCH Software	15.08.2011	6,07MB						unbekannt
Winamp	Nullsoft, Inc	19.01.2010	19,5MB	5.572 							bekannt
Winamp Erkennungs-Plug-in	Nullsoft, Inc	19.01.2010	0,13MB	1.0.0.1					unbekannt
Windows Media Player Firefox Plugin	Microsoft Corp	13.04.2009	0,29MB	1.0.0.8				unbekannt
WinRAR		26.11.2007	3,40MB									bekannt
Works 8.5 DE		12.02.2007									bekannt
Yontoo Layers Runtime 1.10.01	Yontoo LLC	30.10.2011	0,19MB	1.10.01					unbekannt
         

Alt 30.07.2012, 21:03   #12
markusg
/// Malware-holic
 
BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash - Standard

BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
http://filepony.de/download-adobe_reader/
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Avira SearchFree : beide
D-Link
DATA BECKER
DeepBurner
DivX : alle
free: alle die damit beginnen
FUSSBALL MANAGER
HijackThis
HotPotatoes
ICQ7.2
MAGIX : beide
Microsoft Silverlight
NIS2007
Omnipass
Safari
Shop
Skype 2.5.2.151
du hast welche mit bekannt gekennzeichnet, ich wollte aber wissen ob sie nötig oder unnötig sind
wenn unnötige dabei sind, weg damit
wenn itunes unnötig ist, deinstaliere alles von apple
öffne ccleaner, analysieren, starten.
öffne otl, cleanup, pc startet neu, testen wie er läuft.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.08.2012, 15:04   #13
pe__ka
 
BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash - Standard

BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash



hallo,

bin gerade umgezogen, aber dabei der anweisung zu folgen. bitte noch um etwas geduld. danke!!!

Alt 03.08.2012, 17:30   #14
markusg
/// Malware-holic
 
BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash - Standard

BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash



ok, sag einfach wenn du so weit bist
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.08.2012, 15:36   #15
pe__ka
 
BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash - Standard

BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash



Zitat:
öffne otl, cleanup, pc startet neu, testen wie er läuft.
ich bin nun an dieser stelle. wenn ich otl öffne, welchen scan soll ich dann machen?
was meinst du mit cleanup?

grüße

Antwort

Themen zu BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash
32bit, abend, benötigt, erschein, erscheint, gestern, infos, modus, nach start, scan, sofort, start, starte, starten., troja, trojaner, ukash, vista, vista 32bit, weiterhelfen, zahlungsaufforderung, öffnet



Ähnliche Themen: BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash


  1. Nach PC Start erscheint ccc.exe. - ungültiges Bild
    Log-Analyse und Auswertung - 21.10.2015 (11)
  2. Vista 32bit: Nach dem booten erscheint im Startbildschirm Fehlermeldeung: GDI+ von avgnt.exe
    Log-Analyse und Auswertung - 18.04.2015 (15)
  3. Windows 7: Firefox stürzt nach Start sofort ab
    Log-Analyse und Auswertung - 19.09.2014 (15)
  4. Widows Vista 32bit. "Softwareupdater.UI.exe" möchte sich bei jedem Start öffnen
    Log-Analyse und Auswertung - 02.09.2014 (15)
  5. Vindowa Vista Sperrbildschirm, Ukash 100€, kein Taskmngr, Abgesicherter Modus fährt sofort runter
    Plagegeister aller Art und deren Bekämpfung - 07.09.2013 (7)
  6. Vindowa Vista Sperrbildschirm, Ukash 100€, kein Taskmngr, Abgesicherter Modus fährt sofort runter
    Log-Analyse und Auswertung - 06.09.2013 (1)
  7. Windows Vista 32bit: Weisser Sperrbildschirm nach Start
    Plagegeister aller Art und deren Bekämpfung - 26.08.2013 (10)
  8. Mein Rechner hat sich einen Trojaner eingefangen, es erscheint nach dem Start von WinXP eine weiße Bildfläche
    Log-Analyse und Auswertung - 10.08.2013 (27)
  9. Windows Vista 32bit von Bundespolizei uKash infiziert.
    Plagegeister aller Art und deren Bekämpfung - 12.10.2011 (10)
  10. malwarebytes bricht nach start sofort ab. links wie adobe.de nicht erreichbar
    Plagegeister aller Art und deren Bekämpfung - 22.11.2010 (9)
  11. Programme schließen sich sofort wieder nach start...
    Log-Analyse und Auswertung - 01.02.2010 (1)
  12. Eingabefenster erscheint kurz nach winXP Start und verschwindet wieder
    Log-Analyse und Auswertung - 15.08.2009 (9)
  13. Windows stürzt nach dem Start sofort ab
    Log-Analyse und Auswertung - 01.07.2009 (0)
  14. firefox schließt sich sofort wieder nach den start
    Log-Analyse und Auswertung - 27.04.2009 (0)
  15. ieexplorer.exe start nach dem beenden sofort wieder neu und CID pop ups erscheinen.
    Log-Analyse und Auswertung - 20.11.2008 (1)
  16. WinXP faehrt nach start sofort runter;nur gastmodus geht
    Plagegeister aller Art und deren Bekämpfung - 23.06.2008 (8)
  17. Regedit, Taskmanager schließen sofort nach dem start
    Log-Analyse und Auswertung - 22.06.2005 (2)

Zum Thema BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash - Hallo, leider öffnet sich bei mir seit gestern Abend beim PC-Start eine Zahlungsaufforderung ans BKA per Ukash. Ich kann also keinen Scan starten. Kann mir jemand weiterhelfen? Welche Infos werden - BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash...
Archiv
Du betrachtest: BKA- Trojaner, Vista 32bit, nach Start erscheint sofort Ukash auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.