Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Rootkit.Zeroaccess (https://www.trojaner-board.de/117105-rootkit-zeroaccess.html)

Psychotic 14.06.2012 14:09
Ich sehe in den Logfiles keine laufende Anti Viren Software. Das ist gefährlich. Manchmal bemerkt man Malware durch PopUps oder Google-Umleitungen etc, aber meisten läuft diese unbemerkt im Hintergrund. Ein AVP kann Dir helfen, Malware zu finden. Bitte downloade und Installiere Dir eines der folgenden AVPs.

Armin_M 14.06.2012 14:46
Habe jetzt Security Essentials installiert. Der gab während seiner Schnellüberprüfung die Meldung aus, dass erkannte Bedrohungen beeitigt wurden und keine Benutzeraktion erforderlich sei.
Im Verlauf finde ich einen Trojan/WinNT:SirefefJ mit Warnstufe schwerwiegend unter Quarantäne.
Datei: C:\Windows\System32\Drivers\dfsc.sys

Vorher war wie bereits erwähnt Avira drauf, das sich nach dem Entfernen des Rootkits nicht mehr starten ließ. Das wurde deshalb vorgestern deinstalliert. Deshalb habe ich den Rechner auch immer wieder vom Netz getrennt, um das Risiko wenigstens zu minimieren.
Es fehlen immer noch Updates, kann ich die schon installieren?

Psychotic 14.06.2012 14:56
Nein!


Schritt 1: Gmer


Bitte
  • alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
  • keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
  • nichts am Rechner arbeiten,
  • nach jedem Scan der Rechner neu gestarten.
Gmer scannen lassen
  • Lade Dir Gmer von dieser Seite herunter (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen). Vista und Win7 User mit Rechtsklick und als Administrator starten.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    WARNING !!! GMER has found system modification, which might have been caused by ROOTKIT activity. Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Hacken bei:
    • IAT/EAT
    • Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
    • Show all (sollte abgehackt sein)
  • Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!



Schritt 2: TDSS-Killer


Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Klicke Change parameters, wähle Detect TDLFS file system, klicke OK.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.

Armin_M 14.06.2012 16:06
Hier das Gmer.log:

Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-14 16:56:22
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_SP1614C rev.SW100-34
Running: nisq9nvq.exe; Driver: C:\Users\***\AppData\Local\Temp\awliquob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          ntoskrnl.exe!ZwSaveKeyEx + 13B1                                                                                                82C798A9 1 Byte  [06]
.text          ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                                        82C992F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                      section is writeable [0x8FC0C000, 0x227A14, 0xE8000020]
.text          autochk.exe                                                                                                                    002B11D2 1 Byte  [73]
.text          autochk.exe                                                                                                                    002B11D2 3 Bytes  [73, 00, 79]
.text          autochk.exe                                                                                                                    002B11D6 1 Byte  [73]
.text          autochk.exe                                                                                                                    002B11D6 3 Bytes  [73, 00, 74]
.text          autochk.exe                                                                                                                    002B11DA 1 Byte  [65]
.text          ...                                                                                                                           

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000048                                                                                              halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                        fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                        fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                        fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                        fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                             
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                            C:\Program Files\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                            0x00 0x00 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                            0
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                        0xF5 0x26 0xAF 0x07 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                     
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                  0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                0x1A 0xE4 0x3C 0x82 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                               
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                          0x32 0x3C 0x70 0xBF ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                         
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                C:\Program Files\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                0x00 0x00 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                0
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                            0xF5 0x26 0xAF 0x07 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                 
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                      0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                    0x1A 0xE4 0x3C 0x82 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)           
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                              0x32 0x3C 0x70 0xBF ...
Reg            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing@SessionIdHigh                                        30231094
Reg            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing@SessionIdLow                                          -11077714
Reg            HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation                                                    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_6.1.7601_172bf1486fd8257a61eacfb77e4e1b22c730e9_0ad18525

---- Files - GMER 1.0.15 ----

File            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_6.1.7601_172bf1486fd8257a61eacfb77e4e1b22c730e9_0287bd36            0 bytes
File            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_6.1.7601_172bf1486fd8257a61eacfb77e4e1b22c730e9_0287bd36\Report.wer  1764 bytes
File            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_6.1.7601_172bf1486fd8257a61eacfb77e4e1b22c730e9_09b7a365            0 bytes
File            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_6.1.7601_172bf1486fd8257a61eacfb77e4e1b22c730e9_09b7a365\Report.wer  1764 bytes
File            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_6.1.7601_172bf1486fd8257a61eacfb77e4e1b22c730e9_0acfd860            0 bytes
File            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_6.1.7601_172bf1486fd8257a61eacfb77e4e1b22c730e9_0acfd860\Report.wer  1764 bytes

---- EOF - GMER 1.0.15 ----

und das log von tdsskiller:

Code:
16:56:55.0279 2424        TDSS rootkit removing tool 2.7.39.0 Jun 14 2012 08:11:46
16:56:55.0357 2424        ============================================================
16:56:55.0357 2424        Current date / time: 2012/06/14 16:56:55.0357
16:56:55.0357 2424        SystemInfo:
16:56:55.0357 2424       
16:56:55.0357 2424        OS Version: 6.1.7600 ServicePack: 0.0
16:56:55.0357 2424        Product type: Workstation
16:56:55.0357 2424        ComputerName: ***-PC
16:56:55.0357 2424        UserName: ***
16:56:55.0357 2424        Windows directory: C:\Windows
16:56:55.0357 2424        System windows directory: C:\Windows
16:56:55.0357 2424        Processor architecture: Intel x86
16:56:55.0357 2424        Number of processors: 2
16:56:55.0357 2424        Page size: 0x1000
16:56:55.0357 2424        Boot type: Normal boot
16:56:55.0357 2424        ============================================================
16:56:56.0857 2424        Drive \Device\Harddisk1\DR1 - Size: 0xE8E0CB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
16:56:56.0873 2424        Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:56:57.0169 2424        ============================================================
16:56:57.0169 2424        \Device\Harddisk1\DR1:
16:56:57.0232 2424        MBR partitions:
16:56:57.0232 2424        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000
16:56:57.0232 2424        \Device\Harddisk0\DR0:
16:56:57.0232 2424        MBR partitions:
16:56:57.0232 2424        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:56:57.0232 2424        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x94DF800
16:56:57.0232 2424        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9512000, BlocksNum 0x9506800
16:56:57.0232 2424        ============================================================
16:56:57.0248 2424        C: <-> \Device\Harddisk0\DR0\Partition1
16:56:57.0310 2424        E: <-> \Device\Harddisk0\DR0\Partition2
16:56:57.0326 2424        F: <-> \Device\Harddisk1\DR1\Partition0
16:56:57.0326 2424        ============================================================
16:56:57.0326 2424        Initialize success
16:56:57.0326 2424        ============================================================
16:57:33.0185 3512        ============================================================
16:57:33.0185 3512        Scan started
16:57:33.0185 3512        Mode: Manual; TDLFS;
16:57:33.0185 3512        ============================================================
16:57:33.0873 3512        .csc - ok
16:57:33.0919 3512        .tdx - ok
16:57:34.0029 3512        1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
16:57:34.0029 3512        1394ohci - ok
16:57:34.0060 3512        ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
16:57:34.0076 3512        ACPI - ok
16:57:34.0091 3512        AcpiPmi        (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
16:57:34.0091 3512        AcpiPmi - ok
16:57:34.0169 3512        AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:57:34.0169 3512        AdobeFlashPlayerUpdateSvc - ok
16:57:34.0216 3512        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
16:57:34.0216 3512        adp94xx - ok
16:57:34.0248 3512        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
16:57:34.0248 3512        adpahci - ok
16:57:34.0279 3512        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
16:57:34.0279 3512        adpu320 - ok
16:57:34.0326 3512        AeLookupSvc    (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
16:57:34.0326 3512        AeLookupSvc - ok
16:57:34.0388 3512        AFD            (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
16:57:34.0388 3512        AFD - ok
16:57:34.0419 3512        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
16:57:34.0419 3512        agp440 - ok
16:57:34.0435 3512        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
16:57:34.0451 3512        aic78xx - ok
16:57:34.0669 3512        ALCXWDM        (7997b6f02cbda0e31fa18cc85871b938) C:\Windows\system32\drivers\RTKVAC.SYS
16:57:34.0716 3512        ALCXWDM - ok
16:57:34.0826 3512        ALG            (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
16:57:34.0826 3512        ALG - ok
16:57:34.0857 3512        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
16:57:34.0857 3512        aliide - ok
16:57:34.0873 3512        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
16:57:34.0888 3512        amdagp - ok
16:57:34.0919 3512        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
16:57:34.0919 3512        amdide - ok
16:57:34.0951 3512        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
16:57:34.0951 3512        AmdK8 - ok
16:57:34.0966 3512        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
16:57:34.0966 3512        AmdPPM - ok
16:57:35.0029 3512        amdsata        (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
16:57:35.0029 3512        amdsata - ok
16:57:35.0060 3512        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
16:57:35.0060 3512        amdsbs - ok
16:57:35.0107 3512        amdxata        (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
16:57:35.0123 3512        amdxata - ok
16:57:35.0138 3512        AppID          (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
16:57:35.0138 3512        AppID - ok
16:57:35.0185 3512        AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
16:57:35.0185 3512        AppIDSvc - ok
16:57:35.0216 3512        Appinfo        (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
16:57:35.0216 3512        Appinfo - ok
16:57:35.0310 3512        Apple Mobile Device (70d7be78061126dd0c3accdb7e129017) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:57:35.0326 3512        Apple Mobile Device - ok
16:57:35.0357 3512        AppMgmt        (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
16:57:35.0357 3512        AppMgmt - ok
16:57:35.0388 3512        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
16:57:35.0388 3512        arc - ok
16:57:35.0404 3512        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
16:57:35.0419 3512        arcsas - ok
16:57:35.0451 3512        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
16:57:35.0451 3512        AsyncMac - ok
16:57:35.0466 3512        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
16:57:35.0466 3512        atapi - ok
16:57:35.0701 3512        atikmdag        (712d8a95e45b070114c5309ada7358ff) C:\Windows\system32\DRIVERS\atikmdag.sys
16:57:35.0732 3512        atikmdag - ok
16:57:35.0904 3512        AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
16:57:35.0919 3512        AudioEndpointBuilder - ok
16:57:35.0935 3512        Audiosrv        (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
16:57:35.0951 3512        Audiosrv - ok
16:57:35.0982 3512        AxInstSV        (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
16:57:35.0982 3512        AxInstSV - ok
16:57:36.0279 3512        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
16:57:36.0294 3512        b06bdrv - ok
16:57:36.0326 3512        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
16:57:36.0341 3512        b57nd60x - ok
16:57:36.0404 3512        BazisVirtualCDBus (a2ecece11639fea1ccb66d853451f7e2) C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys
16:57:36.0404 3512        BazisVirtualCDBus - ok
16:57:36.0435 3512        BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
16:57:36.0435 3512        BDESVC - ok
16:57:36.0466 3512        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
16:57:36.0466 3512        Beep - ok
16:57:36.0513 3512        BFE            (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
16:57:36.0529 3512        BFE - ok
16:57:36.0591 3512        BITS            (53f476476f55a27f580661bde09c4ec4) C:\Windows\system32\qmgr.dll
16:57:36.0623 3512        BITS - ok
16:57:36.0638 3512        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
16:57:36.0638 3512        blbdrive - ok
16:57:36.0763 3512        Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Program Files\Bonjour\mDNSResponder.exe
16:57:36.0763 3512        Bonjour Service - ok
16:57:36.0826 3512        bowser          (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
16:57:36.0826 3512        bowser - ok
16:57:36.0841 3512        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:57:36.0841 3512        BrFiltLo - ok
16:57:36.0873 3512        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:57:36.0873 3512        BrFiltUp - ok
16:57:36.0919 3512        BridgeMP        (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
16:57:36.0919 3512        BridgeMP - ok
16:57:36.0935 3512        Browser        (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
16:57:36.0951 3512        Browser - ok
16:57:36.0982 3512        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
16:57:36.0998 3512        Brserid - ok
16:57:37.0029 3512        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
16:57:37.0044 3512        BrSerWdm - ok
16:57:37.0060 3512        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:57:37.0060 3512        BrUsbMdm - ok
16:57:37.0076 3512        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
16:57:37.0076 3512        BrUsbSer - ok
16:57:37.0107 3512        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
16:57:37.0123 3512        BTHMODEM - ok
16:57:37.0154 3512        bthserv        (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
16:57:37.0169 3512        bthserv - ok
16:57:37.0279 3512        catchme - ok
16:57:37.0326 3512        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
16:57:37.0326 3512        cdfs - ok
16:57:37.0388 3512        cdrom          (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
16:57:37.0388 3512        cdrom - ok
16:57:37.0419 3512        CertPropSvc    (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
16:57:37.0419 3512        CertPropSvc - ok
16:57:37.0451 3512        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
16:57:37.0451 3512        circlass - ok
16:57:37.0498 3512        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
16:57:37.0498 3512        CLFS - ok
16:57:37.0544 3512        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:57:37.0560 3512        clr_optimization_v2.0.50727_32 - ok
16:57:37.0638 3512        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:57:37.0638 3512        clr_optimization_v4.0.30319_32 - ok
16:57:37.0654 3512        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
16:57:37.0669 3512        CmBatt - ok
16:57:37.0685 3512        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
16:57:37.0685 3512        cmdide - ok
16:57:37.0716 3512        CNG            (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
16:57:37.0716 3512        CNG - ok
16:57:37.0763 3512        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
16:57:37.0763 3512        Compbatt - ok
16:57:37.0810 3512        CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:57:37.0810 3512        CompositeBus - ok
16:57:37.0810 3512        COMSysApp - ok
16:57:37.0841 3512        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
16:57:37.0841 3512        crcdisk - ok
16:57:37.0888 3512        CryptSvc        (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
16:57:37.0888 3512        CryptSvc - ok
16:57:37.0951 3512        CSC            (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
16:57:37.0951 3512        CSC - ok
16:57:37.0998 3512        CscService      (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
16:57:38.0029 3512        CscService - ok
16:57:38.0076 3512        DcomLaunch      (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
16:57:38.0091 3512        DcomLaunch - ok
16:57:38.0123 3512        defragsvc      (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
16:57:38.0138 3512        defragsvc - ok
16:57:38.0185 3512        Dhcp            (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
16:57:38.0201 3512        Dhcp - ok
16:57:38.0248 3512        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
16:57:38.0248 3512        discache - ok
16:57:38.0279 3512        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
16:57:38.0279 3512        Disk - ok
16:57:38.0310 3512        dlcx_device - ok
16:57:38.0341 3512        dlea_device - ok
16:57:38.0388 3512        Dnscache        (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
16:57:38.0404 3512        Dnscache - ok
16:57:38.0435 3512        dot3svc        (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
16:57:38.0451 3512        dot3svc - ok
16:57:38.0498 3512        DPS            (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
16:57:38.0513 3512        DPS - ok
16:57:38.0544 3512        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
16:57:38.0544 3512        drmkaud - ok
16:57:38.0607 3512        DXGKrnl        (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
16:57:38.0623 3512        DXGKrnl - ok
16:57:38.0654 3512        EapHost        (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
16:57:38.0654 3512        EapHost - ok
16:57:38.0841 3512        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
16:57:38.0935 3512        ebdrv - ok
16:57:39.0029 3512        EFS            (f42309c4191c506b71db5d1126d26318) C:\Windows\System32\lsass.exe
16:57:39.0029 3512        EFS - ok
16:57:39.0138 3512        ehRecvr        (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
16:57:39.0154 3512        ehRecvr - ok
16:57:39.0185 3512        ehSched        (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
16:57:39.0185 3512        ehSched - ok
16:57:39.0248 3512        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
16:57:39.0263 3512        elxstor - ok
16:57:39.0279 3512        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
16:57:39.0279 3512        ErrDev - ok
16:57:39.0341 3512        EventSystem    (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
16:57:39.0341 3512        EventSystem - ok
16:57:39.0388 3512        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
16:57:39.0388 3512        exfat - ok
16:57:39.0482 3512        Fabs - ok
16:57:39.0513 3512        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
16:57:39.0529 3512        fastfat - ok
16:57:39.0591 3512        Fax            (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
16:57:39.0623 3512        Fax - ok
16:57:39.0701 3512        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
16:57:39.0701 3512        fdc - ok
16:57:39.0732 3512        fdPHost        (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
16:57:39.0732 3512        fdPHost - ok
16:57:39.0748 3512        FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
16:57:39.0763 3512        FDResPub - ok
16:57:39.0779 3512        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
16:57:39.0779 3512        FileInfo - ok
16:57:39.0794 3512        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
16:57:39.0794 3512        Filetrace - ok
16:57:39.0951 3512        FirebirdServerMAGIXInstance (5bd96d8c5411ace71a7eaacaf0ef2903) C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
16:57:40.0044 3512        FirebirdServerMAGIXInstance - ok
16:57:40.0154 3512        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
16:57:40.0154 3512        flpydisk - ok
16:57:40.0185 3512        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
16:57:40.0185 3512        FltMgr - ok
16:57:40.0263 3512        FontCache      (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
16:57:40.0279 3512        FontCache - ok
16:57:40.0357 3512        FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:57:40.0357 3512        FontCache3.0.0.0 - ok
16:57:40.0373 3512        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
16:57:40.0373 3512        FsDepends - ok
16:57:40.0388 3512        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
16:57:40.0388 3512        Fs_Rec - ok
16:57:40.0435 3512        fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
16:57:40.0435 3512        fvevol - ok
16:57:40.0466 3512        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:57:40.0482 3512        gagp30kx - ok
16:57:40.0544 3512        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:57:40.0544 3512        GEARAspiWDM - ok
16:57:40.0607 3512        gpsvc          (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
16:57:40.0638 3512        gpsvc - ok
16:57:40.0669 3512        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
16:57:40.0669 3512        hcw85cir - ok
16:57:40.0701 3512        HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:57:40.0701 3512        HDAudBus - ok
16:57:40.0748 3512        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
16:57:40.0748 3512        HidBatt - ok
16:57:40.0779 3512        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
16:57:40.0779 3512        HidBth - ok
16:57:40.0810 3512        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
16:57:40.0810 3512        HidIr - ok
16:57:40.0841 3512        hidserv        (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
16:57:40.0841 3512        hidserv - ok
16:57:40.0873 3512        HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
16:57:40.0873 3512        HidUsb - ok
16:57:40.0919 3512        hkmsvc          (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
16:57:40.0935 3512        hkmsvc - ok
16:57:40.0966 3512        HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
16:57:40.0966 3512        HomeGroupListener - ok
16:57:41.0013 3512        HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
16:57:41.0013 3512        HomeGroupProvider - ok
16:57:41.0044 3512        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
16:57:41.0060 3512        HpSAMD - ok
16:57:41.0123 3512        HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
16:57:41.0123 3512        HTTP - ok
16:57:41.0138 3512        hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
16:57:41.0138 3512        hwpolicy - ok
16:57:41.0185 3512        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
16:57:41.0185 3512        i8042prt - ok
16:57:41.0216 3512        iaStorV        (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\drivers\iaStorV.sys
16:57:41.0248 3512        iaStorV - ok
16:57:41.0466 3512        idsvc          (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:57:41.0498 3512        idsvc - ok
16:57:41.0513 3512        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
16:57:41.0513 3512        iirsp - ok
16:57:41.0576 3512        IKEEXT          (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
16:57:41.0607 3512        IKEEXT - ok
16:57:41.0623 3512        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
16:57:41.0623 3512        intelide - ok
16:57:41.0638 3512        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
16:57:41.0638 3512        intelppm - ok
16:57:41.0669 3512        IPBusEnum      (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
16:57:41.0685 3512        IPBusEnum - ok
16:57:41.0701 3512        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:57:41.0701 3512        IpFilterDriver - ok
16:57:41.0810 3512        iphlpsvc        (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
16:57:41.0841 3512        iphlpsvc - ok
16:57:41.0873 3512        IPMIDRV        (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:57:41.0873 3512        IPMIDRV - ok
16:57:41.0904 3512        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
16:57:41.0904 3512        IPNAT - ok
16:57:42.0013 3512        iPod Service    (32cdedd15e2d1a557cd54552ae78ff86) C:\Program Files\iPod\bin\iPodService.exe
16:57:42.0044 3512        iPod Service - ok
16:57:42.0076 3512        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
16:57:42.0076 3512        IRENUM - ok
16:57:42.0107 3512        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
16:57:42.0107 3512        isapnp - ok
16:57:42.0216 3512        iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
16:57:42.0216 3512        iScsiPrt - ok
16:57:42.0326 3512        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:57:42.0326 3512        kbdclass - ok
16:57:42.0341 3512        kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
16:57:42.0357 3512        kbdhid - ok
16:57:42.0388 3512        KeyIso          (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
16:57:42.0388 3512        KeyIso - ok
16:57:42.0435 3512        KSecDD          (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
16:57:42.0435 3512        KSecDD - ok
16:57:42.0466 3512        KSecPkg        (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
16:57:42.0466 3512        KSecPkg - ok
16:57:42.0498 3512        KtmRm          (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
16:57:42.0529 3512        KtmRm - ok
16:57:42.0591 3512        LanmanServer    (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll
16:57:42.0607 3512        LanmanServer - ok
16:57:42.0638 3512        LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
16:57:42.0654 3512        LanmanWorkstation - ok
16:57:42.0701 3512        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
16:57:42.0701 3512        lltdio - ok
16:57:42.0732 3512        lltdsvc        (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
16:57:42.0732 3512        lltdsvc - ok
16:57:42.0763 3512        lmhosts        (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
16:57:42.0763 3512        lmhosts - ok
16:57:42.0794 3512        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:57:42.0810 3512        LSI_FC - ok
16:57:42.0826 3512        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:57:42.0826 3512        LSI_SAS - ok
16:57:42.0857 3512        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:57:42.0857 3512        LSI_SAS2 - ok
16:57:42.0888 3512        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:57:42.0904 3512        LSI_SCSI - ok
16:57:42.0935 3512        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
16:57:42.0935 3512        luafv - ok
16:57:42.0998 3512        MBAMProtector  (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
16:57:42.0998 3512        MBAMProtector - ok
16:57:43.0107 3512        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:57:43.0107 3512        MBAMService - ok
16:57:43.0138 3512        Mcx2Svc        (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
16:57:43.0154 3512        Mcx2Svc - ok
16:57:43.0169 3512        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
16:57:43.0169 3512        megasas - ok
16:57:43.0216 3512        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
16:57:43.0232 3512        MegaSR - ok
16:57:43.0279 3512        MMCSS          (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
16:57:43.0279 3512        MMCSS - ok
16:57:43.0294 3512        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
16:57:43.0294 3512        Modem - ok
16:57:43.0326 3512        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
16:57:43.0326 3512        monitor - ok
16:57:43.0357 3512        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
16:57:43.0357 3512        mouclass - ok
16:57:43.0373 3512        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
16:57:43.0373 3512        mouhid - ok
16:57:43.0404 3512        mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
16:57:43.0404 3512        mountmgr - ok
16:57:43.0482 3512        MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:57:43.0482 3512        MozillaMaintenance - ok
16:57:43.0544 3512        MpFilter        (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
16:57:43.0544 3512        MpFilter - ok
16:57:43.0560 3512        mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
16:57:43.0576 3512        mpio - ok
16:57:43.0748 3512        MpKsl15830de8  (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8DEB2CE2-A9AB-4F75-BEBD-C9C7871B589A}\MpKsl15830de8.sys
16:57:43.0748 3512        MpKsl15830de8 - ok
16:57:43.0763 3512        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
16:57:43.0763 3512        mpsdrv - ok
16:57:43.0826 3512        MpsSvc          (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
16:57:43.0857 3512        MpsSvc - ok
16:57:43.0888 3512        MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
16:57:43.0888 3512        MRxDAV - ok
16:57:43.0951 3512        mrxsmb          (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:57:43.0966 3512        mrxsmb - ok
16:57:43.0982 3512        mrxsmb10        (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:57:43.0982 3512        mrxsmb10 - ok
16:57:43.0998 3512        mrxsmb20        (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:57:43.0998 3512        mrxsmb20 - ok
16:57:44.0029 3512        msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
16:57:44.0029 3512        msahci - ok
16:57:44.0060 3512        msdsm          (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
16:57:44.0076 3512        msdsm - ok
16:57:44.0091 3512        MSDTC          (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
16:57:44.0107 3512        MSDTC - ok
16:57:44.0138 3512        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
16:57:44.0138 3512        Msfs - ok
16:57:44.0154 3512        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
16:57:44.0154 3512        mshidkmdf - ok
16:57:44.0185 3512        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
16:57:44.0185 3512        msisadrv - ok
16:57:44.0216 3512        MSiSCSI        (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
16:57:44.0216 3512        MSiSCSI - ok
16:57:44.0232 3512        msiserver - ok
16:57:44.0263 3512        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
16:57:44.0263 3512        MSKSSRV - ok
16:57:44.0419 3512        MsMpSvc        (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
16:57:44.0419 3512        MsMpSvc - ok
16:57:44.0435 3512        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
16:57:44.0435 3512        MSPCLOCK - ok
16:57:44.0451 3512        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
16:57:44.0451 3512        MSPQM - ok
16:57:44.0482 3512        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
16:57:44.0482 3512        MsRPC - ok
16:57:44.0498 3512        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
16:57:44.0498 3512        mssmbios - ok
16:57:44.0513 3512        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
16:57:44.0513 3512        MSTEE - ok
16:57:44.0529 3512        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
16:57:44.0544 3512        MTConfig - ok
16:57:44.0560 3512        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
16:57:44.0560 3512        Mup - ok
16:57:44.0607 3512        napagent        (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
16:57:44.0623 3512        napagent - ok
16:57:44.0685 3512        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
16:57:44.0685 3512        NativeWifiP - ok
16:57:44.0748 3512        NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
16:57:44.0748 3512        NDIS - ok
16:57:44.0779 3512        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
16:57:44.0779 3512        NdisCap - ok
16:57:44.0794 3512        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
16:57:44.0794 3512        NdisTapi - ok
16:57:44.0810 3512        Ndisuio        (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
16:57:44.0810 3512        Ndisuio - ok
16:57:44.0841 3512        NdisWan        (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
16:57:44.0857 3512        NdisWan - ok
16:57:44.0888 3512        NDProxy        (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
16:57:44.0888 3512        NDProxy - ok
16:57:44.0904 3512        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
16:57:44.0904 3512        NetBIOS - ok
16:57:44.0935 3512        NetBT          (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
16:57:44.0935 3512        NetBT - ok
16:57:44.0966 3512        Netlogon        (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
16:57:44.0966 3512        Netlogon - ok
16:57:45.0013 3512        Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
16:57:45.0029 3512        Netman - ok
16:57:45.0060 3512        netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
16:57:45.0060 3512        netprofm - ok
16:57:45.0154 3512        NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:57:45.0169 3512        NetTcpPortSharing - ok
16:57:45.0216 3512        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
16:57:45.0216 3512        nfrd960 - ok
16:57:45.0279 3512        NisDrv          (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:57:45.0279 3512        NisDrv - ok
16:57:45.0388 3512        NisSrv          (290c0d4c4889398797f8df3be00b9698) C:\Program Files\Microsoft Security Client\NisSrv.exe
16:57:45.0419 3512        NisSrv - ok
16:57:45.0466 3512        NlaSvc          (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
16:57:45.0482 3512        NlaSvc - ok
16:57:45.0498 3512        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
16:57:45.0498 3512        Npfs - ok
16:57:45.0529 3512        nsi            (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
16:57:45.0529 3512        nsi - ok
16:57:45.0544 3512        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
16:57:45.0544 3512        nsiproxy - ok
16:57:45.0638 3512        Ntfs            (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
16:57:45.0654 3512        Ntfs - ok
16:57:45.0669 3512        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
16:57:45.0669 3512        Null - ok
16:57:45.0716 3512        nvraid          (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
16:57:45.0732 3512        nvraid - ok
16:57:45.0763 3512        nvstor          (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
16:57:45.0826 3512        nvstor - ok
16:57:45.0873 3512        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
16:57:45.0888 3512        nv_agp - ok
16:57:45.0935 3512        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
16:57:45.0935 3512        ohci1394 - ok
16:57:46.0029 3512        p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
16:57:46.0029 3512        p2pimsvc - ok
16:57:46.0107 3512        p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
16:57:46.0123 3512        p2psvc - ok
16:57:46.0216 3512        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
16:57:46.0216 3512        Parport - ok
16:57:46.0248 3512        partmgr        (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
16:57:46.0248 3512        partmgr - ok
16:57:46.0263 3512        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
16:57:46.0263 3512        Parvdm - ok
16:57:46.0326 3512        PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
16:57:46.0326 3512        PcaSvc - ok
16:57:46.0357 3512        pci            (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
16:57:46.0357 3512        pci - ok
16:57:46.0373 3512        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
16:57:46.0373 3512        pciide - ok
16:57:46.0419 3512        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
16:57:46.0435 3512        pcmcia - ok
16:57:46.0451 3512        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
16:57:46.0451 3512        pcw - ok
16:57:46.0498 3512        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
16:57:46.0513 3512        PEAUTH - ok
16:57:46.0576 3512        PeerDistSvc    (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
16:57:46.0623 3512        PeerDistSvc - ok
16:57:46.0732 3512        pla            (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
16:57:46.0794 3512        pla - ok
16:57:46.0904 3512        PlugPlay        (2cc2008f1296968fba162ed9f9afe328) C:\Windows\system32\umpnpmgr.dll
16:57:46.0935 3512        PlugPlay - ok
16:57:46.0966 3512        PNRPAutoReg    (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
16:57:46.0966 3512        PNRPAutoReg - ok
16:57:46.0998 3512        PNRPsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
16:57:46.0998 3512        PNRPsvc - ok
16:57:47.0044 3512        PolicyAgent    (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
16:57:47.0076 3512        PolicyAgent - ok
16:57:47.0107 3512        Power          (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
16:57:47.0107 3512        Power - ok
16:57:47.0169 3512        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
16:57:47.0169 3512        PptpMiniport - ok
16:57:47.0185 3512        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
16:57:47.0201 3512        Processor - ok
16:57:47.0232 3512        ProfSvc        (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
16:57:47.0232 3512        ProfSvc - ok
16:57:47.0263 3512        ProtectedStorage (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
16:57:47.0263 3512        ProtectedStorage - ok
16:57:47.0294 3512        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
16:57:47.0294 3512        Psched - ok
16:57:47.0404 3512        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
16:57:47.0435 3512        ql2300 - ok
16:57:47.0544 3512        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
16:57:47.0560 3512        ql40xx - ok
16:57:47.0591 3512        QWAVE          (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
16:57:47.0607 3512        QWAVE - ok
16:57:47.0623 3512        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
16:57:47.0623 3512        QWAVEdrv - ok
16:57:47.0638 3512        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
16:57:47.0638 3512        RasAcd - ok
16:57:47.0685 3512        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:57:47.0685 3512        RasAgileVpn - ok
16:57:47.0763 3512        RasAuto        (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
16:57:47.0779 3512        RasAuto - ok
16:57:47.0794 3512        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:57:47.0794 3512        Rasl2tp - ok
16:57:47.0857 3512        RasMan          (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
16:57:47.0873 3512        RasMan - ok
16:57:47.0919 3512        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
16:57:47.0919 3512        RasPppoe - ok
16:57:47.0966 3512        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
16:57:47.0966 3512        RasSstp - ok
16:57:47.0998 3512        rdbss          (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
16:57:47.0998 3512        rdbss - ok
16:57:48.0029 3512        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
16:57:48.0029 3512        rdpbus - ok
16:57:48.0060 3512        RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:57:48.0060 3512        RDPCDD - ok
16:57:48.0123 3512        RDPDR          (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
16:57:48.0123 3512        RDPDR - ok
16:57:48.0154 3512        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
16:57:48.0154 3512        RDPENCDD - ok
16:57:48.0185 3512        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
16:57:48.0185 3512        RDPREFMP - ok
16:57:48.0216 3512        RDPWD          (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
16:57:48.0216 3512        RDPWD - ok
16:57:48.0263 3512        rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
16:57:48.0263 3512        rdyboost - ok
16:57:48.0294 3512        RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
16:57:48.0294 3512        RemoteAccess - ok
16:57:48.0326 3512        RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
16:57:48.0341 3512        RemoteRegistry - ok
16:57:48.0357 3512        RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
16:57:48.0373 3512        RpcEptMapper - ok
16:57:48.0388 3512        RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
16:57:48.0388 3512        RpcLocator - ok
16:57:48.0435 3512        RpcSs          (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
16:57:48.0451 3512        RpcSs - ok
16:57:48.0466 3512        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
16:57:48.0466 3512        rspndr - ok
16:57:48.0498 3512        RTL8167        (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
16:57:48.0498 3512        RTL8167 - ok
16:57:48.0544 3512        s3cap          (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
16:57:48.0544 3512        s3cap - ok
16:57:48.0576 3512        SamSs          (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
16:57:48.0576 3512        SamSs - ok
16:57:48.0607 3512        sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
16:57:48.0607 3512        sbp2port - ok
16:57:48.0638 3512        SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
16:57:48.0654 3512        SCardSvr - ok
16:57:48.0669 3512        scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
16:57:48.0669 3512        scfilter - ok
16:57:48.0732 3512        Schedule        (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
16:57:48.0748 3512        Schedule - ok
16:57:48.0779 3512        SCPolicySvc    (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
16:57:48.0779 3512        SCPolicySvc - ok
16:57:48.0810 3512        SDRSVC          (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
16:57:48.0826 3512        SDRSVC - ok
16:57:48.0841 3512        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:57:48.0841 3512        secdrv - ok
16:57:48.0873 3512        seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
16:57:48.0873 3512        seclogon - ok
16:57:48.0904 3512        SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
16:57:48.0904 3512        SENS - ok
16:57:48.0951 3512        SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
16:57:48.0951 3512        SensrSvc - ok
16:57:48.0982 3512        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
16:57:48.0982 3512        Serenum - ok
16:57:49.0013 3512        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
16:57:49.0013 3512        Serial - ok
16:57:49.0044 3512        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
16:57:49.0060 3512        sermouse - ok
16:57:49.0091 3512        SessionEnv      (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
16:57:49.0107 3512        SessionEnv - ok
16:57:49.0138 3512        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
16:57:49.0138 3512        sffdisk - ok
16:57:49.0169 3512        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:57:49.0169 3512        sffp_mmc - ok
16:57:49.0185 3512        sffp_sd        (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:57:49.0185 3512        sffp_sd - ok
16:57:49.0201 3512        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
16:57:49.0201 3512        sfloppy - ok
16:57:49.0279 3512        SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
16:57:49.0294 3512        SharedAccess - ok
16:57:49.0341 3512        ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
16:57:49.0341 3512        ShellHWDetection - ok
16:57:49.0388 3512        Si3114r5        (b8fb3ea0cf0aaca6b55e6ab8e1a9a918) C:\Windows\system32\DRIVERS\Si3114r5.sys
16:57:49.0388 3512        Si3114r5 - ok
16:57:49.0419 3512        SiFilter        (cfdc1eb1e921311789c0080612fbfe01) C:\Windows\system32\DRIVERS\SiWinAcc.sys
16:57:49.0419 3512        SiFilter - ok
16:57:49.0435 3512        SiRemFil        (a54a0d7892c01ff6e4bf47543930505f) C:\Windows\system32\DRIVERS\SiRemFil.sys
16:57:49.0435 3512        SiRemFil - ok
16:57:49.0451 3512        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
16:57:49.0466 3512        sisagp - ok
16:57:49.0482 3512        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:57:49.0482 3512        SiSRaid2 - ok
16:57:49.0513 3512        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
16:57:49.0513 3512        SiSRaid4 - ok
16:57:49.0560 3512        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
16:57:49.0560 3512        Smb - ok
16:57:49.0623 3512        SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
16:57:49.0623 3512        SNMPTRAP - ok
16:57:49.0654 3512        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
16:57:49.0654 3512        spldr - ok
16:57:49.0701 3512        Spooler        (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
16:57:49.0701 3512        Spooler - ok
16:57:49.0873 3512        sppsvc          (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
16:57:49.0904 3512        sppsvc - ok
16:57:50.0013 3512        sppuinotify    (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
16:57:50.0013 3512        sppuinotify - ok
16:57:50.0123 3512        sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
16:57:50.0154 3512        sptd - ok
16:57:50.0232 3512        srv            (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
16:57:50.0232 3512        srv - ok
16:57:50.0279 3512        srv2            (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
16:57:50.0279 3512        srv2 - ok
16:57:50.0310 3512        srvnet          (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
16:57:50.0326 3512        srvnet - ok
16:57:50.0357 3512        SSDPSRV        (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
16:57:50.0357 3512        SSDPSRV - ok
16:57:50.0373 3512        SstpSvc        (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
16:57:50.0388 3512        SstpSvc - ok
16:57:50.0435 3512        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
16:57:50.0435 3512        stexstor - ok
16:57:50.0482 3512        StiSvc          (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
16:57:50.0482 3512        StiSvc - ok
16:57:50.0513 3512        storflt        (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
16:57:50.0513 3512        storflt - ok
16:57:50.0560 3512        StorSvc        (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
16:57:50.0560 3512        StorSvc - ok
16:57:50.0591 3512        storvsc        (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
16:57:50.0591 3512        storvsc - ok
16:57:50.0623 3512        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
16:57:50.0623 3512        swenum - ok
16:57:50.0669 3512        swprv          (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
16:57:50.0669 3512        swprv - ok
16:57:50.0748 3512        SysMain        (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
16:57:50.0810 3512        SysMain - ok
16:57:50.0826 3512        TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
16:57:50.0841 3512        TabletInputService - ok
16:57:50.0873 3512        TapiSrv        (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
16:57:50.0873 3512        TapiSrv - ok
16:57:50.0904 3512        TBS            (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
16:57:50.0904 3512        TBS - ok
16:57:51.0029 3512        Tcpip          (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
16:57:51.0029 3512        Tcpip - ok
16:57:51.0076 3512        TCPIP6          (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
16:57:51.0076 3512        TCPIP6 - ok
16:57:51.0107 3512        tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
16:57:51.0107 3512        tcpipreg - ok
16:57:51.0138 3512        TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
16:57:51.0138 3512        TDPIPE - ok
16:57:51.0154 3512        TDTCP          (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
16:57:51.0154 3512        TDTCP - ok
16:57:51.0185 3512        tdx            (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
16:57:51.0201 3512        tdx - ok
16:57:51.0216 3512        TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
16:57:51.0216 3512        TermDD - ok
16:57:51.0263 3512        TermService    (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
16:57:51.0279 3512        TermService - ok
16:57:51.0310 3512        Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
16:57:51.0310 3512        Themes - ok
16:57:51.0341 3512        THREADORDER    (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
16:57:51.0341 3512        THREADORDER - ok
16:57:51.0373 3512        TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
16:57:51.0388 3512        TrkWks - ok
16:57:51.0451 3512        TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
16:57:51.0451 3512        TrustedInstaller - ok
16:57:51.0482 3512        tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:57:51.0482 3512        tssecsrv - ok
16:57:51.0529 3512        tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
16:57:51.0529 3512        tunnel - ok
16:57:51.0560 3512        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
16:57:51.0560 3512        uagp35 - ok
16:57:51.0591 3512        udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
16:57:51.0607 3512        udfs - ok
16:57:51.0638 3512        UI0Detect      (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
16:57:51.0654 3512        UI0Detect - ok
16:57:51.0685 3512        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
16:57:51.0685 3512        uliagpkx - ok
16:57:51.0716 3512        umbus          (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
16:57:51.0716 3512        umbus - ok
16:57:51.0748 3512        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
16:57:51.0748 3512        UmPass - ok
16:57:51.0779 3512        UmRdpService    (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
16:57:51.0794 3512        UmRdpService - ok
16:57:51.0826 3512        upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
16:57:51.0841 3512        upnphost - ok
16:57:51.0904 3512        usbaudio        (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
16:57:51.0904 3512        usbaudio - ok
16:57:51.0935 3512        usbccgp        (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
16:57:51.0951 3512        usbccgp - ok
16:57:51.0966 3512        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
16:57:51.0966 3512        usbcir - ok
16:57:52.0013 3512        usbehci        (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
16:57:52.0013 3512        usbehci - ok
16:57:52.0060 3512        usbhub          (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
16:57:52.0076 3512        usbhub - ok
16:57:52.0107 3512        usbohci        (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
16:57:52.0107 3512        usbohci - ok
16:57:52.0123 3512        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
16:57:52.0123 3512        usbprint - ok
16:57:52.0169 3512        usbscan        (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
16:57:52.0169 3512        usbscan - ok
16:57:52.0201 3512        USBSTOR        (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:57:52.0201 3512        USBSTOR - ok
16:57:52.0248 3512        usbuhci        (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
16:57:52.0248 3512        usbuhci - ok
16:57:52.0279 3512        UxSms          (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
16:57:52.0279 3512        UxSms - ok
16:57:52.0310 3512        VaultSvc        (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
16:57:52.0310 3512        VaultSvc - ok
16:57:52.0341 3512        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
16:57:52.0341 3512        vdrvroot - ok
16:57:52.0388 3512        vds            (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
16:57:52.0419 3512        vds - ok
16:57:52.0451 3512        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
16:57:52.0451 3512        vga - ok
16:57:52.0466 3512        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
16:57:52.0466 3512        VgaSave - ok
16:57:52.0498 3512        vhdmp          (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
16:57:52.0498 3512        vhdmp - ok
16:57:52.0529 3512        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
16:57:52.0529 3512        viaagp - ok
16:57:52.0560 3512        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
16:57:52.0560 3512        ViaC7 - ok
16:57:52.0576 3512        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
16:57:52.0576 3512        viaide - ok
16:57:52.0623 3512        vmbus          (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
16:57:52.0638 3512        vmbus - ok
16:57:52.0654 3512        VMBusHID        (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
16:57:52.0654 3512        VMBusHID - ok
16:57:52.0685 3512        volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
16:57:52.0685 3512        volmgr - ok
16:57:52.0716 3512        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
16:57:52.0716 3512        volmgrx - ok
16:57:52.0763 3512        volsnap        (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
16:57:52.0763 3512        volsnap - ok
16:57:52.0810 3512        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
16:57:52.0810 3512        vsmraid - ok
16:57:52.0904 3512        VSS            (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
16:57:52.0919 3512        VSS - ok
16:57:52.0935 3512        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
16:57:52.0935 3512        vwifibus - ok
16:57:52.0982 3512        W32Time        (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
16:57:52.0998 3512        W32Time - ok
16:57:53.0029 3512        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
16:57:53.0029 3512        WacomPen - ok
16:57:53.0076 3512        WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
16:57:53.0076 3512        WANARP - ok
16:57:53.0091 3512        Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
16:57:53.0091 3512        Wanarpv6 - ok
16:57:53.0169 3512        wbengine        (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
16:57:53.0216 3512        wbengine - ok
16:57:53.0248 3512        WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
16:57:53.0263 3512        WbioSrvc - ok
16:57:53.0310 3512        wcncsvc        (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
16:57:53.0326 3512        wcncsvc - ok
16:57:53.0341 3512        WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
16:57:53.0357 3512        WcsPlugInService - ok
16:57:53.0388 3512        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
16:57:53.0388 3512        Wd - ok
16:57:53.0435 3512        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
16:57:53.0435 3512        Wdf01000 - ok
16:57:53.0466 3512        WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
16:57:53.0466 3512        WdiServiceHost - ok
16:57:53.0482 3512        WdiSystemHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
16:57:53.0482 3512        WdiSystemHost - ok
16:57:53.0529 3512        WebClient      (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
16:57:53.0544 3512        WebClient - ok
16:57:53.0576 3512        Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
16:57:53.0591 3512        Wecsvc - ok
16:57:53.0607 3512        wercplsupport  (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
16:57:53.0607 3512        wercplsupport - ok
16:57:53.0638 3512        WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
16:57:53.0638 3512        WerSvc - ok
16:57:53.0685 3512        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
16:57:53.0685 3512        WfpLwf - ok
16:57:53.0701 3512        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
16:57:53.0701 3512        WIMMount - ok
16:57:53.0810 3512        WinDefend      (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
16:57:53.0857 3512        WinDefend - ok
16:57:53.0888 3512        WinHttpAutoProxySvc - ok
16:57:53.0951 3512        Winmgmt        (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
16:57:53.0998 3512        Winmgmt - ok
16:57:54.0107 3512        WinRM          (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
16:57:54.0185 3512        WinRM - ok
16:57:54.0279 3512        WinUsb          (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
16:57:54.0279 3512        WinUsb - ok
16:57:54.0341 3512        Wlansvc        (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
16:57:54.0388 3512        Wlansvc - ok
16:57:54.0419 3512        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:57:54.0419 3512        WmiAcpi - ok
16:57:54.0482 3512        wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
16:57:54.0482 3512        wmiApSrv - ok
16:57:54.0591 3512        WMPNetworkSvc  (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
16:57:54.0591 3512        WMPNetworkSvc - ok
16:57:54.0623 3512        WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
16:57:54.0623 3512        WPCSvc - ok
16:57:54.0654 3512        WPDBusEnum      (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
16:57:54.0669 3512        WPDBusEnum - ok
16:57:54.0701 3512        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
16:57:54.0701 3512        ws2ifsl - ok
16:57:54.0748 3512        wscsvc          (a661a76333057b383a06e65f0073222f) C:\Windows\system32\wscsvc.dll
16:57:54.0763 3512        wscsvc - ok
16:57:54.0763 3512        WSearch - ok
16:57:54.0873 3512        wuauserv        (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
16:57:54.0904 3512        wuauserv - ok
16:57:55.0013 3512        WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
16:57:55.0013 3512        WudfPf - ok
16:57:55.0044 3512        WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:57:55.0060 3512        WUDFRd - ok
16:57:55.0076 3512        wudfsvc        (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
16:57:55.0076 3512        wudfsvc - ok
16:57:55.0107 3512        WwanSvc        (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
16:57:55.0123 3512        WwanSvc - ok
16:57:55.0138 3512        MBR (0x1B8)    (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
16:57:55.0201 3512        \Device\Harddisk1\DR1 - ok
16:57:55.0201 3512        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:57:55.0482 3512        \Device\Harddisk0\DR0 - ok
16:57:55.0498 3512        Boot (0x1200)  (176cc3fa8d672489d176ab421bff34a9) \Device\Harddisk1\DR1\Partition0
16:57:55.0498 3512        \Device\Harddisk1\DR1\Partition0 - ok
16:57:55.0513 3512        Boot (0x1200)  (fe87461c06f03388254a5cf9963614c8) \Device\Harddisk0\DR0\Partition0
16:57:55.0513 3512        \Device\Harddisk0\DR0\Partition0 - ok
16:57:55.0529 3512        Boot (0x1200)  (eea4ca2223757e8a0f1afe5e97535b80) \Device\Harddisk0\DR0\Partition1
16:57:55.0529 3512        \Device\Harddisk0\DR0\Partition1 - ok
16:57:55.0560 3512        Boot (0x1200)  (04eb9e03354e8efdc48e3fdb4e3c5f47) \Device\Harddisk0\DR0\Partition2
16:57:55.0560 3512        \Device\Harddisk0\DR0\Partition2 - ok
16:57:55.0560 3512        ============================================================
16:57:55.0560 3512        Scan finished
16:57:55.0560 3512        ============================================================
16:57:55.0576 1448        Detected object count: 0
16:57:55.0576 1448        Actual detected object count: 0

Psychotic 15.06.2012 06:27
Sieht ganz gut aus - kontrollieren wir alles nochmal! :)


Schritt 1: MBAM vollständig


Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen. (Hinweis: Alle Festplatten anhaken!)
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.



Schritt 2: ESET



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Armin_M 15.06.2012 12:49
MBAM-log:

Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.15.02

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
*** :: ***-PC [Administrator]

Schutz: Aktiviert

15.06.2012 07:36:58
mbam-log-2012-06-15 (07-36-58).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 478500
Laufzeit: 2 Stunde(n), 42 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
und das eset-log:

Code:
C:\Users\***\Pictures\Rea\registrybooster.exe        Win32/RegistryBooster application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CDCSLBWU\e8f01c0008e60d70fa3c5b351662ad54[1].htm        HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DB5XG0PO\d78b3ebc8bdf79d714bdd18e09bd0542[1].htm        HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIOSJ6E7\setup_codec_3d[1].exe        a variant of Win32/Adware.ToolPlugin.A application

Psychotic 18.06.2012 07:41
Dann sind wir duch! :)


Schritt 1: Java update


Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 4 ) herunter laden.
  • Wenn die installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.



Schritt 2: Adobe Flash Player update


Dein Flash-Player ist veraltet. Da gerade diese Software gerne von Schädlingen als Sprungbrett ins System genutzt wird, muss sie immer aktuell gehalten werden.
Um den Flash Player zu aktualisieren, gehe bitte wie folgt vor:
  • Lade dir den aktuellen Adobe Flash Player von hier herunter. Wichtig: Entferne den Haken für optionale Software (z.B. Google Chrome), der auf der Seite angezeigt wird, bevor du auf "Jetzt herunterladen" klickst.
  • Starte das Setup und folge den Anweisungen auf dem Bildschirm.
  • Melde dich umgehend, falls Schwierigkeiten auftreten.



Schritt 3: VLC-Player update


Dein VLC-Player ist veraltet. Um ihn zu aktualisieren, gehe bitte wie folgt vor:
  • Lade dir den aktuellen Player von hier herunter.
  • Starte das Setup und folge den Anweisungen auf dem Bildschrim. Setup wird die alte Version des Players erkennen und dich fragen, ob vor der Installation die alte Version entfernt werden soll. Bestätige dies mit Ja.
  • Nachdem die alte Version des Programms entfernt wurde, startet die Neuinstallation. Belasse alles bei den vorgegebenen Werten - es sei denn, du willst daran etwas ändern (z.B. die Dateizuordnung o.ä.).
  • Melde dich umgehend, falls Schwierigkeiten auftreten.



Defogger re-enable

Starte bitte den Defogger und klicke den re-enable Button



ComboFix

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.
Code:
Combofix /Uninstall
http://larusso.trojaner-board.de/Images/CFuninstall.jpg

Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.



OTL

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.



Hier noch ein paar Tipps zur Absicherung deines Systems.

Aktualität

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.
Antviren-Software
  • Gehe sicher immer eine Antiviren-Software installiert zu haben und dass diese auch up to date ist. Auch der beste Virenscanner ist sinnlos, wenn er nicht aktuell ist!
    Eine Auswahl kostenloser Antivirenprogramme:
Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.
Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner, um diesen zu AdBlockPlus hinzuzufügen, reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.
Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Sei mißtrauisch in sozialen Netzwerken (z.B. MeinVZ, Facebook, etc) - auch, wenn Nachrichten/Einträge scheinbar von einem deiner Freunde stammen, bedeutet das noch lange nicht, dass sie unschädlich sind (Malware kann seinen Rechner verseucht haben).
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.

Armin_M 18.06.2012 15:02
Sieht soweit alles sehr gut aus. Bin noch dabei alle Updates nachzuziehen.
Beim SP1 wollte er sich ein bisschen weigern, aber Microsoft hatte eine Abhilfe zu dem Thema parat.
Kann man eigentlich den Windows Defender mit Malwarebytes zusammen betreiben? Oder ist das genauso schädlich wie zwei Virenprogramme nebeneinander?
Ich möchte mich nochmal, auch ganz besonders im Namen der Besitzerin des Rechners, für die tatkräftige Hilfe bedanken. :dankeschoen:

Sobald ich alles upgedated habe, melde ich mich hier nochmal, damit der Thread geschlossen werden kann.

Psychotic 18.06.2012 15:23
Zitat:
Kann man eigentlich den Windows Defender mit Malwarebytes zusammen betreiben? Oder ist das genauso schädlich wie zwei Virenprogramme nebeneinander?

Das kannst du ohne bedenken tun, da es sich bei beiden Tools nur um solche handelt, die ohne Aktion des Benutzers nichts unternehmen - sie kommen sich also nicht ins Gehege!

Armin_M 18.06.2012 23:05
Hab ich mich wohl zu früh gefreut.
Seit dem Absetzen des Befehls Combofix /uninstall habe ich wieder keinen DHCP-Clientdienst mehr.
Hab bleich nochmal die Anfangsprozedur wiederholt:

OTL.txt
Code:
OTL logfile created on: 18.06.2012 21:58:34 - Run 1
OTL by OldTimer - Version 3.2.49.0    Folder = C:\Users\Lore Seiler\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 67,11% Memory free
4,00 Gb Paging File | 3,36 Gb Available in Paging File | 83,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,44 Gb Total Space | 10,60 Gb Free Space | 14,24% Space Free | Partition Type: NTFS
Drive D: | 824,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 74,51 Gb Total Space | 73,74 Gb Free Space | 98,96% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 649,63 Gb Free Space | 69,74% Space Free | Partition Type: NTFS
 
Computer Name: LORESEILER-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.18 21:53:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.24 03:22:32 | 000,139,944 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\ezprint.exe
PRC - [2011.01.24 03:22:29 | 000,770,728 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\dleamon.exe
PRC - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.08.19 10:32:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2009.08.19 10:32:20 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2009.07.01 13:13:32 | 000,602,792 | ---- | M] ( ) -- C:\Windows\System32\dleacoms.exe
PRC - [2009.04.14 07:43:42 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE
PRC - [2007.01.12 11:57:28 | 000,292,336 | ---- | M] () -- C:\Programme\Dell Photo AIO Printer 926\dlcxmon.exe
PRC - [2006.11.03 17:04:56 | 000,304,008 | ---- | M] () -- C:\Programme\Dell Photo AIO Printer 926\memcard.exe
PRC - [2006.10.11 16:48:50 | 000,532,480 | ---- | M] ( ) -- C:\Windows\System32\dlcxcoms.exe
PRC - [2006.08.18 15:32:00 | 000,294,912 | ---- | M] (FUJIFILM Corporation.) -- C:\Programme\FinePixViewer\QuickDCF2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.01.24 03:22:32 | 000,139,944 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\ezprint.exe
MOD - [2011.01.24 03:22:29 | 000,770,728 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\dleamon.exe
MOD - [2010.08.10 00:01:06 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010.04.01 19:24:28 | 001,159,168 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\dleadrs.dll
MOD - [2010.04.01 19:23:27 | 000,389,120 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\dleascw.dll
MOD - [2009.11.26 10:49:41 | 000,086,180 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\DLEAcfg.dll
MOD - [2009.08.18 15:54:22 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.06.23 13:13:33 | 000,221,184 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\epoemdll.dll
MOD - [2009.06.23 13:13:02 | 000,045,056 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\epstring.dll
MOD - [2009.06.23 13:11:53 | 002,203,648 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\epwizres.dll
MOD - [2009.06.22 15:08:27 | 000,708,608 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\epwizard.dll
MOD - [2009.06.22 15:06:32 | 000,159,744 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\customui.dll
MOD - [2009.06.22 15:06:09 | 000,061,440 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\epfunct.dll
MOD - [2009.06.22 15:06:03 | 000,114,688 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\eputil.dll
MOD - [2009.06.22 15:05:49 | 000,139,264 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\imagutil.dll
MOD - [2009.05.27 12:16:52 | 000,192,512 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dleadatr.dll
MOD - [2009.04.28 09:57:02 | 000,032,768 | ---- | M] () -- C:\Windows\System32\DLEAsmr.dll
MOD - [2009.04.07 21:25:27 | 000,409,600 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\iptk.dll
MOD - [2009.03.10 07:43:49 | 000,155,648 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\dleacaps.dll
MOD - [2009.03.05 19:55:33 | 000,059,904 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\dleacnv4.dll
MOD - [2009.03.02 16:25:47 | 000,151,552 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\dleaptp.dll
MOD - [2009.02.20 10:49:37 | 000,299,008 | ---- | M] () -- C:\Windows\System32\DLEAsm.dll
MOD - [2007.01.12 11:57:28 | 000,292,336 | ---- | M] () -- C:\Programme\Dell Photo AIO Printer 926\dlcxmon.exe
MOD - [2006.11.03 17:04:56 | 000,304,008 | ---- | M] () -- C:\Programme\Dell Photo AIO Printer 926\memcard.exe
MOD - [2006.09.06 05:13:14 | 000,073,728 | ---- | M] () -- C:\Programme\Dell Photo AIO Printer 926\DLCXcfg.dll
MOD - [2006.08.10 09:15:10 | 000,139,264 | ---- | M] () -- C:\Programme\Dell Photo AIO Printer 926\memcard.dll
MOD - [2006.08.08 14:54:18 | 000,278,528 | ---- | M] () -- C:\Programme\Dell Photo AIO Printer 926\dlcxscw.dll
MOD - [2006.02.22 12:44:00 | 000,061,440 | ---- | M] () -- C:\Programme\FinePixViewer\wia_register_event.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (Messenger)
SRV - [2012.06.14 07:18:06 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.24 09:04:20 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.05.24 11:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.04.26 14:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.01 13:13:32 | 000,602,792 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dleacoms.exe -- (dlea_device)
SRV - [2006.10.11 16:48:50 | 000,532,480 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlcxcoms.exe -- (dlcx_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (.tdx)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (.csc)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.08.08 20:13:10 | 000,117,584 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV - [2010.11.20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.08.09 17:01:40 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.14 00:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.06.18 19:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008.04.29 17:40:56 | 000,210,472 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Si3114r5.sys -- (Si3114r5)
DRV - [2008.04.29 17:40:56 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2008.04.29 17:40:56 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 90 9A 56 C0 35 CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 11:01:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.18 12:00:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.18 11:01:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.08.14 11:41:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.08.14 11:41:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.03 15:47:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4329hxqe.default\extensions
[2011.12.01 20:08:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.05.24 09:04:20 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.27 02:49:39 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.27 02:49:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.27 02:49:39 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.27 02:49:39 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.27 02:49:39 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.27 02:49:39 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.06.13 12:09:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Dell Symbolleiste) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Programme\Dell Printable Web\toolband.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Dell Symbolleiste) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Programme\Dell Printable Web\toolband.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Dell Symbolleiste) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - C:\Programme\Dell Printable Web\toolband.dll ()
O4 - HKLM..\Run: [Dell V310-V510 Series Fax Server] C:\Program Files\Dell V310-V510 Series\fm3032.exe ()
O4 - HKLM..\Run: [DLCXCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [dlcxmon.exe] C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4 - HKLM..\Run: [dleamon.exe] C:\Program Files\Dell V310-V510 Series\dleamon.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Dell V310-V510 Series\ezprint.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_MX\Trayserver_DE.exe (MAGIX AG)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E7D8419-DFD9-44BD-97C8-80FCEEB1D5BB}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E7D8419-DFD9-44BD-97C8-80FCEEB1D5BB}: NameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.12.05 13:15:06 | 000,000,039 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.18 21:53:44 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.06.18 18:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.06.18 16:11:55 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2012.06.18 16:11:55 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2012.06.18 16:11:55 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2012.06.18 16:11:54 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2012.06.18 16:11:54 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2012.06.18 16:11:17 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.06.18 16:11:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.06.18 16:11:12 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.06.18 16:11:12 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.06.18 16:11:11 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.06.18 16:11:00 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.06.18 16:11:00 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.06.18 16:10:57 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2012.06.18 16:10:57 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2012.06.18 16:10:56 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2012.06.18 16:10:55 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2012.06.18 16:10:55 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2012.06.18 16:10:54 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2012.06.18 16:10:51 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.06.18 16:10:51 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.06.18 16:10:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.06.18 16:10:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.06.18 16:10:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.06.18 16:10:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.06.18 16:10:50 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.06.18 16:10:50 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.06.18 16:10:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.06.18 16:10:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.06.18 16:10:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.06.18 16:10:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.06.18 16:10:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.06.18 16:10:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.06.18 16:10:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.06.18 16:10:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.06.18 16:10:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.06.18 16:10:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.06.18 16:10:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.06.18 16:10:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.06.18 16:10:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.06.18 16:10:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.06.18 16:10:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.06.18 16:10:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.06.18 16:10:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.06.18 16:10:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.06.18 16:10:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.06.18 16:10:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.06.18 16:10:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.06.18 16:10:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.06.18 16:10:22 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012.06.18 16:10:21 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012.06.18 16:10:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.06.18 16:09:55 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2012.06.18 16:09:55 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2012.06.18 16:09:39 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012.06.18 16:09:38 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012.06.18 16:09:36 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012.06.18 16:09:33 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012.06.18 16:09:32 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012.06.18 16:09:30 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.06.18 16:09:25 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.06.18 16:09:23 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012.06.18 16:09:17 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.06.18 16:09:16 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012.06.18 16:09:13 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012.06.18 16:09:12 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.06.18 16:09:12 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.06.18 16:09:07 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2012.06.18 13:46:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012.06.18 13:00:18 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
[2012.06.18 13:00:18 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprddm.dll
[2012.06.18 13:00:18 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2012.06.18 13:00:18 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe
[2012.06.18 13:00:18 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.06.18 13:00:18 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsmproxy.dll
[2012.06.18 13:00:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINBEN.DLL
[2012.06.18 13:00:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDUS.DLL
[2012.06.18 13:00:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBULG.DLL
[2012.06.18 13:00:17 | 000,941,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2012.06.18 13:00:17 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2012.06.18 13:00:17 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2012.06.18 13:00:17 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
[2012.06.18 13:00:17 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapistub.dll
[2012.06.18 13:00:17 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapi32.dll
[2012.06.18 13:00:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDPO.DLL
[2012.06.18 13:00:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINTEL.DLL
[2012.06.18 13:00:16 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2012.06.18 13:00:16 | 000,240,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012.06.18 13:00:16 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mystify.scr
[2012.06.18 13:00:16 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2012.06.18 13:00:16 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2012.06.18 13:00:16 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2012.06.18 13:00:16 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2012.06.18 13:00:14 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
[2012.06.18 13:00:14 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlsbres.dll
[2012.06.18 13:00:13 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSAC3ENC.DLL
[2012.06.18 13:00:13 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2012.06.18 13:00:12 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.06.18 13:00:11 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2012.06.18 13:00:11 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.06.18 13:00:10 | 002,217,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootres.dll
[2012.06.18 13:00:10 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\biocpl.dll
[2012.06.18 13:00:10 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2012.06.18 13:00:10 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\C_ISCII.DLL
[2012.06.18 13:00:09 | 001,040,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Display.dll
[2012.06.18 13:00:09 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2012.06.18 13:00:08 | 001,828,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2012.06.18 13:00:08 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012.06.18 13:00:08 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\defaultlocationcpl.dll
[2012.06.18 13:00:08 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldp.dll
[2012.06.18 13:00:07 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWSnapin.dll
[2012.06.18 13:00:07 | 000,144,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2012.06.18 13:00:07 | 000,132,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2012.06.18 13:00:07 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2012.06.18 13:00:07 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\acppage.dll
[2012.06.18 13:00:06 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2012.06.18 13:00:06 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.06.18 13:00:06 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.06.18 13:00:06 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2012.06.18 13:00:05 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.06.18 13:00:05 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halmacpi.dll
[2012.06.18 13:00:05 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hal.dll
[2012.06.18 13:00:05 | 000,137,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halacpi.dll
[2012.06.18 13:00:04 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2012.06.18 13:00:03 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2012.06.18 13:00:03 | 000,508,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2012.06.18 13:00:03 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2012.06.18 13:00:03 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2012.06.18 13:00:03 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsauth.dll
[2012.06.18 13:00:02 | 000,271,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fveapi.dll
[2012.06.18 13:00:02 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2012.06.18 13:00:02 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSMON.dll
[2012.06.18 13:00:01 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedynos.dll
[2012.06.18 13:00:01 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedyn.dll
[2012.06.18 13:00:00 | 002,157,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2012.06.18 13:00:00 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2012.06.18 13:00:00 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2012.06.18 13:00:00 | 000,051,200 | ---- | C] (Twain Working Group) -- C:\Windows\twain_32.dll
[2012.06.18 12:59:58 | 000,974,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppobjs.dll
[2012.06.18 12:59:58 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizeng.dll
[2012.06.18 12:59:58 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppnp.dll
[2012.06.18 12:59:58 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll
[2012.06.18 12:59:58 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spbcd.dll
[2012.06.18 12:59:56 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2012.06.18 12:59:56 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2012.06.18 12:59:56 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srrstr.dll
[2012.06.18 12:59:56 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2012.06.18 12:59:56 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sscore.dll
[2012.06.18 12:59:56 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizres.dll
[2012.06.18 12:59:55 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiadefui.dll
[2012.06.18 12:59:55 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2012.06.18 12:59:55 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wimgapi.dll
[2012.06.18 12:59:55 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2012.06.18 12:59:54 | 000,577,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2012.06.18 12:59:54 | 000,444,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc.dll
[2012.06.18 12:59:54 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wimserv.exe
[2012.06.18 12:59:54 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
[2012.06.18 12:59:54 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.18 12:59:54 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpps.dll
[2012.06.18 12:59:54 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2012.06.18 12:59:54 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.18 12:59:53 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VAN.dll
[2012.06.18 12:59:53 | 000,350,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2012.06.18 12:59:53 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattend.dll
[2012.06.18 12:59:53 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uxlib.dll
[2012.06.18 12:59:53 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2012.06.18 12:59:53 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2012.06.18 12:59:53 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\utildll.dll
[2012.06.18 12:59:52 | 001,227,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2012.06.18 12:59:52 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Vault.dll
[2012.06.18 12:59:52 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2012.06.18 12:59:52 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WavDest.dll
[2012.06.18 12:59:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vms3cap.sys
[2012.06.18 12:59:51 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
[2012.06.18 12:59:51 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSHVHOST.DLL
[2012.06.18 12:59:51 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPENCDD.dll
[2012.06.18 12:59:51 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSVRMGMT.DLL
[2012.06.18 12:59:50 | 001,115,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2012.06.18 12:59:50 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2012.06.18 12:59:50 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgent.dll
[2012.06.18 12:59:50 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recovery.dll
[2012.06.18 12:59:50 | 000,098,816 | ---- | C] (Microsoft) -- C:\Windows\System32\Robocopy.exe
[2012.06.18 12:59:50 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QCLIPROV.DLL
[2012.06.18 12:59:50 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pifmgr.dll
[2012.06.18 12:59:49 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onexui.dll
[2012.06.18 12:59:48 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL
[2012.06.18 12:59:48 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2012.06.18 12:59:48 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
[2012.06.18 12:59:48 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdhui.dll
[2012.06.18 12:59:48 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\proquota.exe
[2012.06.18 12:59:48 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfts.dll
[2012.06.18 12:59:47 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnfldr.dll
[2012.06.18 12:59:47 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationProxy.dll
[2012.06.18 12:59:46 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2012.06.18 12:59:46 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2012.06.18 12:59:46 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcl.exe
[2012.06.18 12:59:45 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2012.06.18 12:59:44 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2012.06.18 12:59:44 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2012.06.18 12:59:44 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFPlay.dll
[2012.06.18 12:59:42 | 002,151,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2012.06.18 12:59:42 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtrmgr.dll
[2012.06.18 12:59:42 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2012.06.18 12:59:42 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\itircl.dll
[2012.06.18 12:59:42 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kstvtune.ax
[2012.06.18 12:59:42 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksxbar.ax
[2012.06.18 12:59:42 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTUQ.DLL
[2012.06.18 12:59:42 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTUF.DLL
[2012.06.18 12:59:41 | 000,520,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2012.06.18 12:59:41 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDNEPR.DLL
[2012.06.18 12:59:41 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBLR.DLL
[2012.06.18 12:59:41 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBASH.DLL
[2012.06.18 12:59:40 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localsec.dll
[2012.06.18 12:59:40 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2012.06.18 12:59:40 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2012.06.18 12:59:40 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2012.06.18 12:59:40 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciqtz32.dll
[2012.06.18 12:59:40 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoff.exe
[2012.06.18 12:59:38 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2012.06.18 12:59:37 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2012.06.18 12:59:37 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012.06.18 12:59:37 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe
[2012.06.18 12:59:37 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\muifontsetup.dll
[2012.06.18 12:59:36 | 001,066,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2012.06.18 12:59:36 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2012.06.18 12:59:36 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msg.exe
[2012.06.18 12:59:35 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Narrator.exe
[2012.06.18 12:59:35 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshipsec.dll
[2012.06.18 12:59:35 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2012.06.18 12:59:35 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netid.dll
[2012.06.18 12:59:35 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPHLPR.DLL
[2012.06.18 12:59:35 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2012.06.18 12:59:34 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2012.06.18 12:59:34 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe
[2012.06.18 12:59:34 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgusr.exe
[2012.06.18 12:59:33 | 001,171,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.06.18 12:59:33 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2012.06.18 12:59:32 | 000,665,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2012.06.18 12:59:32 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
[2012.06.18 12:59:32 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe
[2012.06.18 12:59:32 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdboot.exe
[2012.06.18 12:59:32 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdsrv.dll
[2012.06.18 12:59:31 | 003,727,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2012.06.18 12:59:31 | 001,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2012.06.18 12:59:31 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amstream.dll
[2012.06.18 12:59:30 | 000,878,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Bubbles.scr
[2012.06.18 12:59:30 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2012.06.18 12:59:30 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2012.06.18 12:59:30 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2012.06.18 12:59:30 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgport.exe
[2012.06.18 12:59:30 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chglogon.exe
[2012.06.18 12:59:30 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\change.exe
[2012.06.18 12:59:29 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2012.06.18 12:59:29 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprefcl.dll
[2012.06.18 12:59:27 | 001,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2012.06.18 12:59:27 | 000,732,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2012.06.18 12:59:27 | 000,187,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012.06.18 12:59:27 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fphc.dll
[2012.06.18 12:59:27 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012.06.18 12:59:26 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\intl.cpl
[2012.06.18 12:59:26 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2012.06.18 12:59:26 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.06.18 12:59:26 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2012.06.18 12:59:26 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2012.06.18 12:59:25 | 000,252,928 | ---- | C] (Microsoft) -- C:\Windows\System32\DShowRdpFilter.dll
[2012.06.18 12:59:25 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2012.06.18 12:59:25 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\efscore.dll
[2012.06.18 12:59:24 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2012.06.18 12:59:24 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3ui.dll
[2012.06.18 12:59:24 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll
[2012.06.18 12:59:20 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2012.06.18 12:59:18 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2012.06.18 12:59:18 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsmf.dll
[2012.06.18 12:59:18 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umb.dll
[2012.06.18 12:59:18 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzutil.exe
[2012.06.18 12:59:18 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tskill.exe
[2012.06.18 12:59:17 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsdiscon.exe
[2012.06.18 12:59:17 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscon.exe
[2012.06.18 12:59:17 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TRAPI.dll
[2012.06.18 12:59:16 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2012.06.18 12:59:16 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2012.06.18 12:59:16 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssText3d.scr
[2012.06.18 12:59:13 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2012.06.18 12:59:13 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2012.06.18 12:59:12 | 003,367,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2012.06.18 12:59:12 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpsrcwp.dll
[2012.06.18 12:59:11 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOD.DLL
[2012.06.18 12:59:11 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2012.06.18 12:59:11 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012.06.18 12:59:11 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2012.06.18 12:59:11 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012.06.18 12:59:10 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2012.06.18 12:59:10 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012.06.18 12:59:10 | 000,458,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2012.06.18 12:59:10 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbrpm.sys
[2012.06.18 12:59:09 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnike.dll
[2012.06.18 12:59:09 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2012.06.18 12:59:09 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2012.06.18 12:59:08 | 001,063,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\werconcpl.dll
[2012.06.18 12:59:08 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2012.06.18 12:59:08 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp.dll
[2012.06.18 12:59:08 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbisurf.ax
[2012.06.18 12:59:07 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\relog.exe
[2012.06.18 12:59:07 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reset.exe
[2012.06.18 12:59:07 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2012.06.18 12:59:07 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcfgex.dll
[2012.06.18 12:59:06 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2012.06.18 12:59:06 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
[2012.06.18 12:59:06 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prncache.dll
[2012.06.18 12:59:06 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2012.06.18 12:59:06 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012.06.18 12:59:05 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2012.06.18 12:59:05 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2012.06.18 12:59:05 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceStatus.dll
[2012.06.18 12:59:05 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2012.06.18 12:59:05 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceSyncProvider.dll
[2012.06.18 12:59:05 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercfg.cpl
[2012.06.18 12:59:04 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiobj.dll
[2012.06.18 12:59:04 | 000,283,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdv.dll
[2012.06.18 12:59:04 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qcap.dll
[2012.06.18 12:59:04 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qwinsta.exe
[2012.06.18 12:59:04 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qprocess.exe
[2012.06.18 12:59:04 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quser.exe
[2012.06.18 12:59:04 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qappsrv.exe
[2012.06.18 12:59:04 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\query.exe
[2012.06.18 12:59:03 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppwinob.dll
[2012.06.18 12:59:03 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlcese30.dll
[2012.06.18 12:59:03 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2012.06.18 12:59:03 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2012.06.18 12:59:03 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2012.06.18 12:59:03 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2012.06.18 12:59:03 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shunimpl.dll
[2012.06.18 12:59:02 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2012.06.18 12:59:02 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppc.dll
[2012.06.18 12:59:02 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppinst.dll
[2012.06.18 12:59:02 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rwinsta.exe
[2012.06.18 12:59:02 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedcli.dll
[2012.06.18 12:59:01 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcln.dll
[2012.06.18 12:59:01 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2012.06.18 12:59:00 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe
[2012.06.18 12:59:00 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shadow.exe
[2012.06.18 12:58:58 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2012.06.18 12:58:58 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoncli.dll
[2012.06.18 12:58:56 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2012.06.18 12:58:54 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifsutil.dll
[2012.06.18 12:58:53 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGR1.DLL
[2012.06.18 12:58:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDUGHR1.DLL
[2012.06.18 12:58:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTAJIK.DLL
[2012.06.18 12:58:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDMON.DLL
[2012.06.18 12:58:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDMAORI.DLL
[2012.06.18 12:58:52 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OobeFldr.dll
[2012.06.18 12:58:52 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OnLineIDCpl.dll
[2012.06.18 12:58:52 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2012.06.18 12:58:52 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetapi.dll
[2012.06.18 12:58:52 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINORI.DLL
[2012.06.18 12:58:49 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netjoin.dll
[2012.06.18 12:58:48 | 002,130,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2012.06.18 12:58:48 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qasf.dll
[2012.06.18 12:58:46 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbda.dll
[2012.06.18 12:58:46 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2012.06.18 12:58:45 | 000,155,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2012.06.18 12:58:45 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPCRYPT.DLL
[2012.06.18 12:58:45 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2012.06.18 12:58:44 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nci.dll
[2012.06.18 12:58:44 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2012.06.18 12:58:44 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2012.06.18 12:58:43 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2012.06.18 12:58:43 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MultiDigiMon.exe
[2012.06.18 12:58:42 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012.06.18 12:58:42 | 000,690,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2012.06.18 12:58:42 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BlbEvents.dll
[2012.06.18 12:58:41 | 001,188,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DiagCpl.dll
[2012.06.18 12:58:41 | 000,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
[2012.06.18 12:58:41 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingFolder.dll
[2012.06.18 12:58:40 | 002,522,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2012.06.18 12:58:40 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.06.18 12:58:39 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceCenter.dll
[2012.06.18 12:58:39 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appmgr.dll
[2012.06.18 12:58:39 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aitagent.exe
[2012.06.18 12:58:38 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionQueue.dll
[2012.06.18 12:58:38 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2012.06.18 12:58:37 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AdmTmpl.dll
[2012.06.18 12:58:37 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basesrv.dll
[2012.06.18 12:58:36 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2012.06.18 12:58:36 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2012.06.18 12:58:36 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AzSqlExt.dll
[2012.06.18 12:58:36 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsperf.dll
[2012.06.18 12:58:35 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2012.06.18 12:58:35 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2012.06.18 12:58:35 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2012.06.18 12:58:35 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fde.dll
[2012.06.18 12:58:35 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2012.06.18 12:58:33 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSTIFF.dll
[2012.06.18 12:58:33 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgprint.dll
[2012.06.18 12:58:33 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2012.06.18 12:58:32 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2012.06.18 12:58:32 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2012.06.18 12:58:32 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2012.06.18 12:58:31 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DxpTaskSync.dll
[2012.06.18 12:58:31 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpd3d.dll
[2012.06.18 12:58:31 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elsTrans.dll
[2012.06.18 12:58:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2012.06.18 12:58:30 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2012.06.18 12:58:30 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2012.06.18 12:58:30 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWorkspace.dll
[2012.06.18 12:58:30 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2012.06.18 12:58:29 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vaultsvc.dll
[2012.06.18 12:58:29 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2012.06.18 12:58:29 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2012.06.18 12:58:29 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\userinit.exe
[2012.06.18 12:58:29 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2012.06.18 12:58:27 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2012.06.18 12:58:24 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabletPC.cpl
[2012.06.18 12:58:24 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2012.06.18 12:58:24 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe
[2012.06.18 12:58:24 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tlscsp.dll
[2012.06.18 12:58:24 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2012.06.18 12:58:23 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2012.06.18 12:58:23 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys
[2012.06.18 12:58:21 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2012.06.18 12:58:21 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2012.06.18 12:58:21 | 000,035,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\winusb.sys
[2012.06.18 12:58:20 | 002,414,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.18 12:58:20 | 001,712,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2012.06.18 12:58:20 | 001,326,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2012.06.18 12:58:20 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.18 12:58:20 | 000,335,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSATAPI.dll
[2012.06.18 12:58:20 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.18 12:58:20 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.18 12:58:19 | 002,504,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2012.06.18 12:58:19 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2012.06.18 12:58:19 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdwcn.dll
[2012.06.18 12:58:19 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanconn.dll
[2012.06.18 12:58:19 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2012.06.18 12:58:19 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdiasqmmodule.dll
[2012.06.18 12:58:18 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll
[2012.06.18 12:58:18 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2012.06.18 12:58:18 | 000,040,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmstorfl.sys
[2012.06.18 12:58:17 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VmdCoinstall.dll
[2012.06.18 12:58:17 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmstorfltres.dll
[2012.06.18 12:58:17 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnikeapi.dll
[2012.06.18 12:58:15 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2012.06.18 12:58:15 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiavideo.dll
[2012.06.18 12:58:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiarpc.dll
[2012.06.18 12:58:15 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2012.06.18 12:58:09 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2012.06.18 12:58:09 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Ribbons.scr
[2012.06.18 12:58:09 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012.06.18 12:58:09 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\repair-bde.exe
[2012.06.18 12:58:09 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdprefdrvapi.dll
[2012.06.18 12:58:08 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPREFDD.dll
[2012.06.18 12:58:07 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelPost.exe
[2012.06.18 12:58:06 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2012.06.18 12:58:06 | 000,140,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys
[2012.06.18 12:58:06 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2012.06.18 12:58:06 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2012.06.18 12:58:06 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2012.06.18 12:58:06 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
[2012.06.18 12:58:05 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spopk.dll
[2012.06.18 12:58:04 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2012.06.18 12:58:04 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storvsc.sys
[2012.06.18 12:58:04 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sisbkup.dll
[2012.06.18 12:58:04 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2012.06.18 12:58:03 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\syssetup.dll
[2012.06.18 12:58:03 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2012.06.18 12:58:01 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdengin2.dll
[2012.06.18 12:58:01 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2012.06.18 12:58:00 | 001,131,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2012.06.18 12:58:00 | 000,750,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdcpl.dll
[2012.06.18 12:58:00 | 000,464,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrptadm.dll
[2012.06.18 12:58:00 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavengeui.dll
[2012.06.18 12:57:59 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgentc.exe
[2012.06.18 12:57:58 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2012.06.18 12:57:58 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PushPrinterConnections.exe
[2012.06.18 12:57:57 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2012.06.18 12:57:57 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2012.06.18 12:57:56 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2012.06.18 12:57:54 | 000,592,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2012.06.18 12:57:54 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2012.06.18 12:57:54 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdmo.dll
[2012.06.18 12:57:53 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2012.06.18 12:57:53 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2012.06.18 12:57:52 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ENC.DLL
[2012.06.18 12:57:52 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2012.06.18 12:57:52 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012.06.18 12:57:52 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2012.06.18 12:57:52 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msorcl32.dll
[2012.06.18 12:57:52 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\napdsnap.dll
[2012.06.18 12:57:50 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2012.06.18 12:57:49 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\migisol.dll
[2012.06.18 12:57:48 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2012.06.18 12:57:48 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2012.06.18 12:57:48 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olethk32.dll
[2012.06.18 12:57:47 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2012.06.18 12:57:47 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prntvpt.dll
[2012.06.18 12:57:47 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2012.06.18 12:57:47 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profprov.dll
[2012.06.18 12:57:45 | 001,644,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2012.06.18 12:57:45 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netdiagfx.dll
[2012.06.18 12:57:45 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
[2012.06.18 12:57:45 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2012.06.18 12:57:45 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe
[2012.06.18 12:57:45 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nrpsrv.dll
[2012.06.18 12:57:44 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll
[2012.06.18 12:57:44 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nltest.exe
[2012.06.18 12:57:44 | 000,175,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmbus.sys
[2012.06.18 12:57:44 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VmbusCoinstaller.dll
[2012.06.18 12:57:44 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmicres.dll
[2012.06.18 12:57:44 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmbusres.dll
[2012.06.18 12:57:44 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\VMBusHID.sys
[2012.06.18 12:57:43 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsbas.dll
[2012.06.18 12:57:43 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VBICodec.ax
[2012.06.18 12:57:43 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe
[2012.06.18 12:57:43 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vfwwdm32.dll
[2012.06.18 12:57:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmbuspipe.dll
[2012.06.18 12:57:42 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wavemsp.dll
[2012.06.18 12:57:42 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmicsvc.exe
[2012.06.18 12:57:42 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmictimeprovider.dll
[2012.06.18 12:57:41 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscfgwmi.dll
[2012.06.18 12:57:41 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UserAccountControlSettings.dll
[2012.06.18 12:57:39 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdmat.dll
[2012.06.18 12:57:38 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2012.06.18 12:57:38 | 000,766,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2012.06.18 12:57:38 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2012.06.18 12:57:38 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2012.06.18 12:57:38 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshirda.dll
[2012.06.18 12:57:37 | 001,624,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPEncEn.dll
[2012.06.18 12:57:37 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2012.06.18 12:57:37 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2012.06.18 12:57:37 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSTPager.ax
[2012.06.18 12:57:37 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.18 12:57:36 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeResults.exe
[2012.06.18 12:57:36 | 000,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\winhv.sys
[2012.06.18 12:57:35 | 000,782,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2012.06.18 12:57:35 | 000,508,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2012.06.18 12:57:35 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2012.06.18 12:57:35 | 000,257,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgrade.exe
[2012.06.18 12:57:34 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmdev.dll
[2012.06.18 12:57:34 | 000,442,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2012.06.18 12:57:34 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmnet.dll
[2012.06.18 12:57:34 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkscli.dll
[2012.06.18 12:57:33 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2012.06.18 12:57:33 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slui.exe
[2012.06.18 12:57:33 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sharemediacpl.dll
[2012.06.18 12:57:33 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2012.06.18 12:57:33 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVolSSO.dll
[2012.06.18 12:57:31 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012.06.18 12:57:31 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppcomapi.dll
[2012.06.18 12:57:31 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqmapi.dll
[2012.06.18 12:57:29 | 002,202,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SensorsCpl.dll
[2012.06.18 12:57:29 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2012.06.18 12:57:29 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2012.06.18 12:57:28 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe
[2012.06.18 12:57:27 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termmgr.dll
[2012.06.18 12:57:26 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2012.06.18 12:57:26 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskbarcpl.dll
[2012.06.18 12:57:25 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2012.06.18 12:57:21 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgcpl.dll
[2012.06.18 12:57:21 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.06.18 12:57:21 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IcCoinstall.dll
[2012.06.18 12:57:21 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2012.06.18 12:57:21 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2012.06.18 12:57:21 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HotStartUserAgent.dll
[2012.06.18 12:57:20 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.06.18 12:57:19 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.dll
[2012.06.18 12:57:19 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2012.06.18 12:57:19 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2012.06.18 12:57:19 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2012.06.18 12:57:18 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\g711codc.ax
[2012.06.18 12:57:17 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2012.06.18 12:57:17 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksproxy.ax
[2012.06.18 12:57:17 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2012.06.18 12:57:16 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2012.06.18 12:57:16 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\luainstall.dll
[2012.06.18 12:57:16 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbdlk41a.dll
[2012.06.18 12:57:16 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDSF.DLL
[2012.06.18 12:57:16 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTURME.DLL
[2012.06.18 12:57:16 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDLT1.DLL
[2012.06.18 12:57:15 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfds.dll
[2012.06.18 12:57:15 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDSG.DLL
[2012.06.18 12:57:14 | 003,207,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2012.06.18 12:57:14 | 000,516,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\main.cpl
[2012.06.18 12:57:14 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\manage-bde.exe
[2012.06.18 12:57:13 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2012.06.18 12:57:13 | 000,312,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MCEWMDRMNDBootstrap.dll
[2012.06.18 12:57:13 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsicli.exe
[2012.06.18 12:57:13 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012.06.18 12:57:13 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetmib1.dll
[2012.06.18 12:57:12 | 001,466,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.06.18 12:57:12 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2012.06.18 12:57:12 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGKL.DLL
[2012.06.18 12:57:12 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINHIN.DLL
[2012.06.18 12:57:11 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iTVData.dll
[2012.06.18 12:57:11 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\isoburn.exe
[2012.06.18 12:57:11 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsium.dll
[2012.06.18 12:57:11 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDCZ1.DLL
[2012.06.18 12:57:11 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINTAM.DLL
[2012.06.18 12:57:11 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINMAR.DLL
[2012.06.18 12:57:11 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINKAN.DLL
[2012.06.18 12:57:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGEO.DLL
[2012.06.18 12:57:10 | 000,679,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2012.06.18 12:57:10 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroleui.dll
[2012.06.18 12:57:10 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2012.06.18 12:57:09 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2012.06.18 12:57:09 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2012.06.18 12:57:09 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cca.dll
[2012.06.18 12:57:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertPolEng.dll
[2012.06.18 12:57:08 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
[2012.06.18 12:57:06 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenter.dll
[2012.06.18 12:57:06 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenterCPL.dll
[2012.06.18 12:57:06 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2012.06.18 12:57:04 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2012.06.18 12:57:03 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2012.06.18 12:57:03 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2012.06.18 12:57:03 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\djoin.exe
[2012.06.18 12:57:03 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnaddr.dll
[2012.06.18 12:57:02 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscmmc.dll
[2012.06.18 12:57:01 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2012.06.18 12:57:01 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2012.06.18 12:57:00 | 001,371,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmcore.dll
[2012.06.18 12:56:58 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXPTaskRingtone.dll
[2012.06.18 12:56:58 | 000,399,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXP.dll
[2012.06.18 12:56:58 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2012.06.18 12:56:57 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscobj.dll
[2012.06.18 12:56:57 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CscMig.dll
[2012.06.18 12:56:56 | 000,863,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2012.06.18 12:56:56 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\desk.cpl
[2012.06.18 12:24:51 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2012.06.18 12:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.06.18 12:01:15 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.06.18 12:00:42 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.06.18 12:00:42 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.06.18 12:00:05 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.06.18 12:00:05 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.06.18 11:03:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.06.18 11:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.06.18 11:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012.06.15 17:17:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.06.15 17:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.06.14 15:57:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia
[2012.06.14 15:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.06.14 10:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.14 06:56:54 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.14 06:56:54 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.06.13 19:02:38 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.06.13 19:01:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.06.12 19:00:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp
[2012.06.12 18:40:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.06.12 18:28:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012.06.05 22:48:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012.06.05 22:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCDEmu
[2012.06.05 22:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\WinCDEmu
[2012.06.04 17:28:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.06.04 17:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.04 17:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.04 17:28:31 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.04 17:28:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.24 09:04:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.05.24 09:04:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.18 22:05:21 | 000,018,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.18 22:05:21 | 000,018,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.18 21:57:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.18 21:57:09 | 1610,256,384 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.18 21:55:50 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.06.18 21:54:17 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\ifb3sf54.exe
[2012.06.18 21:53:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.06.18 21:53:35 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.06.18 21:18:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.18 17:02:06 | 000,413,384 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.18 15:57:13 | 000,656,028 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.18 15:57:13 | 000,617,910 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.18 15:57:13 | 000,130,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.18 15:57:13 | 000,107,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.18 15:54:17 | 000,000,151 | ---- | M] () -- C:\Users\***\Desktop\Rootkit.Zeroaccess - Seite 3 - Trojaner-Board.URL
[2012.06.18 13:37:03 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2012.06.18 11:59:42 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.06.18 11:59:41 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.06.18 11:01:27 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.06.14 15:12:53 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.06.14 07:18:03 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.14 07:18:03 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.06.13 12:09:49 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.06.06 00:44:45 | 000,000,134 | ---- | M] () -- C:\Users\***\Desktop\Internet Explorer-Problembehebung.url
 
========== Files Created - No Company Name ==========
 
[2012.06.18 21:55:28 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.06.18 21:54:12 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\ifb3sf54.exe
[2012.06.18 21:53:34 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.06.18 12:59:48 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.06.18 12:59:20 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2012.06.18 12:57:59 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2012.06.18 12:57:57 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2012.06.18 11:57:36 | 000,000,151 | ---- | C] () -- C:\Users\***\Desktop\Rootkit.Zeroaccess - Seite 3 - Trojaner-Board.URL
[2012.06.18 11:01:27 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.06.14 15:12:53 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012.06.14 15:12:46 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.06.14 06:56:56 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.06 00:44:45 | 000,000,134 | ---- | C] () -- C:\Users\***\Desktop\Internet Explorer-Problembehebung.url
[2011.10.10 19:50:21 | 000,049,152 | ---- | C] () -- C:\Windows\System32\DLEAPMON.DLL
[2011.10.10 19:50:21 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLEAFXPU.DLL
[2011.10.10 19:50:01 | 005,709,824 | ---- | C] () -- C:\Windows\System32\DLEAoem.dll
[2011.10.10 19:49:37 | 000,372,736 | ---- | C] () -- C:\Windows\System32\DLEAwupd.dll
[2011.10.10 19:49:37 | 000,213,672 | ---- | C] () -- C:\Windows\System32\DLEAwupd.exe
[2011.10.10 19:46:01 | 000,331,776 | ---- | C] () -- C:\Windows\System32\DLEAinst.dll
[2011.10.10 19:45:56 | 000,114,688 | ---- | C] () -- C:\Windows\System32\dleainsr.dll
[2011.10.10 19:45:56 | 000,057,344 | ---- | C] () -- C:\Windows\System32\dleajswr.dll
[2011.10.10 19:45:54 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dleagrd.dll
[2011.10.10 19:45:54 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dleacur.dll
[2011.10.10 19:45:53 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\dleacomm.dll
[2011.10.10 19:44:20 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLEAsmr.dll
[2011.10.10 19:44:19 | 000,299,008 | ---- | C] () -- C:\Windows\System32\DLEAsm.dll
[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.10.05 17:10:05 | 000,454,656 | ---- | C] () -- C:\Windows\System32\dlcxutil.dll
[2010.10.05 17:10:05 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcxinpa.dll
[2010.10.05 17:10:05 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcxiesc.dll
[2010.10.05 17:10:05 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\dlcxhcp.dll
[2010.10.05 17:10:05 | 000,274,432 | ---- | C] () -- C:\Windows\System32\dlcxinst.dll
[2010.10.05 17:10:04 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcxserv.dll
[2010.10.05 17:10:04 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcxusb1.dll
[2010.10.05 17:10:04 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcxhbn3.dll
[2010.10.05 17:10:04 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomc.dll
[2010.10.05 17:10:04 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcxpmui.dll
[2010.10.05 17:10:04 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcxlmpm.dll
[2010.10.05 17:10:04 | 000,532,480 | ---- | C] ( ) -- C:\Windows\System32\dlcxcoms.exe
[2010.10.05 17:10:04 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomm.dll
[2010.10.05 17:10:04 | 000,380,928 | ---- | C] ( ) -- C:\Windows\System32\dlcxih.exe
[2010.10.05 17:10:04 | 000,188,416 | ---- | C] () -- C:\Windows\System32\dlcxgrd.dll
[2010.10.05 17:10:04 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxinsb.dll
[2010.10.05 17:10:04 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxins.dll
[2010.10.05 17:10:04 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcxprox.dll
[2010.10.05 17:10:04 | 000,139,264 | ---- | C] () -- C:\Windows\System32\dlcxjswr.dll
[2010.10.05 17:10:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\dlcxinsr.dll
[2010.10.05 17:10:04 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcxpplc.dll
[2010.10.05 17:10:04 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcxcub.dll
[2010.10.05 17:10:04 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcu.dll
[2010.10.05 17:10:04 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcxcur.dll
[2010.10.05 17:10:03 | 000,381,832 | ---- | C] ( ) -- C:\Windows\System32\dlcxcfg.exe
[2010.10.05 17:08:53 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlcxcoin.dll
[2010.10.05 17:08:53 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlcxvs.dll
[2010.08.09 16:48:06 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2010.08.09 16:44:43 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI
[2010.08.09 16:08:32 | 000,013,824 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.06 22:19:33 | 000,656,028 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.08.06 22:19:33 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.08.06 22:19:33 | 000,130,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.08.06 22:19:33 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.08.06 21:24:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.08.06 21:24:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

< End of report >
und hier die Extra.txt:

Code:
OTL Extras logfile created on: 18.06.2012 21:58:34 - Run 1
OTL by OldTimer - Version 3.2.49.0    Folder = C:\Users\***\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 67,11% Memory free
4,00 Gb Paging File | 3,36 Gb Available in Paging File | 83,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,44 Gb Total Space | 10,60 Gb Free Space | 14,24% Space Free | Partition Type: NTFS
Drive D: | 824,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 74,51 Gb Total Space | 73,74 Gb Free Space | 98,96% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 649,63 Gb Free Space | 69,74% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: Lore Seiler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Program Files\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Programme\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation.)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0BF0F2A0-6181-4CEC-A94D-5026CE22312D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1C51AF67-A613-4F64-BFF7-A0CD67BB085F}" = rport=445 | protocol=6 | dir=out | app=system |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{292FBCA6-C6B6-4E17-894F-EFB30772CFBE}" = lport=139 | protocol=6 | dir=in | app=system |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{36427C99-2A3B-4AAB-9639-72CD6FCDA8B6}" = lport=445 | protocol=6 | dir=in | app=system |
"{3895254B-E848-469A-AE00-A0CED9E4367B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BD5525A-63C4-4538-8073-EBC3D7AAD314}" = lport=137 | protocol=17 | dir=in | app=system |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{5A7FDCFE-0E27-4344-8226-45B153B5F1AD}" = rport=137 | protocol=17 | dir=out | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6D3CB3FF-6608-4CC3-BC33-4B805F1B5696}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{716C686C-780C-493C-902B-A63200BE1E1F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{861E45CA-D218-4E70-BFA9-706F1524BDFA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{96BFBDBF-672D-41D7-8B67-7817B55FF149}" = lport=138 | protocol=17 | dir=in | app=system |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E7575C33-044E-45C3-9DEA-8D2B58A3CDF3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F78C56E2-2DFE-49EE-BB54-3302640136A1}" = rport=139 | protocol=6 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FE15AFB3-62FA-4E67-BF4B-3BF3B4DD41F2}" = rport=138 | protocol=17 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{05528151-2EF9-4715-9FAB-8BA593BA5AC3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0AF0C3E2-71B0-4365-87A2-4D1D84D45C3D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0D152461-CFDC-48B7-BF7E-FB97227A7BB3}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{25C1AA3F-F392-49A9-94B2-27AD4C297CA7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2CBE2CED-317B-42CA-A171-F54EC9369541}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{2FB151F9-2769-4F5B-B84D-B9459AEB5654}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{3C7F1F0D-6E15-4148-8EDA-8E8B81AFAC45}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{3F918F79-3DD8-4EE7-8DE7-DF0858DD3AC3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{45445766-ED73-42E2-AF51-A710158702DB}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{475A3F7A-4983-40BA-94DC-2F3E2B8ADBD3}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4C697F9D-6764-4E00-8A8D-A8505B997513}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{60BAAF38-C858-4A5B-904E-D77B9F6B37B6}" = protocol=6 | dir=in | app=c:\program files\dell v310-v510 series\dleafax.exe |
"{616B0C0C-84A9-4BD9-9B1C-A5DE45CAB674}" = protocol=17 | dir=in | app=c:\program files\dell v310-v510 series\dleafax.exe |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68A5108D-5537-453A-B43D-2AB06D401341}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7EF17BDC-5A59-4CAA-9374-111A091C3CF4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8ACFBF59-4AFE-4921-BDDB-948C3F35979D}" = protocol=17 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{9E1B688F-ED74-41A1-9910-3B15D2E8A22E}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BB3C4B33-6FEF-465C-B642-8CCC03DBB716}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DF728C45-3195-46AE-84A2-5EDA512A2F1C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E408FDF7-61B1-49E7-81CA-6FC6AB667928}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{E5F2882E-55F5-4B90-9E78-21120DA59ABC}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FA61C09B-4919-4D44-A999-19C0335BE032}" = protocol=6 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09B71986-2AC5-482d-B6CB-42EA34F4F85B}" = Dell Symbolleiste
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.3
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{36A1E3D6-288A-4EEE-A081-30D9808B2BE3}" = Joe
"{37A54340-6655-4FFC-BC4C-0B945764DA4B}" = Canon PhotoRecord
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53AD87D3-72AE-4D07-8A7A-1F4D54E83777}" = ACDSee Foto-Editor
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{61B65BA2-ACB0-4109-B6AC-C73A93106FA6}" = MAGIX Screenshare
"{68D73A1E-9B15-4519-8B62-67606DA80082}" = MAGIX Speed burnR (MSI)
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Foto-Manager 12
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{B4A6DE2E-5E84-4F1D-B26A-EAB0D42ED932}" = CP Printer Guide
"{BB533746-CF08-11D7-BCF1-005004748D87}" = Java SATARaid
"{C960FB07-BBAA-4D26-BE81-D119A15A6E84}" = MAGIX Video deluxe MX Plus Download-Version
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{DA38EC64-4D83-4E46-83CA-C0D1175921DC}" = MAGIX Video deluxe MX
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F748FAE2-3D19-44F7-AC03-EB9ADA517752}" = FotoSlate 4
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Canon SELPHY CP510" = Canon SELPHY CP510
"Dell Photo AIO Printer 926" = Dell Photo AIO Printer 926
"Dell V310-V510 Series" = Dell V310-V510 Series
"Designer 2.0_is1" = Designer 2.0
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ESET Online Scanner" = ESET Online Scanner v3
"Foxit Reader" = Foxit Reader
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{B4A6DE2E-5E84-4F1D-B26A-EAB0D42ED932}" = Canon Utilities Anleitung zum CP-Drucker
"IrfanView" = IrfanView (remove only)
"MAGIX_MSI_Videodeluxe18" = MAGIX Video deluxe MX
"MAGIX_MSI_Videodeluxe18_plus" = MAGIX Video deluxe MX Plus Download-Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"VLC media player" = VLC media player 2.0.1
"WinCDEmu" = WinCDEmu
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.06.2012 05:05:03 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe".  Die abhängige Assemblierung
 "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.06.2012 05:05:08 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe".  Die abhängige Assemblierung
 "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.06.2012 05:05:13 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe".  Die abhängige Assemblierung
 "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.06.2012 05:05:13 | Computer Name = ***-PC | Source = MsiInstaller | ID = 11920
Description =
 
Error - 18.06.2012 07:59:07 | Computer Name = ***-PC | Source = ESENT | ID = 215
Description = WinMail (2404) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 18.06.2012 09:07:47 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\WinCDEmu\vmnt64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.06.2012 12:22:20 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
 Zeitstempel: 0x4d6727a7  Name des fehlerhaften Moduls: WinCDEmuContextMenu.dll_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x4e402656  Ausnahmecode: 0xc0000005  Fehleroffset:
0x6d3eeb75  ID des fehlerhaften Prozesses: 0xae4  Startzeit der fehlerhaften Anwendung:
 0x01cd4d636c5aa6d6  Pfad der fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad
des fehlerhaften Moduls: WinCDEmuContextMenu.dll  Berichtskennung: c6cec144-b961-11e1-b311-0011098a348f
 
Error - 18.06.2012 15:23:24 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: sechost.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdb04  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000075b5  ID des fehlerhaften
 Prozesses: 0x41c  Startzeit der fehlerhaften Anwendung: 0x01cd4d87c10db67c  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\sechost.dll  Berichtskennung: 125e357c-b97b-11e1-8593-0011098a348f
 
Error - 18.06.2012 15:50:35 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: sechost.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdb04  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000075b5  ID des fehlerhaften
 Prozesses: 0x3e8  Startzeit der fehlerhaften Anwendung: 0x01cd4d8b8eb92f4a  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\sechost.dll  Berichtskennung: de55ac40-b97e-11e1-9896-0011098a348f
 
Error - 18.06.2012 15:57:49 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: sechost.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdb04  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000075b5  ID des fehlerhaften
 Prozesses: 0x3e0  Startzeit der fehlerhaften Anwendung: 0x01cd4d8c91422eaa  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\sechost.dll  Berichtskennung: e0f14bff-b97f-11e1-8a98-0011098a348f
 
[ System Events ]
Error - 18.06.2012 15:57:52 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000
 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 18.06.2012 15:57:52 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Update" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 18.06.2012 15:57:53 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "DNS-Client" ist von folgendem Dienst abhängig: Tdx. Dieser
 Dienst ist eventuell nicht installiert.
 
Error - 18.06.2012 15:57:53 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "DNS-Client" ist von folgendem Dienst abhängig: Tdx. Dieser
 Dienst ist eventuell nicht installiert.
 
Error - 18.06.2012 15:57:53 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "DNS-Client" ist von folgendem Dienst abhängig: Tdx. Dieser
 Dienst ist eventuell nicht installiert.
 
Error - 18.06.2012 15:57:53 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "DNS-Client" ist von folgendem Dienst abhängig: Tdx. Dieser
 Dienst ist eventuell nicht installiert.
 
Error - 18.06.2012 15:57:54 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "DNS-Client" ist von folgendem Dienst abhängig: Tdx. Dieser
 Dienst ist eventuell nicht installiert.
 
Error - 18.06.2012 15:58:52 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Server" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler:  %%1056
 
Error - 18.06.2012 15:59:52 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart
des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:  %%1056
 
Error - 18.06.2012 16:00:18 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "DNS-Client" ist von folgendem Dienst abhängig: Tdx. Dieser
 Dienst ist eventuell nicht installiert.
 
 
< End of report >
Gmer.txt

[code]
GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-18 23:33:57
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_SP1614C rev.SW100-34
Running: ifb3sf54.exe; Driver: C:\Users\***\AppData\Local\Temp\awliquob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          ntoskrnl.exe!ZwRollbackEnlistment + 1409                                                                            82C78989 1 Byte  [06]
.text          ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                              82C984E2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          C:\Windows\system32\drivers\atikmdag.sys                                                                            section is writeable [0x91C3E000, 0x227A14, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text          C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!CreateWindowExW                                    7598EC7C 5 Bytes  JMP 6DD938A4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!DialogBoxParamW                                    759A3B9B 5 Bytes  JMP 6DCC7F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!DialogBoxIndirectParamW                            759B3B7F 5 Bytes  JMP 6DECFEF8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!DialogBoxParamA                                    759CCF42 5 Bytes  JMP 6DECFE95 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!DialogBoxIndirectParamA                            759CD274 5 Bytes  JMP 6DECFF5B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!MessageBoxIndirectA                                759DE869 5 Bytes  JMP 6DECFE2A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!MessageBoxIndirectW                                759DE963 5 Bytes  JMP 6DECFDBF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!MessageBoxExA                                      759DE9C9 5 Bytes  JMP 6DECFD5D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!MessageBoxExW                                      759DE9ED 5 Bytes  JMP 6DECFCFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3688] USER32.dll!CallNextHookEx                                    7598ABE1 5 Bytes  JMP 6DD03CA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3688] USER32.dll!UnhookWindowsHookEx                                7598ADF9 5 Bytes  JMP 6DDBD91F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3688] USER32.dll!SetWindowsHookExW                                  7598E30C 5 Bytes  JMP 6DD57DE1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3688] USER32.dll!CreateWindowExW                                    7598EC7C 5 Bytes  JMP 6DD938A4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3688] USER32.dll!DialogBoxParamW                                    759A3B9B 5 Bytes  JMP 6DCC7F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3688] USER32.dll!DialogBoxIndirectParamW                            759B3B7F 5 Bytes  JMP 6DECFEF8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3688] USER32.dll!DialogBoxParamA                                    759CCF42 5 Bytes  JMP 6DECFE95 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3688] USER32.dll!DialogBoxIndirectParamA                            759CD274 5 Bytes  JMP 6DECFF5B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3688] USER32.dll!MessageBoxIndirectA                                759DE869 5 Bytes  JMP 6DECFE2A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3688] USER32.dll!MessageBoxIndirectW                                759DE963 5 Bytes  JMP 6DECFDBF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3688] USER32.dll!MessageBoxExA                                      759DE9C9 5 Bytes  JMP 6DECFD5D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3688] USER32.dll!MessageBoxExW                                      759DE9ED 5 Bytes  JMP 6DECFCFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3688] ole32.dll!OleLoadFromStream                                  75776143 5 Bytes  JMP 6DED024B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[3688] ole32.dll!CoCreateInstance                                    757B9D0B 5 Bytes  JMP 6DD93432 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!CallNextHookEx                                    7598ABE1 5 Bytes  JMP 6DD03CA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!UnhookWindowsHookEx                                7598ADF9 5 Bytes  JMP 6DDBD91F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!SetWindowsHookExW                                  7598E30C 5 Bytes  JMP 6DD57DE1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!CreateWindowExW                                    7598EC7C 5 Bytes  JMP 6DD938A4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!DialogBoxParamW                                    759A3B9B 5 Bytes  JMP 6DCC7F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!DialogBoxIndirectParamW                            759B3B7F 5 Bytes  JMP 6DECFEF8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!DialogBoxParamA                                    759CCF42 5 Bytes  JMP 6DECFE95 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!DialogBoxIndirectParamA                            759CD274 5 Bytes  JMP 6DECFF5B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!MessageBoxIndirectA                                759DE869 5 Bytes  JMP 6DECFE2A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!MessageBoxIndirectW                                759DE963 5 Bytes  JMP 6DECFDBF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!MessageBoxExA                                      759DE9C9 5 Bytes  JMP 6DECFD5D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!MessageBoxExW                                      759DE9ED 5 Bytes  JMP 6DECFCFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[4020] ole32.dll!OleLoadFromStream                                  75776143 5 Bytes  JMP 6DED024B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[4020] ole32.dll!CoCreateInstance                                    757B9D0B 5 Bytes  JMP 6DD93432 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                              SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)

Device          \Driver\ACPI_HAL \Device\00000049                                                                                  halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                   
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                C:\Program Files\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                0x00 0x00 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                0
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xF5 0x26 0xAF 0x07 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                         
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                    0x1A 0xE4 0x3C 0x82 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                     
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x32 0x3C 0x70 0xBF ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                    C:\Program Files\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                    0x00 0x00 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                    0
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xF5 0x26 0xAF 0x07 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)     
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                        0x1A 0xE4 0x3C 0x82 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x32 0x3C 0x70 0xBF ...

---- EOF - GMER 1.0.15 ----
--- --- ---

WinCDEmu wurde bereits deinstalliert.
Manuell kann ich eine IP vergeben, wenn ich jedoch von manuell auf dhcp zurück wechseln will, verlangt er einen Neustart.

Psychotic 19.06.2012 22:20
Das war vermutlich ein Bug in Combofix!

Combofix


Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Armin_M 20.06.2012 11:14
Combofix-Log:

Code:
ComboFix 12-06-19.03 - *** 20.06.2012  11:51:39.5.2 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.2048.1310 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-20 bis 2012-06-20  ))))))))))))))))))))))))))))))
.
.
2012-06-20 10:01 . 2012-06-20 10:01        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-06-20 09:45 . 2012-06-20 09:45        56200        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C14B1477-1E7F-4F51-B00B-6D5D0DE05ABF}\offreg.dll
2012-06-18 14:16 . 2012-03-01 05:46        19824        ----a-w-        c:\windows\system32\drivers\fs_rec.sys
2012-06-18 14:16 . 2012-03-01 05:37        172544        ----a-w-        c:\windows\system32\wintrust.dll
2012-06-18 14:16 . 2012-03-01 05:33        159232        ----a-w-        c:\windows\system32\imagehlp.dll
2012-06-18 14:16 . 2012-03-01 05:29        5120        ----a-w-        c:\windows\system32\wmi.dll
2012-06-18 14:12 . 2012-01-04 08:58        442880        ----a-w-        c:\windows\system32\ntshrui.dll
2012-06-18 14:12 . 2012-04-07 11:26        2342400        ----a-w-        c:\windows\system32\msi.dll
2012-06-18 14:10 . 2011-05-04 04:34        1549312        ----a-w-        c:\windows\system32\tquery.dll
2012-06-18 14:09 . 2011-08-17 04:24        465408        ----a-w-        c:\windows\system32\psisdecd.dll
2012-06-18 13:59 . 2012-04-24 04:36        140288        ----a-w-        c:\windows\system32\cryptsvc.dll
2012-06-18 13:59 . 2012-04-24 04:36        1158656        ----a-w-        c:\windows\system32\crypt32.dll
2012-06-18 13:59 . 2012-04-24 04:36        103936        ----a-w-        c:\windows\system32\cryptnet.dll
2012-06-18 12:05 . 2012-05-08 07:40        6737808        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C14B1477-1E7F-4F51-B00B-6D5D0DE05ABF}\mpengine.dll
2012-06-18 11:46 . 2012-06-18 11:46        --------        d-----w-        c:\windows\system32\SPReview
2012-06-18 10:59 . 2010-11-20 02:21        868864        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2012-06-18 10:58 . 2010-11-20 02:19        954288        ----a-w-        c:\windows\system32\mfc40u.dll
2012-06-18 10:56 . 2010-11-20 02:18        630784        ----a-w-        c:\windows\system32\DXPTaskRingtone.dll
2012-06-18 10:56 . 2010-11-20 02:18        399872        ----a-w-        c:\windows\system32\DXP.dll
2012-06-18 10:56 . 2010-11-20 02:18        242176        ----a-w-        c:\windows\system32\eapp3hst.dll
2012-06-18 10:56 . 2010-11-20 02:18        17408        ----a-w-        c:\windows\system32\credssp.dll
2012-06-18 10:56 . 2010-11-20 02:18        139264        ----a-w-        c:\windows\system32\cscobj.dll
2012-06-18 10:56 . 2010-11-20 02:18        109568        ----a-w-        c:\windows\system32\CscMig.dll
2012-06-18 10:56 . 2010-11-19 22:44        388096        ----a-w-        c:\windows\system32\drivers\csc.sys
2012-06-18 10:56 . 2010-11-20 02:18        863744        ----a-w-        c:\windows\system32\diagperf.dll
2012-06-18 10:56 . 2010-11-20 02:16        128000        ----a-w-        c:\windows\system32\desk.cpl
2012-06-18 10:56 . 2010-11-19 23:50        31232        ----a-w-        c:\windows\system32\drivers\CompositeBus.sys
2012-06-18 10:56 . 2010-11-20 02:18        546304        ----a-w-        c:\windows\system32\cscsvc.dll
2012-06-18 10:24 . 2012-06-18 10:24        --------        d-----w-        c:\windows\CheckSur
2012-06-18 10:02 . 2012-06-18 10:02        --------        d-----w-        c:\program files\Common Files\Java
2012-06-18 10:01 . 2012-06-18 10:01        --------        d-----w-        c:\program files\Oracle
2012-06-18 10:00 . 2012-05-04 17:29        772504        ----a-w-        c:\windows\system32\npDeployJava1.dll
2012-06-18 09:03 . 2012-06-18 09:03        --------        d-----w-        c:\program files\Bonjour
2012-06-15 15:16 . 2012-06-15 15:16        --------        d-----w-        c:\program files\Microsoft Silverlight
2012-06-15 15:12 . 2012-05-08 07:40        6737808        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-14 13:57 . 2012-06-14 13:57        --------        d-----w-        c:\users\***\AppData\Local\Macromedia
2012-06-14 13:14 . 2012-06-14 13:14        713784        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3366CA71-E991-46A0-85A5-37675C5E4324}\gapaengine.dll
2012-06-14 13:12 . 2012-06-14 13:12        --------        d-----w-        c:\program files\Microsoft Security Client
2012-06-14 08:03 . 2012-06-14 08:03        --------        d-----w-        c:\program files\ESET
2012-06-14 04:56 . 2012-06-14 05:18        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-14 04:56 . 2012-06-14 05:18        419488        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-06-12 17:00 . 2012-06-20 10:01        --------        d-----w-        c:\users\***\AppData\Local\temp
2012-06-05 20:48 . 2012-06-05 20:48        --------        d-----w-        c:\windows\system32\EventProviders
2012-06-04 15:28 . 2012-06-04 15:28        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes
2012-06-04 15:28 . 2012-06-04 15:28        --------        d-----w-        c:\programdata\Malwarebytes
2012-06-04 15:28 . 2012-06-11 20:06        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-06-04 15:28 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-05-24 07:04 . 2012-05-24 07:04        --------        d-----w-        c:\program files\Mozilla Maintenance Service
2012-05-24 07:04 . 2012-05-24 07:04        157352        ----a-w-        c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-24 07:04 . 2012-05-24 07:04        129976        ----a-w-        c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-18 11:37 . 2009-07-14 02:05        152576        ----a-w-        c:\windows\system32\msclmd.dll
2012-05-14 23:43 . 2012-06-14 07:23        6737808        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD78EDD8-09EB-4428-8FF8-A4C1555F2B4F}\mpengine.dll
2012-05-04 17:29 . 2010-08-09 15:09        687504        ----a-w-        c:\windows\system32\deployJava1.dll
2012-04-18 18:56 . 2012-04-18 18:56        94208        ----a-w-        c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56        69632        ----a-w-        c:\windows\system32\QuickTime.qts
2012-05-24 07:04 . 2011-06-02 21:07        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-15 106496]
"dleamon.exe"="c:\program files\Dell V310-V510 Series\dleamon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files\Dell V310-V510 Series\ezprint.exe" [2011-01-24 139944]
"Dell V310-V510 Series Fax Server"="c:\program files\Dell V310-V510 Series\fm3032.exe" [2011-01-24 316072]
"TrayServer"="c:\program files\MAGIX\Video_deluxe_MX\TrayServer_de.exe" [2008-08-07 90112]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Exif Launcher 2.lnk - c:\programme\FinePixViewer\QuickDCF2.exe [2010-8-9 294912]
Java SATARaid.lnk - c:\program files\Silicon Image\Java SATARaid\siicfg.jar [2010-8-7 1750703]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 257696]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [2011-08-08 117584]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-24 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 74112]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-09 691696]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-10-11 532480]
S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe [2009-07-01 602792]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 05:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4E7D8419-DFD9-44BD-97C8-80FCEEB1D5BB}: NameServer = 192.168.1.254
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4329hxqe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.csc]
"ImagePath"="\?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.tdx]
"ImagePath"="\?"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.032"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.abr"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ANI\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ani"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (S-1-5-21-2232143414-1069646403-3848905212-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSeePhotoEditor.apd"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.arw"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bay"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bmp"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bw"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CR2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cr2"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CRW\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.crw"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cs1"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CUR\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cur"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dcr"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DCX\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dcx"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dib"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.djv"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DJVU\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.djvu"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dng"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.emf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.EPS\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.eps"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.erf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.fff"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.FPX\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.fpx"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.gif"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.hdr"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ICL\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.icl"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.icn"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.IFF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.iff"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ilbm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.int"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.inta"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.iw4"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.j2c"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.j2k"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jbr"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jfif"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jif"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JP2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jp2"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpc"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpe"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpeg"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpg"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpk"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpx"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.KDC\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.kdc"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.lbm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mef"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mos"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mrw"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.nef"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.nrw"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.orf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PBM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pbm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pbr"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PCD\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pcd"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pct"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PCX\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pcx"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pef"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PGM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pgm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pic"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pict"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pix"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.png"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PPM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ppm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PSD\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.psd"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PSP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.psp"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pspbrush"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pspimage"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.raf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RAS\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ras"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RAW\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.raw"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rgb"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rgba"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rle"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rsb"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rw2"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rwl"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SGI\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.sgi"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.sr2"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.srf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TGA\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.tga"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.thm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.tif"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.tiff"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ttc"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ttf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.v30po"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.v30pp"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.v30ppf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.wbm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WBMP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.wbmp"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.wmf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.XBM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xbm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xif"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xmp"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.XPM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xpm"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\SOUNDMAN.EXE
c:\windows\servicing\TrustedInstaller.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-20  12:10:57 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-20 10:10
.
Vor Suchlauf: 10 Verzeichnis(se), 11.154.640.896 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 11.052.322.816 Bytes frei
.
- - End Of File - - 16204214A460CEAF0E06000F592DCA79

Psychotic 20.06.2012 12:25
Wie ist es jetzt mit dem DHCP?

Armin_M 20.06.2012 16:05
Geht jetzt wieder.
Irgendwie scheint er beim Combofix /Uninstall die Dienste mit falschen Rechten ausgestattet zu haben. Jedenfalls war wieder der Abhängigkeitsdienst wie am Anfang nicht startbar.
Jetzt die Reste vom Desktop einfach löschen?
Da sind Combofix, OTL, Gmer und defogger und deren logs.
Hab in den Logs auch noch Verweise auf stpd gesehen. Die gehörten zu den Daemon Tools die bereits deinstalliert wurden. Auch WinCDEmu wird noch erwähnt, auch bereits deinstalliert.

Psychotic 21.06.2012 07:14
Zitat:
"WinCDEmu" = WinCDEmu

In der Softwareliste wird der CD Emu noch angezeigt...bist du sicher, dass er weg ist?


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:54 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58