Rootkit.Zeroaccess

Psychotic · 14.06.2012, 14:09

Ich sehe in den Logfiles keine laufende Anti Viren Software. Das ist gefährlich. Manchmal bemerkt man Malware durch PopUps oder Google-Umleitungen etc, aber meisten läuft diese unbemerkt im Hintergrund. Ein AVP kann Dir helfen, Malware zu finden. Bitte downloade und Installiere Dir eines der folgenden AVPs.

Armin_M · 14.06.2012, 14:46

Habe jetzt Security Essentials installiert. Der gab während seiner Schnellüberprüfung die Meldung aus, dass erkannte Bedrohungen beeitigt wurden und keine Benutzeraktion erforderlich sei.
Im Verlauf finde ich einen Trojan/WinNT:SirefefJ mit Warnstufe schwerwiegend unter Quarantäne.
Datei: C:\Windows\System32\Drivers\dfsc.sys

Vorher war wie bereits erwähnt Avira drauf, das sich nach dem Entfernen des Rootkits nicht mehr starten ließ. Das wurde deshalb vorgestern deinstalliert. Deshalb habe ich den Rechner auch immer wieder vom Netz getrennt, um das Risiko wenigstens zu minimieren.
Es fehlen immer noch Updates, kann ich die schon installieren?

Psychotic · 14.06.2012, 14:56

Nein!

Schritt 1: Gmer

Bitte

alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
nichts am Rechner arbeiten,
nach jedem Scan der Rechner neu gestarten.

Gmer scannen lassen

Lade Dir Gmer von dieser Seite herunter (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen). Vista und Win7 User mit Rechtsklick und als Administrator starten.
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!! GMER has found system modification, which might have been caused by ROOTKIT activity. Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Entferne rechts den Hacken bei:
- IAT/EAT
- Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
- Show all (sollte abgehackt sein)
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Schritt 2: TDSS-Killer

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe
Klicke Change parameters, wähle Detect TDLFS file system, klicke OK.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

Armin_M · 14.06.2012, 16:06

Hier das Gmer.log:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-14 16:56:22
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_SP1614C rev.SW100-34
Running: nisq9nvq.exe; Driver: C:\Users\***\AppData\Local\Temp\awliquob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!ZwSaveKeyEx + 13B1                                                                                                82C798A9 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                                         82C992F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                       section is writeable [0x8FC0C000, 0x227A14, 0xE8000020]
.text           autochk.exe                                                                                                                    002B11D2 1 Byte  [73]
.text           autochk.exe                                                                                                                    002B11D2 3 Bytes  [73, 00, 79]
.text           autochk.exe                                                                                                                    002B11D6 1 Byte  [73]
.text           autochk.exe                                                                                                                    002B11D6 3 Bytes  [73, 00, 74]
.text           autochk.exe                                                                                                                    002B11DA 1 Byte  [65]
.text           ...                                                                                                                            

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000048                                                                                              halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                         fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                         fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                         fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                         fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                               
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                            C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                            0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                            0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                         0xF5 0x26 0xAF 0x07 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                   0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                0x1A 0xE4 0x3C 0x82 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                 
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                           0x32 0x3C 0x70 0xBF ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                           
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                             0xF5 0x26 0xAF 0x07 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                       0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                    0x1A 0xE4 0x3C 0x82 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)             
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                               0x32 0x3C 0x70 0xBF ...
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing@SessionIdHigh                                         30231094
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing@SessionIdLow                                          -11077714
Reg             HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation                                                    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_6.1.7601_172bf1486fd8257a61eacfb77e4e1b22c730e9_0ad18525

---- Files - GMER 1.0.15 ----

File            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_6.1.7601_172bf1486fd8257a61eacfb77e4e1b22c730e9_0287bd36             0 bytes
File            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_6.1.7601_172bf1486fd8257a61eacfb77e4e1b22c730e9_0287bd36\Report.wer  1764 bytes
File            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_6.1.7601_172bf1486fd8257a61eacfb77e4e1b22c730e9_09b7a365             0 bytes
File            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_6.1.7601_172bf1486fd8257a61eacfb77e4e1b22c730e9_09b7a365\Report.wer  1764 bytes
File            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_6.1.7601_172bf1486fd8257a61eacfb77e4e1b22c730e9_0acfd860             0 bytes
File            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_6.1.7601_172bf1486fd8257a61eacfb77e4e1b22c730e9_0acfd860\Report.wer  1764 bytes

---- EOF - GMER 1.0.15 ----

und das log von tdsskiller:

Code:

ATTFilter

16:56:55.0279 2424	TDSS rootkit removing tool 2.7.39.0 Jun 14 2012 08:11:46
16:56:55.0357 2424	============================================================
16:56:55.0357 2424	Current date / time: 2012/06/14 16:56:55.0357
16:56:55.0357 2424	SystemInfo:
16:56:55.0357 2424	
16:56:55.0357 2424	OS Version: 6.1.7600 ServicePack: 0.0
16:56:55.0357 2424	Product type: Workstation
16:56:55.0357 2424	ComputerName: ***-PC
16:56:55.0357 2424	UserName: ***
16:56:55.0357 2424	Windows directory: C:\Windows
16:56:55.0357 2424	System windows directory: C:\Windows
16:56:55.0357 2424	Processor architecture: Intel x86
16:56:55.0357 2424	Number of processors: 2
16:56:55.0357 2424	Page size: 0x1000
16:56:55.0357 2424	Boot type: Normal boot
16:56:55.0357 2424	============================================================
16:56:56.0857 2424	Drive \Device\Harddisk1\DR1 - Size: 0xE8E0CB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
16:56:56.0873 2424	Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:56:57.0169 2424	============================================================
16:56:57.0169 2424	\Device\Harddisk1\DR1:
16:56:57.0232 2424	MBR partitions:
16:56:57.0232 2424	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000
16:56:57.0232 2424	\Device\Harddisk0\DR0:
16:56:57.0232 2424	MBR partitions:
16:56:57.0232 2424	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:56:57.0232 2424	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x94DF800
16:56:57.0232 2424	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9512000, BlocksNum 0x9506800
16:56:57.0232 2424	============================================================
16:56:57.0248 2424	C: <-> \Device\Harddisk0\DR0\Partition1
16:56:57.0310 2424	E: <-> \Device\Harddisk0\DR0\Partition2
16:56:57.0326 2424	F: <-> \Device\Harddisk1\DR1\Partition0
16:56:57.0326 2424	============================================================
16:56:57.0326 2424	Initialize success
16:56:57.0326 2424	============================================================
16:57:33.0185 3512	============================================================
16:57:33.0185 3512	Scan started
16:57:33.0185 3512	Mode: Manual; TDLFS; 
16:57:33.0185 3512	============================================================
16:57:33.0873 3512	.csc - ok
16:57:33.0919 3512	.tdx - ok
16:57:34.0029 3512	1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
16:57:34.0029 3512	1394ohci - ok
16:57:34.0060 3512	ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
16:57:34.0076 3512	ACPI - ok
16:57:34.0091 3512	AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
16:57:34.0091 3512	AcpiPmi - ok
16:57:34.0169 3512	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:57:34.0169 3512	AdobeFlashPlayerUpdateSvc - ok
16:57:34.0216 3512	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
16:57:34.0216 3512	adp94xx - ok
16:57:34.0248 3512	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
16:57:34.0248 3512	adpahci - ok
16:57:34.0279 3512	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
16:57:34.0279 3512	adpu320 - ok
16:57:34.0326 3512	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
16:57:34.0326 3512	AeLookupSvc - ok
16:57:34.0388 3512	AFD             (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
16:57:34.0388 3512	AFD - ok
16:57:34.0419 3512	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
16:57:34.0419 3512	agp440 - ok
16:57:34.0435 3512	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
16:57:34.0451 3512	aic78xx - ok
16:57:34.0669 3512	ALCXWDM         (7997b6f02cbda0e31fa18cc85871b938) C:\Windows\system32\drivers\RTKVAC.SYS
16:57:34.0716 3512	ALCXWDM - ok
16:57:34.0826 3512	ALG             (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
16:57:34.0826 3512	ALG - ok
16:57:34.0857 3512	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
16:57:34.0857 3512	aliide - ok
16:57:34.0873 3512	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
16:57:34.0888 3512	amdagp - ok
16:57:34.0919 3512	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
16:57:34.0919 3512	amdide - ok
16:57:34.0951 3512	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
16:57:34.0951 3512	AmdK8 - ok
16:57:34.0966 3512	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
16:57:34.0966 3512	AmdPPM - ok
16:57:35.0029 3512	amdsata         (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
16:57:35.0029 3512	amdsata - ok
16:57:35.0060 3512	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
16:57:35.0060 3512	amdsbs - ok
16:57:35.0107 3512	amdxata         (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
16:57:35.0123 3512	amdxata - ok
16:57:35.0138 3512	AppID           (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
16:57:35.0138 3512	AppID - ok
16:57:35.0185 3512	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
16:57:35.0185 3512	AppIDSvc - ok
16:57:35.0216 3512	Appinfo         (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
16:57:35.0216 3512	Appinfo - ok
16:57:35.0310 3512	Apple Mobile Device (70d7be78061126dd0c3accdb7e129017) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:57:35.0326 3512	Apple Mobile Device - ok
16:57:35.0357 3512	AppMgmt         (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
16:57:35.0357 3512	AppMgmt - ok
16:57:35.0388 3512	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
16:57:35.0388 3512	arc - ok
16:57:35.0404 3512	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
16:57:35.0419 3512	arcsas - ok
16:57:35.0451 3512	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
16:57:35.0451 3512	AsyncMac - ok
16:57:35.0466 3512	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
16:57:35.0466 3512	atapi - ok
16:57:35.0701 3512	atikmdag        (712d8a95e45b070114c5309ada7358ff) C:\Windows\system32\DRIVERS\atikmdag.sys
16:57:35.0732 3512	atikmdag - ok
16:57:35.0904 3512	AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
16:57:35.0919 3512	AudioEndpointBuilder - ok
16:57:35.0935 3512	Audiosrv        (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
16:57:35.0951 3512	Audiosrv - ok
16:57:35.0982 3512	AxInstSV        (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
16:57:35.0982 3512	AxInstSV - ok
16:57:36.0279 3512	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
16:57:36.0294 3512	b06bdrv - ok
16:57:36.0326 3512	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
16:57:36.0341 3512	b57nd60x - ok
16:57:36.0404 3512	BazisVirtualCDBus (a2ecece11639fea1ccb66d853451f7e2) C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys
16:57:36.0404 3512	BazisVirtualCDBus - ok
16:57:36.0435 3512	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
16:57:36.0435 3512	BDESVC - ok
16:57:36.0466 3512	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
16:57:36.0466 3512	Beep - ok
16:57:36.0513 3512	BFE             (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
16:57:36.0529 3512	BFE - ok
16:57:36.0591 3512	BITS            (53f476476f55a27f580661bde09c4ec4) C:\Windows\system32\qmgr.dll
16:57:36.0623 3512	BITS - ok
16:57:36.0638 3512	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
16:57:36.0638 3512	blbdrive - ok
16:57:36.0763 3512	Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Program Files\Bonjour\mDNSResponder.exe
16:57:36.0763 3512	Bonjour Service - ok
16:57:36.0826 3512	bowser          (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
16:57:36.0826 3512	bowser - ok
16:57:36.0841 3512	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:57:36.0841 3512	BrFiltLo - ok
16:57:36.0873 3512	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:57:36.0873 3512	BrFiltUp - ok
16:57:36.0919 3512	BridgeMP        (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
16:57:36.0919 3512	BridgeMP - ok
16:57:36.0935 3512	Browser         (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
16:57:36.0951 3512	Browser - ok
16:57:36.0982 3512	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
16:57:36.0998 3512	Brserid - ok
16:57:37.0029 3512	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
16:57:37.0044 3512	BrSerWdm - ok
16:57:37.0060 3512	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:57:37.0060 3512	BrUsbMdm - ok
16:57:37.0076 3512	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
16:57:37.0076 3512	BrUsbSer - ok
16:57:37.0107 3512	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
16:57:37.0123 3512	BTHMODEM - ok
16:57:37.0154 3512	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
16:57:37.0169 3512	bthserv - ok
16:57:37.0279 3512	catchme - ok
16:57:37.0326 3512	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
16:57:37.0326 3512	cdfs - ok
16:57:37.0388 3512	cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
16:57:37.0388 3512	cdrom - ok
16:57:37.0419 3512	CertPropSvc     (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
16:57:37.0419 3512	CertPropSvc - ok
16:57:37.0451 3512	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
16:57:37.0451 3512	circlass - ok
16:57:37.0498 3512	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
16:57:37.0498 3512	CLFS - ok
16:57:37.0544 3512	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:57:37.0560 3512	clr_optimization_v2.0.50727_32 - ok
16:57:37.0638 3512	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:57:37.0638 3512	clr_optimization_v4.0.30319_32 - ok
16:57:37.0654 3512	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
16:57:37.0669 3512	CmBatt - ok
16:57:37.0685 3512	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
16:57:37.0685 3512	cmdide - ok
16:57:37.0716 3512	CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
16:57:37.0716 3512	CNG - ok
16:57:37.0763 3512	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
16:57:37.0763 3512	Compbatt - ok
16:57:37.0810 3512	CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:57:37.0810 3512	CompositeBus - ok
16:57:37.0810 3512	COMSysApp - ok
16:57:37.0841 3512	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
16:57:37.0841 3512	crcdisk - ok
16:57:37.0888 3512	CryptSvc        (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
16:57:37.0888 3512	CryptSvc - ok
16:57:37.0951 3512	CSC             (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
16:57:37.0951 3512	CSC - ok
16:57:37.0998 3512	CscService      (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
16:57:38.0029 3512	CscService - ok
16:57:38.0076 3512	DcomLaunch      (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
16:57:38.0091 3512	DcomLaunch - ok
16:57:38.0123 3512	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
16:57:38.0138 3512	defragsvc - ok
16:57:38.0185 3512	Dhcp            (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
16:57:38.0201 3512	Dhcp - ok
16:57:38.0248 3512	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
16:57:38.0248 3512	discache - ok
16:57:38.0279 3512	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
16:57:38.0279 3512	Disk - ok
16:57:38.0310 3512	dlcx_device - ok
16:57:38.0341 3512	dlea_device - ok
16:57:38.0388 3512	Dnscache        (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
16:57:38.0404 3512	Dnscache - ok
16:57:38.0435 3512	dot3svc         (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
16:57:38.0451 3512	dot3svc - ok
16:57:38.0498 3512	DPS             (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
16:57:38.0513 3512	DPS - ok
16:57:38.0544 3512	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
16:57:38.0544 3512	drmkaud - ok
16:57:38.0607 3512	DXGKrnl         (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
16:57:38.0623 3512	DXGKrnl - ok
16:57:38.0654 3512	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
16:57:38.0654 3512	EapHost - ok
16:57:38.0841 3512	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
16:57:38.0935 3512	ebdrv - ok
16:57:39.0029 3512	EFS             (f42309c4191c506b71db5d1126d26318) C:\Windows\System32\lsass.exe
16:57:39.0029 3512	EFS - ok
16:57:39.0138 3512	ehRecvr         (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
16:57:39.0154 3512	ehRecvr - ok
16:57:39.0185 3512	ehSched         (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
16:57:39.0185 3512	ehSched - ok
16:57:39.0248 3512	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
16:57:39.0263 3512	elxstor - ok
16:57:39.0279 3512	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
16:57:39.0279 3512	ErrDev - ok
16:57:39.0341 3512	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
16:57:39.0341 3512	EventSystem - ok
16:57:39.0388 3512	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
16:57:39.0388 3512	exfat - ok
16:57:39.0482 3512	Fabs - ok
16:57:39.0513 3512	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
16:57:39.0529 3512	fastfat - ok
16:57:39.0591 3512	Fax             (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
16:57:39.0623 3512	Fax - ok
16:57:39.0701 3512	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
16:57:39.0701 3512	fdc - ok
16:57:39.0732 3512	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
16:57:39.0732 3512	fdPHost - ok
16:57:39.0748 3512	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
16:57:39.0763 3512	FDResPub - ok
16:57:39.0779 3512	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
16:57:39.0779 3512	FileInfo - ok
16:57:39.0794 3512	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
16:57:39.0794 3512	Filetrace - ok
16:57:39.0951 3512	FirebirdServerMAGIXInstance (5bd96d8c5411ace71a7eaacaf0ef2903) C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
16:57:40.0044 3512	FirebirdServerMAGIXInstance - ok
16:57:40.0154 3512	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
16:57:40.0154 3512	flpydisk - ok
16:57:40.0185 3512	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
16:57:40.0185 3512	FltMgr - ok
16:57:40.0263 3512	FontCache       (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
16:57:40.0279 3512	FontCache - ok
16:57:40.0357 3512	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:57:40.0357 3512	FontCache3.0.0.0 - ok
16:57:40.0373 3512	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
16:57:40.0373 3512	FsDepends - ok
16:57:40.0388 3512	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
16:57:40.0388 3512	Fs_Rec - ok
16:57:40.0435 3512	fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
16:57:40.0435 3512	fvevol - ok
16:57:40.0466 3512	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:57:40.0482 3512	gagp30kx - ok
16:57:40.0544 3512	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:57:40.0544 3512	GEARAspiWDM - ok
16:57:40.0607 3512	gpsvc           (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
16:57:40.0638 3512	gpsvc - ok
16:57:40.0669 3512	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
16:57:40.0669 3512	hcw85cir - ok
16:57:40.0701 3512	HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:57:40.0701 3512	HDAudBus - ok
16:57:40.0748 3512	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
16:57:40.0748 3512	HidBatt - ok
16:57:40.0779 3512	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
16:57:40.0779 3512	HidBth - ok
16:57:40.0810 3512	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
16:57:40.0810 3512	HidIr - ok
16:57:40.0841 3512	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
16:57:40.0841 3512	hidserv - ok
16:57:40.0873 3512	HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
16:57:40.0873 3512	HidUsb - ok
16:57:40.0919 3512	hkmsvc          (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
16:57:40.0935 3512	hkmsvc - ok
16:57:40.0966 3512	HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
16:57:40.0966 3512	HomeGroupListener - ok
16:57:41.0013 3512	HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
16:57:41.0013 3512	HomeGroupProvider - ok
16:57:41.0044 3512	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
16:57:41.0060 3512	HpSAMD - ok
16:57:41.0123 3512	HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
16:57:41.0123 3512	HTTP - ok
16:57:41.0138 3512	hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
16:57:41.0138 3512	hwpolicy - ok
16:57:41.0185 3512	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
16:57:41.0185 3512	i8042prt - ok
16:57:41.0216 3512	iaStorV         (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\drivers\iaStorV.sys
16:57:41.0248 3512	iaStorV - ok
16:57:41.0466 3512	idsvc           (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:57:41.0498 3512	idsvc - ok
16:57:41.0513 3512	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
16:57:41.0513 3512	iirsp - ok
16:57:41.0576 3512	IKEEXT          (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
16:57:41.0607 3512	IKEEXT - ok
16:57:41.0623 3512	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
16:57:41.0623 3512	intelide - ok
16:57:41.0638 3512	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
16:57:41.0638 3512	intelppm - ok
16:57:41.0669 3512	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
16:57:41.0685 3512	IPBusEnum - ok
16:57:41.0701 3512	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:57:41.0701 3512	IpFilterDriver - ok
16:57:41.0810 3512	iphlpsvc        (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
16:57:41.0841 3512	iphlpsvc - ok
16:57:41.0873 3512	IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:57:41.0873 3512	IPMIDRV - ok
16:57:41.0904 3512	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
16:57:41.0904 3512	IPNAT - ok
16:57:42.0013 3512	iPod Service    (32cdedd15e2d1a557cd54552ae78ff86) C:\Program Files\iPod\bin\iPodService.exe
16:57:42.0044 3512	iPod Service - ok
16:57:42.0076 3512	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
16:57:42.0076 3512	IRENUM - ok
16:57:42.0107 3512	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
16:57:42.0107 3512	isapnp - ok
16:57:42.0216 3512	iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
16:57:42.0216 3512	iScsiPrt - ok
16:57:42.0326 3512	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:57:42.0326 3512	kbdclass - ok
16:57:42.0341 3512	kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
16:57:42.0357 3512	kbdhid - ok
16:57:42.0388 3512	KeyIso          (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
16:57:42.0388 3512	KeyIso - ok
16:57:42.0435 3512	KSecDD          (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
16:57:42.0435 3512	KSecDD - ok
16:57:42.0466 3512	KSecPkg         (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
16:57:42.0466 3512	KSecPkg - ok
16:57:42.0498 3512	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
16:57:42.0529 3512	KtmRm - ok
16:57:42.0591 3512	LanmanServer    (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll
16:57:42.0607 3512	LanmanServer - ok
16:57:42.0638 3512	LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
16:57:42.0654 3512	LanmanWorkstation - ok
16:57:42.0701 3512	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
16:57:42.0701 3512	lltdio - ok
16:57:42.0732 3512	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
16:57:42.0732 3512	lltdsvc - ok
16:57:42.0763 3512	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
16:57:42.0763 3512	lmhosts - ok
16:57:42.0794 3512	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:57:42.0810 3512	LSI_FC - ok
16:57:42.0826 3512	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:57:42.0826 3512	LSI_SAS - ok
16:57:42.0857 3512	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:57:42.0857 3512	LSI_SAS2 - ok
16:57:42.0888 3512	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:57:42.0904 3512	LSI_SCSI - ok
16:57:42.0935 3512	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
16:57:42.0935 3512	luafv - ok
16:57:42.0998 3512	MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
16:57:42.0998 3512	MBAMProtector - ok
16:57:43.0107 3512	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:57:43.0107 3512	MBAMService - ok
16:57:43.0138 3512	Mcx2Svc         (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
16:57:43.0154 3512	Mcx2Svc - ok
16:57:43.0169 3512	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
16:57:43.0169 3512	megasas - ok
16:57:43.0216 3512	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
16:57:43.0232 3512	MegaSR - ok
16:57:43.0279 3512	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
16:57:43.0279 3512	MMCSS - ok
16:57:43.0294 3512	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
16:57:43.0294 3512	Modem - ok
16:57:43.0326 3512	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
16:57:43.0326 3512	monitor - ok
16:57:43.0357 3512	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
16:57:43.0357 3512	mouclass - ok
16:57:43.0373 3512	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
16:57:43.0373 3512	mouhid - ok
16:57:43.0404 3512	mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
16:57:43.0404 3512	mountmgr - ok
16:57:43.0482 3512	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:57:43.0482 3512	MozillaMaintenance - ok
16:57:43.0544 3512	MpFilter        (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
16:57:43.0544 3512	MpFilter - ok
16:57:43.0560 3512	mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
16:57:43.0576 3512	mpio - ok
16:57:43.0748 3512	MpKsl15830de8   (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8DEB2CE2-A9AB-4F75-BEBD-C9C7871B589A}\MpKsl15830de8.sys
16:57:43.0748 3512	MpKsl15830de8 - ok
16:57:43.0763 3512	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
16:57:43.0763 3512	mpsdrv - ok
16:57:43.0826 3512	MpsSvc          (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
16:57:43.0857 3512	MpsSvc - ok
16:57:43.0888 3512	MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
16:57:43.0888 3512	MRxDAV - ok
16:57:43.0951 3512	mrxsmb          (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:57:43.0966 3512	mrxsmb - ok
16:57:43.0982 3512	mrxsmb10        (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:57:43.0982 3512	mrxsmb10 - ok
16:57:43.0998 3512	mrxsmb20        (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:57:43.0998 3512	mrxsmb20 - ok
16:57:44.0029 3512	msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
16:57:44.0029 3512	msahci - ok
16:57:44.0060 3512	msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
16:57:44.0076 3512	msdsm - ok
16:57:44.0091 3512	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
16:57:44.0107 3512	MSDTC - ok
16:57:44.0138 3512	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
16:57:44.0138 3512	Msfs - ok
16:57:44.0154 3512	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
16:57:44.0154 3512	mshidkmdf - ok
16:57:44.0185 3512	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
16:57:44.0185 3512	msisadrv - ok
16:57:44.0216 3512	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
16:57:44.0216 3512	MSiSCSI - ok
16:57:44.0232 3512	msiserver - ok
16:57:44.0263 3512	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
16:57:44.0263 3512	MSKSSRV - ok
16:57:44.0419 3512	MsMpSvc         (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
16:57:44.0419 3512	MsMpSvc - ok
16:57:44.0435 3512	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
16:57:44.0435 3512	MSPCLOCK - ok
16:57:44.0451 3512	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
16:57:44.0451 3512	MSPQM - ok
16:57:44.0482 3512	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
16:57:44.0482 3512	MsRPC - ok
16:57:44.0498 3512	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
16:57:44.0498 3512	mssmbios - ok
16:57:44.0513 3512	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
16:57:44.0513 3512	MSTEE - ok
16:57:44.0529 3512	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
16:57:44.0544 3512	MTConfig - ok
16:57:44.0560 3512	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
16:57:44.0560 3512	Mup - ok
16:57:44.0607 3512	napagent        (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
16:57:44.0623 3512	napagent - ok
16:57:44.0685 3512	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
16:57:44.0685 3512	NativeWifiP - ok
16:57:44.0748 3512	NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
16:57:44.0748 3512	NDIS - ok
16:57:44.0779 3512	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
16:57:44.0779 3512	NdisCap - ok
16:57:44.0794 3512	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
16:57:44.0794 3512	NdisTapi - ok
16:57:44.0810 3512	Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
16:57:44.0810 3512	Ndisuio - ok
16:57:44.0841 3512	NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
16:57:44.0857 3512	NdisWan - ok
16:57:44.0888 3512	NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
16:57:44.0888 3512	NDProxy - ok
16:57:44.0904 3512	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
16:57:44.0904 3512	NetBIOS - ok
16:57:44.0935 3512	NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
16:57:44.0935 3512	NetBT - ok
16:57:44.0966 3512	Netlogon        (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
16:57:44.0966 3512	Netlogon - ok
16:57:45.0013 3512	Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
16:57:45.0029 3512	Netman - ok
16:57:45.0060 3512	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
16:57:45.0060 3512	netprofm - ok
16:57:45.0154 3512	NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:57:45.0169 3512	NetTcpPortSharing - ok
16:57:45.0216 3512	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
16:57:45.0216 3512	nfrd960 - ok
16:57:45.0279 3512	NisDrv          (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:57:45.0279 3512	NisDrv - ok
16:57:45.0388 3512	NisSrv          (290c0d4c4889398797f8df3be00b9698) C:\Program Files\Microsoft Security Client\NisSrv.exe
16:57:45.0419 3512	NisSrv - ok
16:57:45.0466 3512	NlaSvc          (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
16:57:45.0482 3512	NlaSvc - ok
16:57:45.0498 3512	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
16:57:45.0498 3512	Npfs - ok
16:57:45.0529 3512	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
16:57:45.0529 3512	nsi - ok
16:57:45.0544 3512	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
16:57:45.0544 3512	nsiproxy - ok
16:57:45.0638 3512	Ntfs            (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
16:57:45.0654 3512	Ntfs - ok
16:57:45.0669 3512	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
16:57:45.0669 3512	Null - ok
16:57:45.0716 3512	nvraid          (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
16:57:45.0732 3512	nvraid - ok
16:57:45.0763 3512	nvstor          (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
16:57:45.0826 3512	nvstor - ok
16:57:45.0873 3512	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
16:57:45.0888 3512	nv_agp - ok
16:57:45.0935 3512	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
16:57:45.0935 3512	ohci1394 - ok
16:57:46.0029 3512	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
16:57:46.0029 3512	p2pimsvc - ok
16:57:46.0107 3512	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
16:57:46.0123 3512	p2psvc - ok
16:57:46.0216 3512	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
16:57:46.0216 3512	Parport - ok
16:57:46.0248 3512	partmgr         (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
16:57:46.0248 3512	partmgr - ok
16:57:46.0263 3512	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
16:57:46.0263 3512	Parvdm - ok
16:57:46.0326 3512	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
16:57:46.0326 3512	PcaSvc - ok
16:57:46.0357 3512	pci             (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
16:57:46.0357 3512	pci - ok
16:57:46.0373 3512	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
16:57:46.0373 3512	pciide - ok
16:57:46.0419 3512	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
16:57:46.0435 3512	pcmcia - ok
16:57:46.0451 3512	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
16:57:46.0451 3512	pcw - ok
16:57:46.0498 3512	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
16:57:46.0513 3512	PEAUTH - ok
16:57:46.0576 3512	PeerDistSvc     (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
16:57:46.0623 3512	PeerDistSvc - ok
16:57:46.0732 3512	pla             (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
16:57:46.0794 3512	pla - ok
16:57:46.0904 3512	PlugPlay        (2cc2008f1296968fba162ed9f9afe328) C:\Windows\system32\umpnpmgr.dll
16:57:46.0935 3512	PlugPlay - ok
16:57:46.0966 3512	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
16:57:46.0966 3512	PNRPAutoReg - ok
16:57:46.0998 3512	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
16:57:46.0998 3512	PNRPsvc - ok
16:57:47.0044 3512	PolicyAgent     (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
16:57:47.0076 3512	PolicyAgent - ok
16:57:47.0107 3512	Power           (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
16:57:47.0107 3512	Power - ok
16:57:47.0169 3512	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
16:57:47.0169 3512	PptpMiniport - ok
16:57:47.0185 3512	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
16:57:47.0201 3512	Processor - ok
16:57:47.0232 3512	ProfSvc         (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
16:57:47.0232 3512	ProfSvc - ok
16:57:47.0263 3512	ProtectedStorage (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
16:57:47.0263 3512	ProtectedStorage - ok
16:57:47.0294 3512	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
16:57:47.0294 3512	Psched - ok
16:57:47.0404 3512	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
16:57:47.0435 3512	ql2300 - ok
16:57:47.0544 3512	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
16:57:47.0560 3512	ql40xx - ok
16:57:47.0591 3512	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
16:57:47.0607 3512	QWAVE - ok
16:57:47.0623 3512	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
16:57:47.0623 3512	QWAVEdrv - ok
16:57:47.0638 3512	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
16:57:47.0638 3512	RasAcd - ok
16:57:47.0685 3512	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:57:47.0685 3512	RasAgileVpn - ok
16:57:47.0763 3512	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
16:57:47.0779 3512	RasAuto - ok
16:57:47.0794 3512	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:57:47.0794 3512	Rasl2tp - ok
16:57:47.0857 3512	RasMan          (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
16:57:47.0873 3512	RasMan - ok
16:57:47.0919 3512	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
16:57:47.0919 3512	RasPppoe - ok
16:57:47.0966 3512	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
16:57:47.0966 3512	RasSstp - ok
16:57:47.0998 3512	rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
16:57:47.0998 3512	rdbss - ok
16:57:48.0029 3512	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
16:57:48.0029 3512	rdpbus - ok
16:57:48.0060 3512	RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:57:48.0060 3512	RDPCDD - ok
16:57:48.0123 3512	RDPDR           (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
16:57:48.0123 3512	RDPDR - ok
16:57:48.0154 3512	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
16:57:48.0154 3512	RDPENCDD - ok
16:57:48.0185 3512	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
16:57:48.0185 3512	RDPREFMP - ok
16:57:48.0216 3512	RDPWD           (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
16:57:48.0216 3512	RDPWD - ok
16:57:48.0263 3512	rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
16:57:48.0263 3512	rdyboost - ok
16:57:48.0294 3512	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
16:57:48.0294 3512	RemoteAccess - ok
16:57:48.0326 3512	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
16:57:48.0341 3512	RemoteRegistry - ok
16:57:48.0357 3512	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
16:57:48.0373 3512	RpcEptMapper - ok
16:57:48.0388 3512	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
16:57:48.0388 3512	RpcLocator - ok
16:57:48.0435 3512	RpcSs           (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
16:57:48.0451 3512	RpcSs - ok
16:57:48.0466 3512	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
16:57:48.0466 3512	rspndr - ok
16:57:48.0498 3512	RTL8167         (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
16:57:48.0498 3512	RTL8167 - ok
16:57:48.0544 3512	s3cap           (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
16:57:48.0544 3512	s3cap - ok
16:57:48.0576 3512	SamSs           (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
16:57:48.0576 3512	SamSs - ok
16:57:48.0607 3512	sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
16:57:48.0607 3512	sbp2port - ok
16:57:48.0638 3512	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
16:57:48.0654 3512	SCardSvr - ok
16:57:48.0669 3512	scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
16:57:48.0669 3512	scfilter - ok
16:57:48.0732 3512	Schedule        (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
16:57:48.0748 3512	Schedule - ok
16:57:48.0779 3512	SCPolicySvc     (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
16:57:48.0779 3512	SCPolicySvc - ok
16:57:48.0810 3512	SDRSVC          (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
16:57:48.0826 3512	SDRSVC - ok
16:57:48.0841 3512	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:57:48.0841 3512	secdrv - ok
16:57:48.0873 3512	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
16:57:48.0873 3512	seclogon - ok
16:57:48.0904 3512	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
16:57:48.0904 3512	SENS - ok
16:57:48.0951 3512	SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
16:57:48.0951 3512	SensrSvc - ok
16:57:48.0982 3512	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
16:57:48.0982 3512	Serenum - ok
16:57:49.0013 3512	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
16:57:49.0013 3512	Serial - ok
16:57:49.0044 3512	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
16:57:49.0060 3512	sermouse - ok
16:57:49.0091 3512	SessionEnv      (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
16:57:49.0107 3512	SessionEnv - ok
16:57:49.0138 3512	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
16:57:49.0138 3512	sffdisk - ok
16:57:49.0169 3512	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:57:49.0169 3512	sffp_mmc - ok
16:57:49.0185 3512	sffp_sd         (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:57:49.0185 3512	sffp_sd - ok
16:57:49.0201 3512	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
16:57:49.0201 3512	sfloppy - ok
16:57:49.0279 3512	SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
16:57:49.0294 3512	SharedAccess - ok
16:57:49.0341 3512	ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
16:57:49.0341 3512	ShellHWDetection - ok
16:57:49.0388 3512	Si3114r5        (b8fb3ea0cf0aaca6b55e6ab8e1a9a918) C:\Windows\system32\DRIVERS\Si3114r5.sys
16:57:49.0388 3512	Si3114r5 - ok
16:57:49.0419 3512	SiFilter        (cfdc1eb1e921311789c0080612fbfe01) C:\Windows\system32\DRIVERS\SiWinAcc.sys
16:57:49.0419 3512	SiFilter - ok
16:57:49.0435 3512	SiRemFil        (a54a0d7892c01ff6e4bf47543930505f) C:\Windows\system32\DRIVERS\SiRemFil.sys
16:57:49.0435 3512	SiRemFil - ok
16:57:49.0451 3512	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
16:57:49.0466 3512	sisagp - ok
16:57:49.0482 3512	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:57:49.0482 3512	SiSRaid2 - ok
16:57:49.0513 3512	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
16:57:49.0513 3512	SiSRaid4 - ok
16:57:49.0560 3512	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
16:57:49.0560 3512	Smb - ok
16:57:49.0623 3512	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
16:57:49.0623 3512	SNMPTRAP - ok
16:57:49.0654 3512	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
16:57:49.0654 3512	spldr - ok
16:57:49.0701 3512	Spooler         (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
16:57:49.0701 3512	Spooler - ok
16:57:49.0873 3512	sppsvc          (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
16:57:49.0904 3512	sppsvc - ok
16:57:50.0013 3512	sppuinotify     (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
16:57:50.0013 3512	sppuinotify - ok
16:57:50.0123 3512	sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
16:57:50.0154 3512	sptd - ok
16:57:50.0232 3512	srv             (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
16:57:50.0232 3512	srv - ok
16:57:50.0279 3512	srv2            (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
16:57:50.0279 3512	srv2 - ok
16:57:50.0310 3512	srvnet          (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
16:57:50.0326 3512	srvnet - ok
16:57:50.0357 3512	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
16:57:50.0357 3512	SSDPSRV - ok
16:57:50.0373 3512	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
16:57:50.0388 3512	SstpSvc - ok
16:57:50.0435 3512	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
16:57:50.0435 3512	stexstor - ok
16:57:50.0482 3512	StiSvc          (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
16:57:50.0482 3512	StiSvc - ok
16:57:50.0513 3512	storflt         (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
16:57:50.0513 3512	storflt - ok
16:57:50.0560 3512	StorSvc         (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
16:57:50.0560 3512	StorSvc - ok
16:57:50.0591 3512	storvsc         (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
16:57:50.0591 3512	storvsc - ok
16:57:50.0623 3512	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
16:57:50.0623 3512	swenum - ok
16:57:50.0669 3512	swprv           (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
16:57:50.0669 3512	swprv - ok
16:57:50.0748 3512	SysMain         (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
16:57:50.0810 3512	SysMain - ok
16:57:50.0826 3512	TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
16:57:50.0841 3512	TabletInputService - ok
16:57:50.0873 3512	TapiSrv         (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
16:57:50.0873 3512	TapiSrv - ok
16:57:50.0904 3512	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
16:57:50.0904 3512	TBS - ok
16:57:51.0029 3512	Tcpip           (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
16:57:51.0029 3512	Tcpip - ok
16:57:51.0076 3512	TCPIP6          (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
16:57:51.0076 3512	TCPIP6 - ok
16:57:51.0107 3512	tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
16:57:51.0107 3512	tcpipreg - ok
16:57:51.0138 3512	TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
16:57:51.0138 3512	TDPIPE - ok
16:57:51.0154 3512	TDTCP           (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
16:57:51.0154 3512	TDTCP - ok
16:57:51.0185 3512	tdx             (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
16:57:51.0201 3512	tdx - ok
16:57:51.0216 3512	TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
16:57:51.0216 3512	TermDD - ok
16:57:51.0263 3512	TermService     (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
16:57:51.0279 3512	TermService - ok
16:57:51.0310 3512	Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
16:57:51.0310 3512	Themes - ok
16:57:51.0341 3512	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
16:57:51.0341 3512	THREADORDER - ok
16:57:51.0373 3512	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
16:57:51.0388 3512	TrkWks - ok
16:57:51.0451 3512	TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
16:57:51.0451 3512	TrustedInstaller - ok
16:57:51.0482 3512	tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:57:51.0482 3512	tssecsrv - ok
16:57:51.0529 3512	tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
16:57:51.0529 3512	tunnel - ok
16:57:51.0560 3512	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
16:57:51.0560 3512	uagp35 - ok
16:57:51.0591 3512	udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
16:57:51.0607 3512	udfs - ok
16:57:51.0638 3512	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
16:57:51.0654 3512	UI0Detect - ok
16:57:51.0685 3512	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
16:57:51.0685 3512	uliagpkx - ok
16:57:51.0716 3512	umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
16:57:51.0716 3512	umbus - ok
16:57:51.0748 3512	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
16:57:51.0748 3512	UmPass - ok
16:57:51.0779 3512	UmRdpService    (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
16:57:51.0794 3512	UmRdpService - ok
16:57:51.0826 3512	upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
16:57:51.0841 3512	upnphost - ok
16:57:51.0904 3512	usbaudio        (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
16:57:51.0904 3512	usbaudio - ok
16:57:51.0935 3512	usbccgp         (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
16:57:51.0951 3512	usbccgp - ok
16:57:51.0966 3512	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
16:57:51.0966 3512	usbcir - ok
16:57:52.0013 3512	usbehci         (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
16:57:52.0013 3512	usbehci - ok
16:57:52.0060 3512	usbhub          (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
16:57:52.0076 3512	usbhub - ok
16:57:52.0107 3512	usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
16:57:52.0107 3512	usbohci - ok
16:57:52.0123 3512	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
16:57:52.0123 3512	usbprint - ok
16:57:52.0169 3512	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
16:57:52.0169 3512	usbscan - ok
16:57:52.0201 3512	USBSTOR         (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:57:52.0201 3512	USBSTOR - ok
16:57:52.0248 3512	usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
16:57:52.0248 3512	usbuhci - ok
16:57:52.0279 3512	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
16:57:52.0279 3512	UxSms - ok
16:57:52.0310 3512	VaultSvc        (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
16:57:52.0310 3512	VaultSvc - ok
16:57:52.0341 3512	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
16:57:52.0341 3512	vdrvroot - ok
16:57:52.0388 3512	vds             (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
16:57:52.0419 3512	vds - ok
16:57:52.0451 3512	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
16:57:52.0451 3512	vga - ok
16:57:52.0466 3512	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
16:57:52.0466 3512	VgaSave - ok
16:57:52.0498 3512	vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
16:57:52.0498 3512	vhdmp - ok
16:57:52.0529 3512	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
16:57:52.0529 3512	viaagp - ok
16:57:52.0560 3512	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
16:57:52.0560 3512	ViaC7 - ok
16:57:52.0576 3512	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
16:57:52.0576 3512	viaide - ok
16:57:52.0623 3512	vmbus           (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
16:57:52.0638 3512	vmbus - ok
16:57:52.0654 3512	VMBusHID        (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
16:57:52.0654 3512	VMBusHID - ok
16:57:52.0685 3512	volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
16:57:52.0685 3512	volmgr - ok
16:57:52.0716 3512	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
16:57:52.0716 3512	volmgrx - ok
16:57:52.0763 3512	volsnap         (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
16:57:52.0763 3512	volsnap - ok
16:57:52.0810 3512	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
16:57:52.0810 3512	vsmraid - ok
16:57:52.0904 3512	VSS             (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
16:57:52.0919 3512	VSS - ok
16:57:52.0935 3512	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
16:57:52.0935 3512	vwifibus - ok
16:57:52.0982 3512	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
16:57:52.0998 3512	W32Time - ok
16:57:53.0029 3512	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
16:57:53.0029 3512	WacomPen - ok
16:57:53.0076 3512	WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
16:57:53.0076 3512	WANARP - ok
16:57:53.0091 3512	Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
16:57:53.0091 3512	Wanarpv6 - ok
16:57:53.0169 3512	wbengine        (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
16:57:53.0216 3512	wbengine - ok
16:57:53.0248 3512	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
16:57:53.0263 3512	WbioSrvc - ok
16:57:53.0310 3512	wcncsvc         (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
16:57:53.0326 3512	wcncsvc - ok
16:57:53.0341 3512	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
16:57:53.0357 3512	WcsPlugInService - ok
16:57:53.0388 3512	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
16:57:53.0388 3512	Wd - ok
16:57:53.0435 3512	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
16:57:53.0435 3512	Wdf01000 - ok
16:57:53.0466 3512	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
16:57:53.0466 3512	WdiServiceHost - ok
16:57:53.0482 3512	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
16:57:53.0482 3512	WdiSystemHost - ok
16:57:53.0529 3512	WebClient       (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
16:57:53.0544 3512	WebClient - ok
16:57:53.0576 3512	Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
16:57:53.0591 3512	Wecsvc - ok
16:57:53.0607 3512	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
16:57:53.0607 3512	wercplsupport - ok
16:57:53.0638 3512	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
16:57:53.0638 3512	WerSvc - ok
16:57:53.0685 3512	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
16:57:53.0685 3512	WfpLwf - ok
16:57:53.0701 3512	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
16:57:53.0701 3512	WIMMount - ok
16:57:53.0810 3512	WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
16:57:53.0857 3512	WinDefend - ok
16:57:53.0888 3512	WinHttpAutoProxySvc - ok
16:57:53.0951 3512	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
16:57:53.0998 3512	Winmgmt - ok
16:57:54.0107 3512	WinRM           (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
16:57:54.0185 3512	WinRM - ok
16:57:54.0279 3512	WinUsb          (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
16:57:54.0279 3512	WinUsb - ok
16:57:54.0341 3512	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
16:57:54.0388 3512	Wlansvc - ok
16:57:54.0419 3512	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:57:54.0419 3512	WmiAcpi - ok
16:57:54.0482 3512	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
16:57:54.0482 3512	wmiApSrv - ok
16:57:54.0591 3512	WMPNetworkSvc   (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
16:57:54.0591 3512	WMPNetworkSvc - ok
16:57:54.0623 3512	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
16:57:54.0623 3512	WPCSvc - ok
16:57:54.0654 3512	WPDBusEnum      (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
16:57:54.0669 3512	WPDBusEnum - ok
16:57:54.0701 3512	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
16:57:54.0701 3512	ws2ifsl - ok
16:57:54.0748 3512	wscsvc          (a661a76333057b383a06e65f0073222f) C:\Windows\system32\wscsvc.dll
16:57:54.0763 3512	wscsvc - ok
16:57:54.0763 3512	WSearch - ok
16:57:54.0873 3512	wuauserv        (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
16:57:54.0904 3512	wuauserv - ok
16:57:55.0013 3512	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
16:57:55.0013 3512	WudfPf - ok
16:57:55.0044 3512	WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:57:55.0060 3512	WUDFRd - ok
16:57:55.0076 3512	wudfsvc         (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
16:57:55.0076 3512	wudfsvc - ok
16:57:55.0107 3512	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
16:57:55.0123 3512	WwanSvc - ok
16:57:55.0138 3512	MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
16:57:55.0201 3512	\Device\Harddisk1\DR1 - ok
16:57:55.0201 3512	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:57:55.0482 3512	\Device\Harddisk0\DR0 - ok
16:57:55.0498 3512	Boot (0x1200)   (176cc3fa8d672489d176ab421bff34a9) \Device\Harddisk1\DR1\Partition0
16:57:55.0498 3512	\Device\Harddisk1\DR1\Partition0 - ok
16:57:55.0513 3512	Boot (0x1200)   (fe87461c06f03388254a5cf9963614c8) \Device\Harddisk0\DR0\Partition0
16:57:55.0513 3512	\Device\Harddisk0\DR0\Partition0 - ok
16:57:55.0529 3512	Boot (0x1200)   (eea4ca2223757e8a0f1afe5e97535b80) \Device\Harddisk0\DR0\Partition1
16:57:55.0529 3512	\Device\Harddisk0\DR0\Partition1 - ok
16:57:55.0560 3512	Boot (0x1200)   (04eb9e03354e8efdc48e3fdb4e3c5f47) \Device\Harddisk0\DR0\Partition2
16:57:55.0560 3512	\Device\Harddisk0\DR0\Partition2 - ok
16:57:55.0560 3512	============================================================
16:57:55.0560 3512	Scan finished
16:57:55.0560 3512	============================================================
16:57:55.0576 1448	Detected object count: 0
16:57:55.0576 1448	Actual detected object count: 0

Psychotic · 15.06.2012, 06:27

Sieht ganz gut aus - kontrollieren wir alles nochmal!

Schritt 1: MBAM vollständig

Downloade Dir bitte Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen. (Hinweis: Alle Festplatten anhaken!)
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 2: ESET

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Armin_M · 15.06.2012, 12:49

MBAM-log:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.15.02

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
*** :: ***-PC [Administrator]

Schutz: Aktiviert

15.06.2012 07:36:58
mbam-log-2012-06-15 (07-36-58).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 478500
Laufzeit: 2 Stunde(n), 42 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

und das eset-log:

Code:

ATTFilter

C:\Users\***\Pictures\Rea\registrybooster.exe	Win32/RegistryBooster application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CDCSLBWU\e8f01c0008e60d70fa3c5b351662ad54[1].htm	HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DB5XG0PO\d78b3ebc8bdf79d714bdd18e09bd0542[1].htm	HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIOSJ6E7\setup_codec_3d[1].exe	a variant of Win32/Adware.ToolPlugin.A application

Psychotic · 18.06.2012, 07:41

Dann sind wir duch!

Schritt 1: Java update

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

Downloade dir bitte die neueste Java-Version von hier
Speichere die jxpiinstall.exe
Schließe alle laufenden Programme. Speziell deinen Browser.
Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 4 ) herunter laden.
Wenn die installation beendet wurde
Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
Klicke auf Dateien löschen....
Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
Klicke erneut OK.

Schritt 2: Adobe Flash Player update

Dein Flash-Player ist veraltet. Da gerade diese Software gerne von Schädlingen als Sprungbrett ins System genutzt wird, muss sie immer aktuell gehalten werden.
Um den Flash Player zu aktualisieren, gehe bitte wie folgt vor:

Lade dir den aktuellen Adobe Flash Player von hier herunter. Wichtig: Entferne den Haken für optionale Software (z.B. Google Chrome), der auf der Seite angezeigt wird, bevor du auf "Jetzt herunterladen" klickst.
Starte das Setup und folge den Anweisungen auf dem Bildschirm.
Melde dich umgehend, falls Schwierigkeiten auftreten.

Schritt 3: VLC-Player update

Dein VLC-Player ist veraltet. Um ihn zu aktualisieren, gehe bitte wie folgt vor:

Lade dir den aktuellen Player von hier herunter.
Starte das Setup und folge den Anweisungen auf dem Bildschrim. Setup wird die alte Version des Players erkennen und dich fragen, ob vor der Installation die alte Version entfernt werden soll. Bestätige dies mit Ja.
Nachdem die alte Version des Programms entfernt wurde, startet die Neuinstallation. Belasse alles bei den vorgegebenen Werten - es sei denn, du willst daran etwas ändern (z.B. die Dateizuordnung o.ä.).
Melde dich umgehend, falls Schwierigkeiten auftreten.

Defogger re-enable

Starte bitte den Defogger und klicke den re-enable Button

ComboFix

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.

Code:

ATTFilter

Combofix /Uninstall

Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.

OTL

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Aktualität

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Antviren-Software

Gehe sicher immer eine Antiviren-Software installiert zu haben und dass diese auch up to date ist. Auch der beste Virenscanner ist sinnlos, wenn er nicht aktuell ist!
Eine Auswahl kostenloser Antivirenprogramme:

AVG Free Anti-Virus
Avast! Free Anti-Virus
Microsoft Security Essentials
Hinweis:MSE wird auch durch Windows Updates angeboten, falls kein Virenscanner am System erkannt wird

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner, um diesen zu AdBlockPlus hinzuzufügen, reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Sei mißtrauisch in sozialen Netzwerken (z.B. MeinVZ, Facebook, etc) - auch, wenn Nachrichten/Einträge scheinbar von einem deiner Freunde stammen, bedeutet das noch lange nicht, dass sie unschädlich sind (Malware kann seinen Rechner verseucht haben).
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.

Armin_M · 18.06.2012, 15:02

Sieht soweit alles sehr gut aus. Bin noch dabei alle Updates nachzuziehen.
Beim SP1 wollte er sich ein bisschen weigern, aber Microsoft hatte eine Abhilfe zu dem Thema parat.
Kann man eigentlich den Windows Defender mit Malwarebytes zusammen betreiben? Oder ist das genauso schädlich wie zwei Virenprogramme nebeneinander?
Ich möchte mich nochmal, auch ganz besonders im Namen der Besitzerin des Rechners, für die tatkräftige Hilfe bedanken.

Sobald ich alles upgedated habe, melde ich mich hier nochmal, damit der Thread geschlossen werden kann.

Psychotic · 18.06.2012, 15:23

Zitat:

Kann man eigentlich den Windows Defender mit Malwarebytes zusammen betreiben? Oder ist das genauso schädlich wie zwei Virenprogramme nebeneinander?

Das kannst du ohne bedenken tun, da es sich bei beiden Tools nur um solche handelt, die ohne Aktion des Benutzers nichts unternehmen - sie kommen sich also nicht ins Gehege!

Armin_M · 18.06.2012, 23:05

Hab ich mich wohl zu früh gefreut.
Seit dem Absetzen des Befehls Combofix /uninstall habe ich wieder keinen DHCP-Clientdienst mehr.
Hab bleich nochmal die Anfangsprozedur wiederholt:

OTL.txt

Code:

ATTFilter

OTL logfile created on: 18.06.2012 21:58:34 - Run 1
OTL by OldTimer - Version 3.2.49.0     Folder = C:\Users\Lore Seiler\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 67,11% Memory free
4,00 Gb Paging File | 3,36 Gb Available in Paging File | 83,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,44 Gb Total Space | 10,60 Gb Free Space | 14,24% Space Free | Partition Type: NTFS
Drive D: | 824,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 74,51 Gb Total Space | 73,74 Gb Free Space | 98,96% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 649,63 Gb Free Space | 69,74% Space Free | Partition Type: NTFS
 
Computer Name: LORESEILER-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.18 21:53:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.24 03:22:32 | 000,139,944 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\ezprint.exe
PRC - [2011.01.24 03:22:29 | 000,770,728 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\dleamon.exe
PRC - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.08.19 10:32:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2009.08.19 10:32:20 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2009.07.01 13:13:32 | 000,602,792 | ---- | M] ( ) -- C:\Windows\System32\dleacoms.exe
PRC - [2009.04.14 07:43:42 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE
PRC - [2007.01.12 11:57:28 | 000,292,336 | ---- | M] () -- C:\Programme\Dell Photo AIO Printer 926\dlcxmon.exe
PRC - [2006.11.03 17:04:56 | 000,304,008 | ---- | M] () -- C:\Programme\Dell Photo AIO Printer 926\memcard.exe
PRC - [2006.10.11 16:48:50 | 000,532,480 | ---- | M] ( ) -- C:\Windows\System32\dlcxcoms.exe
PRC - [2006.08.18 15:32:00 | 000,294,912 | ---- | M] (FUJIFILM Corporation.) -- C:\Programme\FinePixViewer\QuickDCF2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.01.24 03:22:32 | 000,139,944 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\ezprint.exe
MOD - [2011.01.24 03:22:29 | 000,770,728 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\dleamon.exe
MOD - [2010.08.10 00:01:06 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010.04.01 19:24:28 | 001,159,168 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\dleadrs.dll
MOD - [2010.04.01 19:23:27 | 000,389,120 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\dleascw.dll
MOD - [2009.11.26 10:49:41 | 000,086,180 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\DLEAcfg.dll
MOD - [2009.08.18 15:54:22 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.06.23 13:13:33 | 000,221,184 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\epoemdll.dll
MOD - [2009.06.23 13:13:02 | 000,045,056 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\epstring.dll
MOD - [2009.06.23 13:11:53 | 002,203,648 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\epwizres.dll
MOD - [2009.06.22 15:08:27 | 000,708,608 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\epwizard.dll
MOD - [2009.06.22 15:06:32 | 000,159,744 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\customui.dll
MOD - [2009.06.22 15:06:09 | 000,061,440 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\epfunct.dll
MOD - [2009.06.22 15:06:03 | 000,114,688 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\eputil.dll
MOD - [2009.06.22 15:05:49 | 000,139,264 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\imagutil.dll
MOD - [2009.05.27 12:16:52 | 000,192,512 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dleadatr.dll
MOD - [2009.04.28 09:57:02 | 000,032,768 | ---- | M] () -- C:\Windows\System32\DLEAsmr.dll
MOD - [2009.04.07 21:25:27 | 000,409,600 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\iptk.dll
MOD - [2009.03.10 07:43:49 | 000,155,648 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\dleacaps.dll
MOD - [2009.03.05 19:55:33 | 000,059,904 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\dleacnv4.dll
MOD - [2009.03.02 16:25:47 | 000,151,552 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\dleaptp.dll
MOD - [2009.02.20 10:49:37 | 000,299,008 | ---- | M] () -- C:\Windows\System32\DLEAsm.dll
MOD - [2007.01.12 11:57:28 | 000,292,336 | ---- | M] () -- C:\Programme\Dell Photo AIO Printer 926\dlcxmon.exe
MOD - [2006.11.03 17:04:56 | 000,304,008 | ---- | M] () -- C:\Programme\Dell Photo AIO Printer 926\memcard.exe
MOD - [2006.09.06 05:13:14 | 000,073,728 | ---- | M] () -- C:\Programme\Dell Photo AIO Printer 926\DLCXcfg.dll
MOD - [2006.08.10 09:15:10 | 000,139,264 | ---- | M] () -- C:\Programme\Dell Photo AIO Printer 926\memcard.dll
MOD - [2006.08.08 14:54:18 | 000,278,528 | ---- | M] () -- C:\Programme\Dell Photo AIO Printer 926\dlcxscw.dll
MOD - [2006.02.22 12:44:00 | 000,061,440 | ---- | M] () -- C:\Programme\FinePixViewer\wia_register_event.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (Messenger)
SRV - [2012.06.14 07:18:06 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.24 09:04:20 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.05.24 11:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.04.26 14:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.01 13:13:32 | 000,602,792 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dleacoms.exe -- (dlea_device)
SRV - [2006.10.11 16:48:50 | 000,532,480 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlcxcoms.exe -- (dlcx_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (.tdx)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (.csc)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.08.08 20:13:10 | 000,117,584 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV - [2010.11.20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.08.09 17:01:40 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.14 00:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.06.18 19:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008.04.29 17:40:56 | 000,210,472 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Si3114r5.sys -- (Si3114r5)
DRV - [2008.04.29 17:40:56 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2008.04.29 17:40:56 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 90 9A 56 C0 35 CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 11:01:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.18 12:00:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.18 11:01:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.08.14 11:41:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.08.14 11:41:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.03 15:47:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4329hxqe.default\extensions
[2011.12.01 20:08:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.05.24 09:04:20 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.27 02:49:39 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.27 02:49:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.27 02:49:39 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.27 02:49:39 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.27 02:49:39 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.27 02:49:39 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.06.13 12:09:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Dell Symbolleiste) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Programme\Dell Printable Web\toolband.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Dell Symbolleiste) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Programme\Dell Printable Web\toolband.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Dell Symbolleiste) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - C:\Programme\Dell Printable Web\toolband.dll ()
O4 - HKLM..\Run: [Dell V310-V510 Series Fax Server] C:\Program Files\Dell V310-V510 Series\fm3032.exe ()
O4 - HKLM..\Run: [DLCXCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [dlcxmon.exe] C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4 - HKLM..\Run: [dleamon.exe] C:\Program Files\Dell V310-V510 Series\dleamon.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Dell V310-V510 Series\ezprint.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_MX\Trayserver_DE.exe (MAGIX AG)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E7D8419-DFD9-44BD-97C8-80FCEEB1D5BB}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E7D8419-DFD9-44BD-97C8-80FCEEB1D5BB}: NameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.12.05 13:15:06 | 000,000,039 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.18 21:53:44 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.06.18 18:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.06.18 16:11:55 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2012.06.18 16:11:55 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2012.06.18 16:11:55 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2012.06.18 16:11:54 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2012.06.18 16:11:54 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2012.06.18 16:11:17 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.06.18 16:11:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.06.18 16:11:12 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.06.18 16:11:12 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.06.18 16:11:11 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.06.18 16:11:00 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.06.18 16:11:00 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.06.18 16:10:57 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2012.06.18 16:10:57 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2012.06.18 16:10:56 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2012.06.18 16:10:55 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2012.06.18 16:10:55 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2012.06.18 16:10:54 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2012.06.18 16:10:51 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.06.18 16:10:51 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.06.18 16:10:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.06.18 16:10:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.06.18 16:10:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.06.18 16:10:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.06.18 16:10:50 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.06.18 16:10:50 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.06.18 16:10:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.06.18 16:10:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.06.18 16:10:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.06.18 16:10:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.06.18 16:10:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.06.18 16:10:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.06.18 16:10:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.06.18 16:10:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.06.18 16:10:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.06.18 16:10:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.06.18 16:10:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.06.18 16:10:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.06.18 16:10:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.06.18 16:10:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.06.18 16:10:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.06.18 16:10:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.06.18 16:10:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.06.18 16:10:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.06.18 16:10:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.06.18 16:10:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.06.18 16:10:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.06.18 16:10:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.06.18 16:10:22 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012.06.18 16:10:21 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012.06.18 16:10:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.06.18 16:09:55 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2012.06.18 16:09:55 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2012.06.18 16:09:39 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012.06.18 16:09:38 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012.06.18 16:09:36 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012.06.18 16:09:33 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012.06.18 16:09:32 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012.06.18 16:09:30 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.06.18 16:09:25 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.06.18 16:09:23 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012.06.18 16:09:17 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.06.18 16:09:16 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012.06.18 16:09:13 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012.06.18 16:09:12 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.06.18 16:09:12 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.06.18 16:09:07 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2012.06.18 13:46:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012.06.18 13:00:18 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
[2012.06.18 13:00:18 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprddm.dll
[2012.06.18 13:00:18 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2012.06.18 13:00:18 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe
[2012.06.18 13:00:18 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.06.18 13:00:18 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsmproxy.dll
[2012.06.18 13:00:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINBEN.DLL
[2012.06.18 13:00:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDUS.DLL
[2012.06.18 13:00:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBULG.DLL
[2012.06.18 13:00:17 | 000,941,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2012.06.18 13:00:17 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2012.06.18 13:00:17 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2012.06.18 13:00:17 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
[2012.06.18 13:00:17 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapistub.dll
[2012.06.18 13:00:17 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapi32.dll
[2012.06.18 13:00:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDPO.DLL
[2012.06.18 13:00:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINTEL.DLL
[2012.06.18 13:00:16 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2012.06.18 13:00:16 | 000,240,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012.06.18 13:00:16 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mystify.scr
[2012.06.18 13:00:16 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2012.06.18 13:00:16 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2012.06.18 13:00:16 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2012.06.18 13:00:16 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2012.06.18 13:00:14 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
[2012.06.18 13:00:14 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlsbres.dll
[2012.06.18 13:00:13 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSAC3ENC.DLL
[2012.06.18 13:00:13 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2012.06.18 13:00:12 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.06.18 13:00:11 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2012.06.18 13:00:11 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.06.18 13:00:10 | 002,217,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootres.dll
[2012.06.18 13:00:10 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\biocpl.dll
[2012.06.18 13:00:10 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2012.06.18 13:00:10 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\C_ISCII.DLL
[2012.06.18 13:00:09 | 001,040,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Display.dll
[2012.06.18 13:00:09 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2012.06.18 13:00:08 | 001,828,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2012.06.18 13:00:08 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012.06.18 13:00:08 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\defaultlocationcpl.dll
[2012.06.18 13:00:08 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldp.dll
[2012.06.18 13:00:07 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWSnapin.dll
[2012.06.18 13:00:07 | 000,144,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2012.06.18 13:00:07 | 000,132,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2012.06.18 13:00:07 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2012.06.18 13:00:07 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\acppage.dll
[2012.06.18 13:00:06 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2012.06.18 13:00:06 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.06.18 13:00:06 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.06.18 13:00:06 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2012.06.18 13:00:05 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.06.18 13:00:05 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halmacpi.dll
[2012.06.18 13:00:05 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hal.dll
[2012.06.18 13:00:05 | 000,137,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halacpi.dll
[2012.06.18 13:00:04 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2012.06.18 13:00:03 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2012.06.18 13:00:03 | 000,508,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2012.06.18 13:00:03 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2012.06.18 13:00:03 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2012.06.18 13:00:03 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsauth.dll
[2012.06.18 13:00:02 | 000,271,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fveapi.dll
[2012.06.18 13:00:02 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2012.06.18 13:00:02 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSMON.dll
[2012.06.18 13:00:01 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedynos.dll
[2012.06.18 13:00:01 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedyn.dll
[2012.06.18 13:00:00 | 002,157,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2012.06.18 13:00:00 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2012.06.18 13:00:00 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2012.06.18 13:00:00 | 000,051,200 | ---- | C] (Twain Working Group) -- C:\Windows\twain_32.dll
[2012.06.18 12:59:58 | 000,974,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppobjs.dll
[2012.06.18 12:59:58 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizeng.dll
[2012.06.18 12:59:58 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppnp.dll
[2012.06.18 12:59:58 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll
[2012.06.18 12:59:58 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spbcd.dll
[2012.06.18 12:59:56 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2012.06.18 12:59:56 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2012.06.18 12:59:56 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srrstr.dll
[2012.06.18 12:59:56 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2012.06.18 12:59:56 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sscore.dll
[2012.06.18 12:59:56 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizres.dll
[2012.06.18 12:59:55 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiadefui.dll
[2012.06.18 12:59:55 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2012.06.18 12:59:55 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wimgapi.dll
[2012.06.18 12:59:55 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2012.06.18 12:59:54 | 000,577,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2012.06.18 12:59:54 | 000,444,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc.dll
[2012.06.18 12:59:54 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wimserv.exe
[2012.06.18 12:59:54 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
[2012.06.18 12:59:54 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.18 12:59:54 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpps.dll
[2012.06.18 12:59:54 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2012.06.18 12:59:54 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.18 12:59:53 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VAN.dll
[2012.06.18 12:59:53 | 000,350,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2012.06.18 12:59:53 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattend.dll
[2012.06.18 12:59:53 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uxlib.dll
[2012.06.18 12:59:53 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2012.06.18 12:59:53 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2012.06.18 12:59:53 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\utildll.dll
[2012.06.18 12:59:52 | 001,227,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2012.06.18 12:59:52 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Vault.dll
[2012.06.18 12:59:52 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2012.06.18 12:59:52 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WavDest.dll
[2012.06.18 12:59:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vms3cap.sys
[2012.06.18 12:59:51 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
[2012.06.18 12:59:51 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSHVHOST.DLL
[2012.06.18 12:59:51 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPENCDD.dll
[2012.06.18 12:59:51 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSVRMGMT.DLL
[2012.06.18 12:59:50 | 001,115,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2012.06.18 12:59:50 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2012.06.18 12:59:50 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgent.dll
[2012.06.18 12:59:50 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recovery.dll
[2012.06.18 12:59:50 | 000,098,816 | ---- | C] (Microsoft) -- C:\Windows\System32\Robocopy.exe
[2012.06.18 12:59:50 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QCLIPROV.DLL
[2012.06.18 12:59:50 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pifmgr.dll
[2012.06.18 12:59:49 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onexui.dll
[2012.06.18 12:59:48 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL
[2012.06.18 12:59:48 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2012.06.18 12:59:48 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
[2012.06.18 12:59:48 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdhui.dll
[2012.06.18 12:59:48 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\proquota.exe
[2012.06.18 12:59:48 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfts.dll
[2012.06.18 12:59:47 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnfldr.dll
[2012.06.18 12:59:47 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationProxy.dll
[2012.06.18 12:59:46 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2012.06.18 12:59:46 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2012.06.18 12:59:46 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcl.exe
[2012.06.18 12:59:45 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2012.06.18 12:59:44 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2012.06.18 12:59:44 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2012.06.18 12:59:44 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFPlay.dll
[2012.06.18 12:59:42 | 002,151,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2012.06.18 12:59:42 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtrmgr.dll
[2012.06.18 12:59:42 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2012.06.18 12:59:42 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\itircl.dll
[2012.06.18 12:59:42 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kstvtune.ax
[2012.06.18 12:59:42 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksxbar.ax
[2012.06.18 12:59:42 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTUQ.DLL
[2012.06.18 12:59:42 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTUF.DLL
[2012.06.18 12:59:41 | 000,520,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2012.06.18 12:59:41 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDNEPR.DLL
[2012.06.18 12:59:41 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBLR.DLL
[2012.06.18 12:59:41 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBASH.DLL
[2012.06.18 12:59:40 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localsec.dll
[2012.06.18 12:59:40 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2012.06.18 12:59:40 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2012.06.18 12:59:40 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2012.06.18 12:59:40 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciqtz32.dll
[2012.06.18 12:59:40 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoff.exe
[2012.06.18 12:59:38 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2012.06.18 12:59:37 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2012.06.18 12:59:37 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012.06.18 12:59:37 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe
[2012.06.18 12:59:37 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\muifontsetup.dll
[2012.06.18 12:59:36 | 001,066,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2012.06.18 12:59:36 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2012.06.18 12:59:36 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msg.exe
[2012.06.18 12:59:35 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Narrator.exe
[2012.06.18 12:59:35 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshipsec.dll
[2012.06.18 12:59:35 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2012.06.18 12:59:35 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netid.dll
[2012.06.18 12:59:35 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPHLPR.DLL
[2012.06.18 12:59:35 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2012.06.18 12:59:34 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2012.06.18 12:59:34 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe
[2012.06.18 12:59:34 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgusr.exe
[2012.06.18 12:59:33 | 001,171,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.06.18 12:59:33 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2012.06.18 12:59:32 | 000,665,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2012.06.18 12:59:32 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
[2012.06.18 12:59:32 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe
[2012.06.18 12:59:32 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdboot.exe
[2012.06.18 12:59:32 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdsrv.dll
[2012.06.18 12:59:31 | 003,727,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2012.06.18 12:59:31 | 001,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2012.06.18 12:59:31 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amstream.dll
[2012.06.18 12:59:30 | 000,878,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Bubbles.scr
[2012.06.18 12:59:30 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2012.06.18 12:59:30 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2012.06.18 12:59:30 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2012.06.18 12:59:30 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgport.exe
[2012.06.18 12:59:30 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chglogon.exe
[2012.06.18 12:59:30 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\change.exe
[2012.06.18 12:59:29 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2012.06.18 12:59:29 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprefcl.dll
[2012.06.18 12:59:27 | 001,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2012.06.18 12:59:27 | 000,732,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2012.06.18 12:59:27 | 000,187,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012.06.18 12:59:27 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fphc.dll
[2012.06.18 12:59:27 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012.06.18 12:59:26 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\intl.cpl
[2012.06.18 12:59:26 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2012.06.18 12:59:26 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.06.18 12:59:26 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2012.06.18 12:59:26 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2012.06.18 12:59:25 | 000,252,928 | ---- | C] (Microsoft) -- C:\Windows\System32\DShowRdpFilter.dll
[2012.06.18 12:59:25 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2012.06.18 12:59:25 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\efscore.dll
[2012.06.18 12:59:24 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2012.06.18 12:59:24 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3ui.dll
[2012.06.18 12:59:24 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll
[2012.06.18 12:59:20 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2012.06.18 12:59:18 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2012.06.18 12:59:18 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsmf.dll
[2012.06.18 12:59:18 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umb.dll
[2012.06.18 12:59:18 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzutil.exe
[2012.06.18 12:59:18 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tskill.exe
[2012.06.18 12:59:17 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsdiscon.exe
[2012.06.18 12:59:17 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscon.exe
[2012.06.18 12:59:17 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TRAPI.dll
[2012.06.18 12:59:16 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2012.06.18 12:59:16 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2012.06.18 12:59:16 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssText3d.scr
[2012.06.18 12:59:13 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2012.06.18 12:59:13 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2012.06.18 12:59:12 | 003,367,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2012.06.18 12:59:12 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpsrcwp.dll
[2012.06.18 12:59:11 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOD.DLL
[2012.06.18 12:59:11 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2012.06.18 12:59:11 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012.06.18 12:59:11 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2012.06.18 12:59:11 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012.06.18 12:59:10 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2012.06.18 12:59:10 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012.06.18 12:59:10 | 000,458,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2012.06.18 12:59:10 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbrpm.sys
[2012.06.18 12:59:09 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnike.dll
[2012.06.18 12:59:09 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2012.06.18 12:59:09 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2012.06.18 12:59:08 | 001,063,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\werconcpl.dll
[2012.06.18 12:59:08 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2012.06.18 12:59:08 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp.dll
[2012.06.18 12:59:08 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbisurf.ax
[2012.06.18 12:59:07 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\relog.exe
[2012.06.18 12:59:07 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reset.exe
[2012.06.18 12:59:07 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2012.06.18 12:59:07 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcfgex.dll
[2012.06.18 12:59:06 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2012.06.18 12:59:06 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
[2012.06.18 12:59:06 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prncache.dll
[2012.06.18 12:59:06 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2012.06.18 12:59:06 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012.06.18 12:59:05 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2012.06.18 12:59:05 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2012.06.18 12:59:05 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceStatus.dll
[2012.06.18 12:59:05 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2012.06.18 12:59:05 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceSyncProvider.dll
[2012.06.18 12:59:05 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercfg.cpl
[2012.06.18 12:59:04 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiobj.dll
[2012.06.18 12:59:04 | 000,283,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdv.dll
[2012.06.18 12:59:04 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qcap.dll
[2012.06.18 12:59:04 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qwinsta.exe
[2012.06.18 12:59:04 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qprocess.exe
[2012.06.18 12:59:04 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quser.exe
[2012.06.18 12:59:04 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qappsrv.exe
[2012.06.18 12:59:04 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\query.exe
[2012.06.18 12:59:03 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppwinob.dll
[2012.06.18 12:59:03 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlcese30.dll
[2012.06.18 12:59:03 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2012.06.18 12:59:03 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2012.06.18 12:59:03 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2012.06.18 12:59:03 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2012.06.18 12:59:03 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shunimpl.dll
[2012.06.18 12:59:02 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2012.06.18 12:59:02 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppc.dll
[2012.06.18 12:59:02 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppinst.dll
[2012.06.18 12:59:02 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rwinsta.exe
[2012.06.18 12:59:02 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedcli.dll
[2012.06.18 12:59:01 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcln.dll
[2012.06.18 12:59:01 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2012.06.18 12:59:00 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe
[2012.06.18 12:59:00 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shadow.exe
[2012.06.18 12:58:58 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2012.06.18 12:58:58 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoncli.dll
[2012.06.18 12:58:56 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2012.06.18 12:58:54 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifsutil.dll
[2012.06.18 12:58:53 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGR1.DLL
[2012.06.18 12:58:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDUGHR1.DLL
[2012.06.18 12:58:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTAJIK.DLL
[2012.06.18 12:58:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDMON.DLL
[2012.06.18 12:58:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDMAORI.DLL
[2012.06.18 12:58:52 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OobeFldr.dll
[2012.06.18 12:58:52 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OnLineIDCpl.dll
[2012.06.18 12:58:52 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2012.06.18 12:58:52 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetapi.dll
[2012.06.18 12:58:52 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINORI.DLL
[2012.06.18 12:58:49 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netjoin.dll
[2012.06.18 12:58:48 | 002,130,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2012.06.18 12:58:48 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qasf.dll
[2012.06.18 12:58:46 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbda.dll
[2012.06.18 12:58:46 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2012.06.18 12:58:45 | 000,155,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2012.06.18 12:58:45 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPCRYPT.DLL
[2012.06.18 12:58:45 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2012.06.18 12:58:44 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nci.dll
[2012.06.18 12:58:44 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2012.06.18 12:58:44 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2012.06.18 12:58:43 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2012.06.18 12:58:43 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MultiDigiMon.exe
[2012.06.18 12:58:42 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012.06.18 12:58:42 | 000,690,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2012.06.18 12:58:42 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BlbEvents.dll
[2012.06.18 12:58:41 | 001,188,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DiagCpl.dll
[2012.06.18 12:58:41 | 000,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
[2012.06.18 12:58:41 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingFolder.dll
[2012.06.18 12:58:40 | 002,522,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2012.06.18 12:58:40 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.06.18 12:58:39 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceCenter.dll
[2012.06.18 12:58:39 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appmgr.dll
[2012.06.18 12:58:39 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aitagent.exe
[2012.06.18 12:58:38 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionQueue.dll
[2012.06.18 12:58:38 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2012.06.18 12:58:37 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AdmTmpl.dll
[2012.06.18 12:58:37 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basesrv.dll
[2012.06.18 12:58:36 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2012.06.18 12:58:36 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2012.06.18 12:58:36 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AzSqlExt.dll
[2012.06.18 12:58:36 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsperf.dll
[2012.06.18 12:58:35 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2012.06.18 12:58:35 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2012.06.18 12:58:35 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2012.06.18 12:58:35 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fde.dll
[2012.06.18 12:58:35 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2012.06.18 12:58:33 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSTIFF.dll
[2012.06.18 12:58:33 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgprint.dll
[2012.06.18 12:58:33 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2012.06.18 12:58:32 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2012.06.18 12:58:32 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2012.06.18 12:58:32 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2012.06.18 12:58:31 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DxpTaskSync.dll
[2012.06.18 12:58:31 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpd3d.dll
[2012.06.18 12:58:31 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elsTrans.dll
[2012.06.18 12:58:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2012.06.18 12:58:30 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2012.06.18 12:58:30 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2012.06.18 12:58:30 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWorkspace.dll
[2012.06.18 12:58:30 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2012.06.18 12:58:29 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vaultsvc.dll
[2012.06.18 12:58:29 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2012.06.18 12:58:29 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2012.06.18 12:58:29 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\userinit.exe
[2012.06.18 12:58:29 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2012.06.18 12:58:27 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2012.06.18 12:58:24 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabletPC.cpl
[2012.06.18 12:58:24 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2012.06.18 12:58:24 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe
[2012.06.18 12:58:24 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tlscsp.dll
[2012.06.18 12:58:24 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2012.06.18 12:58:23 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2012.06.18 12:58:23 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys
[2012.06.18 12:58:21 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2012.06.18 12:58:21 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2012.06.18 12:58:21 | 000,035,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\winusb.sys
[2012.06.18 12:58:20 | 002,414,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.18 12:58:20 | 001,712,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2012.06.18 12:58:20 | 001,326,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2012.06.18 12:58:20 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.18 12:58:20 | 000,335,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSATAPI.dll
[2012.06.18 12:58:20 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.18 12:58:20 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.18 12:58:19 | 002,504,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2012.06.18 12:58:19 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2012.06.18 12:58:19 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdwcn.dll
[2012.06.18 12:58:19 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanconn.dll
[2012.06.18 12:58:19 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2012.06.18 12:58:19 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdiasqmmodule.dll
[2012.06.18 12:58:18 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll
[2012.06.18 12:58:18 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2012.06.18 12:58:18 | 000,040,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmstorfl.sys
[2012.06.18 12:58:17 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VmdCoinstall.dll
[2012.06.18 12:58:17 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmstorfltres.dll
[2012.06.18 12:58:17 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnikeapi.dll
[2012.06.18 12:58:15 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2012.06.18 12:58:15 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiavideo.dll
[2012.06.18 12:58:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiarpc.dll
[2012.06.18 12:58:15 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2012.06.18 12:58:09 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2012.06.18 12:58:09 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Ribbons.scr
[2012.06.18 12:58:09 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012.06.18 12:58:09 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\repair-bde.exe
[2012.06.18 12:58:09 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdprefdrvapi.dll
[2012.06.18 12:58:08 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPREFDD.dll
[2012.06.18 12:58:07 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelPost.exe
[2012.06.18 12:58:06 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2012.06.18 12:58:06 | 000,140,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys
[2012.06.18 12:58:06 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2012.06.18 12:58:06 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2012.06.18 12:58:06 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2012.06.18 12:58:06 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
[2012.06.18 12:58:05 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spopk.dll
[2012.06.18 12:58:04 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2012.06.18 12:58:04 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storvsc.sys
[2012.06.18 12:58:04 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sisbkup.dll
[2012.06.18 12:58:04 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2012.06.18 12:58:03 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\syssetup.dll
[2012.06.18 12:58:03 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2012.06.18 12:58:01 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdengin2.dll
[2012.06.18 12:58:01 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2012.06.18 12:58:00 | 001,131,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2012.06.18 12:58:00 | 000,750,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdcpl.dll
[2012.06.18 12:58:00 | 000,464,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrptadm.dll
[2012.06.18 12:58:00 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavengeui.dll
[2012.06.18 12:57:59 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgentc.exe
[2012.06.18 12:57:58 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2012.06.18 12:57:58 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PushPrinterConnections.exe
[2012.06.18 12:57:57 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2012.06.18 12:57:57 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2012.06.18 12:57:56 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2012.06.18 12:57:54 | 000,592,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2012.06.18 12:57:54 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2012.06.18 12:57:54 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdmo.dll
[2012.06.18 12:57:53 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2012.06.18 12:57:53 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2012.06.18 12:57:52 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ENC.DLL
[2012.06.18 12:57:52 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2012.06.18 12:57:52 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012.06.18 12:57:52 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2012.06.18 12:57:52 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msorcl32.dll
[2012.06.18 12:57:52 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\napdsnap.dll
[2012.06.18 12:57:50 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2012.06.18 12:57:49 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\migisol.dll
[2012.06.18 12:57:48 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2012.06.18 12:57:48 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2012.06.18 12:57:48 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olethk32.dll
[2012.06.18 12:57:47 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2012.06.18 12:57:47 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prntvpt.dll
[2012.06.18 12:57:47 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2012.06.18 12:57:47 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profprov.dll
[2012.06.18 12:57:45 | 001,644,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2012.06.18 12:57:45 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netdiagfx.dll
[2012.06.18 12:57:45 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
[2012.06.18 12:57:45 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2012.06.18 12:57:45 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe
[2012.06.18 12:57:45 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nrpsrv.dll
[2012.06.18 12:57:44 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll
[2012.06.18 12:57:44 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nltest.exe
[2012.06.18 12:57:44 | 000,175,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmbus.sys
[2012.06.18 12:57:44 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VmbusCoinstaller.dll
[2012.06.18 12:57:44 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmicres.dll
[2012.06.18 12:57:44 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmbusres.dll
[2012.06.18 12:57:44 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\VMBusHID.sys
[2012.06.18 12:57:43 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsbas.dll
[2012.06.18 12:57:43 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VBICodec.ax
[2012.06.18 12:57:43 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe
[2012.06.18 12:57:43 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vfwwdm32.dll
[2012.06.18 12:57:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmbuspipe.dll
[2012.06.18 12:57:42 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wavemsp.dll
[2012.06.18 12:57:42 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmicsvc.exe
[2012.06.18 12:57:42 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmictimeprovider.dll
[2012.06.18 12:57:41 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscfgwmi.dll
[2012.06.18 12:57:41 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UserAccountControlSettings.dll
[2012.06.18 12:57:39 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdmat.dll
[2012.06.18 12:57:38 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2012.06.18 12:57:38 | 000,766,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2012.06.18 12:57:38 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2012.06.18 12:57:38 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2012.06.18 12:57:38 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshirda.dll
[2012.06.18 12:57:37 | 001,624,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPEncEn.dll
[2012.06.18 12:57:37 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2012.06.18 12:57:37 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2012.06.18 12:57:37 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSTPager.ax
[2012.06.18 12:57:37 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.18 12:57:36 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeResults.exe
[2012.06.18 12:57:36 | 000,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\winhv.sys
[2012.06.18 12:57:35 | 000,782,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2012.06.18 12:57:35 | 000,508,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2012.06.18 12:57:35 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2012.06.18 12:57:35 | 000,257,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgrade.exe
[2012.06.18 12:57:34 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmdev.dll
[2012.06.18 12:57:34 | 000,442,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2012.06.18 12:57:34 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmnet.dll
[2012.06.18 12:57:34 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkscli.dll
[2012.06.18 12:57:33 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2012.06.18 12:57:33 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slui.exe
[2012.06.18 12:57:33 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sharemediacpl.dll
[2012.06.18 12:57:33 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2012.06.18 12:57:33 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVolSSO.dll
[2012.06.18 12:57:31 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012.06.18 12:57:31 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppcomapi.dll
[2012.06.18 12:57:31 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqmapi.dll
[2012.06.18 12:57:29 | 002,202,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SensorsCpl.dll
[2012.06.18 12:57:29 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2012.06.18 12:57:29 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2012.06.18 12:57:28 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe
[2012.06.18 12:57:27 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termmgr.dll
[2012.06.18 12:57:26 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2012.06.18 12:57:26 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskbarcpl.dll
[2012.06.18 12:57:25 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2012.06.18 12:57:21 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgcpl.dll
[2012.06.18 12:57:21 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.06.18 12:57:21 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IcCoinstall.dll
[2012.06.18 12:57:21 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2012.06.18 12:57:21 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2012.06.18 12:57:21 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HotStartUserAgent.dll
[2012.06.18 12:57:20 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.06.18 12:57:19 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.dll
[2012.06.18 12:57:19 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2012.06.18 12:57:19 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2012.06.18 12:57:19 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2012.06.18 12:57:18 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\g711codc.ax
[2012.06.18 12:57:17 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2012.06.18 12:57:17 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksproxy.ax
[2012.06.18 12:57:17 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2012.06.18 12:57:16 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2012.06.18 12:57:16 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\luainstall.dll
[2012.06.18 12:57:16 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbdlk41a.dll
[2012.06.18 12:57:16 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDSF.DLL
[2012.06.18 12:57:16 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTURME.DLL
[2012.06.18 12:57:16 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDLT1.DLL
[2012.06.18 12:57:15 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfds.dll
[2012.06.18 12:57:15 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDSG.DLL
[2012.06.18 12:57:14 | 003,207,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2012.06.18 12:57:14 | 000,516,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\main.cpl
[2012.06.18 12:57:14 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\manage-bde.exe
[2012.06.18 12:57:13 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2012.06.18 12:57:13 | 000,312,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MCEWMDRMNDBootstrap.dll
[2012.06.18 12:57:13 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsicli.exe
[2012.06.18 12:57:13 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012.06.18 12:57:13 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetmib1.dll
[2012.06.18 12:57:12 | 001,466,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.06.18 12:57:12 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2012.06.18 12:57:12 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGKL.DLL
[2012.06.18 12:57:12 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINHIN.DLL
[2012.06.18 12:57:11 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iTVData.dll
[2012.06.18 12:57:11 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\isoburn.exe
[2012.06.18 12:57:11 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsium.dll
[2012.06.18 12:57:11 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDCZ1.DLL
[2012.06.18 12:57:11 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINTAM.DLL
[2012.06.18 12:57:11 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINMAR.DLL
[2012.06.18 12:57:11 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINKAN.DLL
[2012.06.18 12:57:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGEO.DLL
[2012.06.18 12:57:10 | 000,679,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2012.06.18 12:57:10 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroleui.dll
[2012.06.18 12:57:10 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2012.06.18 12:57:09 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2012.06.18 12:57:09 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2012.06.18 12:57:09 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cca.dll
[2012.06.18 12:57:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertPolEng.dll
[2012.06.18 12:57:08 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
[2012.06.18 12:57:06 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenter.dll
[2012.06.18 12:57:06 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenterCPL.dll
[2012.06.18 12:57:06 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2012.06.18 12:57:04 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2012.06.18 12:57:03 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2012.06.18 12:57:03 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2012.06.18 12:57:03 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\djoin.exe
[2012.06.18 12:57:03 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnaddr.dll
[2012.06.18 12:57:02 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscmmc.dll
[2012.06.18 12:57:01 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2012.06.18 12:57:01 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2012.06.18 12:57:00 | 001,371,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmcore.dll
[2012.06.18 12:56:58 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXPTaskRingtone.dll
[2012.06.18 12:56:58 | 000,399,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXP.dll
[2012.06.18 12:56:58 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2012.06.18 12:56:57 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscobj.dll
[2012.06.18 12:56:57 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CscMig.dll
[2012.06.18 12:56:56 | 000,863,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2012.06.18 12:56:56 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\desk.cpl
[2012.06.18 12:24:51 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2012.06.18 12:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.06.18 12:01:15 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.06.18 12:00:42 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.06.18 12:00:42 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.06.18 12:00:05 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.06.18 12:00:05 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.06.18 11:03:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.06.18 11:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.06.18 11:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012.06.15 17:17:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.06.15 17:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.06.14 15:57:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia
[2012.06.14 15:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.06.14 10:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.14 06:56:54 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.14 06:56:54 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.06.13 19:02:38 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.06.13 19:01:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.06.12 19:00:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp
[2012.06.12 18:40:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.06.12 18:28:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012.06.05 22:48:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012.06.05 22:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCDEmu
[2012.06.05 22:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\WinCDEmu
[2012.06.04 17:28:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.06.04 17:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.04 17:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.04 17:28:31 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.04 17:28:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.24 09:04:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.05.24 09:04:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.18 22:05:21 | 000,018,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.18 22:05:21 | 000,018,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.18 21:57:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.18 21:57:09 | 1610,256,384 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.18 21:55:50 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.06.18 21:54:17 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\ifb3sf54.exe
[2012.06.18 21:53:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.06.18 21:53:35 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.06.18 21:18:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.18 17:02:06 | 000,413,384 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.18 15:57:13 | 000,656,028 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.18 15:57:13 | 000,617,910 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.18 15:57:13 | 000,130,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.18 15:57:13 | 000,107,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.18 15:54:17 | 000,000,151 | ---- | M] () -- C:\Users\***\Desktop\Rootkit.Zeroaccess - Seite 3 - Trojaner-Board.URL
[2012.06.18 13:37:03 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2012.06.18 11:59:42 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.06.18 11:59:41 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.06.18 11:01:27 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.06.14 15:12:53 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.06.14 07:18:03 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.14 07:18:03 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.06.13 12:09:49 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.06.06 00:44:45 | 000,000,134 | ---- | M] () -- C:\Users\***\Desktop\Internet Explorer-Problembehebung.url
 
========== Files Created - No Company Name ==========
 
[2012.06.18 21:55:28 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.06.18 21:54:12 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\ifb3sf54.exe
[2012.06.18 21:53:34 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.06.18 12:59:48 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.06.18 12:59:20 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2012.06.18 12:57:59 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2012.06.18 12:57:57 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2012.06.18 11:57:36 | 000,000,151 | ---- | C] () -- C:\Users\***\Desktop\Rootkit.Zeroaccess - Seite 3 - Trojaner-Board.URL
[2012.06.18 11:01:27 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.06.14 15:12:53 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012.06.14 15:12:46 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.06.14 06:56:56 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.06 00:44:45 | 000,000,134 | ---- | C] () -- C:\Users\***\Desktop\Internet Explorer-Problembehebung.url
[2011.10.10 19:50:21 | 000,049,152 | ---- | C] () -- C:\Windows\System32\DLEAPMON.DLL
[2011.10.10 19:50:21 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLEAFXPU.DLL
[2011.10.10 19:50:01 | 005,709,824 | ---- | C] () -- C:\Windows\System32\DLEAoem.dll
[2011.10.10 19:49:37 | 000,372,736 | ---- | C] () -- C:\Windows\System32\DLEAwupd.dll
[2011.10.10 19:49:37 | 000,213,672 | ---- | C] () -- C:\Windows\System32\DLEAwupd.exe
[2011.10.10 19:46:01 | 000,331,776 | ---- | C] () -- C:\Windows\System32\DLEAinst.dll
[2011.10.10 19:45:56 | 000,114,688 | ---- | C] () -- C:\Windows\System32\dleainsr.dll
[2011.10.10 19:45:56 | 000,057,344 | ---- | C] () -- C:\Windows\System32\dleajswr.dll
[2011.10.10 19:45:54 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dleagrd.dll
[2011.10.10 19:45:54 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dleacur.dll
[2011.10.10 19:45:53 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\dleacomm.dll
[2011.10.10 19:44:20 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLEAsmr.dll
[2011.10.10 19:44:19 | 000,299,008 | ---- | C] () -- C:\Windows\System32\DLEAsm.dll
[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.10.05 17:10:05 | 000,454,656 | ---- | C] () -- C:\Windows\System32\dlcxutil.dll
[2010.10.05 17:10:05 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcxinpa.dll
[2010.10.05 17:10:05 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcxiesc.dll
[2010.10.05 17:10:05 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\dlcxhcp.dll
[2010.10.05 17:10:05 | 000,274,432 | ---- | C] () -- C:\Windows\System32\dlcxinst.dll
[2010.10.05 17:10:04 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcxserv.dll
[2010.10.05 17:10:04 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcxusb1.dll
[2010.10.05 17:10:04 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcxhbn3.dll
[2010.10.05 17:10:04 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomc.dll
[2010.10.05 17:10:04 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcxpmui.dll
[2010.10.05 17:10:04 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcxlmpm.dll
[2010.10.05 17:10:04 | 000,532,480 | ---- | C] ( ) -- C:\Windows\System32\dlcxcoms.exe
[2010.10.05 17:10:04 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomm.dll
[2010.10.05 17:10:04 | 000,380,928 | ---- | C] ( ) -- C:\Windows\System32\dlcxih.exe
[2010.10.05 17:10:04 | 000,188,416 | ---- | C] () -- C:\Windows\System32\dlcxgrd.dll
[2010.10.05 17:10:04 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxinsb.dll
[2010.10.05 17:10:04 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxins.dll
[2010.10.05 17:10:04 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcxprox.dll
[2010.10.05 17:10:04 | 000,139,264 | ---- | C] () -- C:\Windows\System32\dlcxjswr.dll
[2010.10.05 17:10:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\dlcxinsr.dll
[2010.10.05 17:10:04 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcxpplc.dll
[2010.10.05 17:10:04 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcxcub.dll
[2010.10.05 17:10:04 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcu.dll
[2010.10.05 17:10:04 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcxcur.dll
[2010.10.05 17:10:03 | 000,381,832 | ---- | C] ( ) -- C:\Windows\System32\dlcxcfg.exe
[2010.10.05 17:08:53 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlcxcoin.dll
[2010.10.05 17:08:53 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlcxvs.dll
[2010.08.09 16:48:06 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2010.08.09 16:44:43 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI
[2010.08.09 16:08:32 | 000,013,824 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.06 22:19:33 | 000,656,028 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.08.06 22:19:33 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.08.06 22:19:33 | 000,130,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.08.06 22:19:33 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.08.06 21:24:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.08.06 21:24:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

< End of report >

und hier die Extra.txt:

Code:

ATTFilter

OTL Extras logfile created on: 18.06.2012 21:58:34 - Run 1
OTL by OldTimer - Version 3.2.49.0     Folder = C:\Users\***\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 67,11% Memory free
4,00 Gb Paging File | 3,36 Gb Available in Paging File | 83,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,44 Gb Total Space | 10,60 Gb Free Space | 14,24% Space Free | Partition Type: NTFS
Drive D: | 824,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 74,51 Gb Total Space | 73,74 Gb Free Space | 98,96% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 649,63 Gb Free Space | 69,74% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: Lore Seiler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Program Files\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Programme\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation.)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{0BF0F2A0-6181-4CEC-A94D-5026CE22312D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1C51AF67-A613-4F64-BFF7-A0CD67BB085F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{292FBCA6-C6B6-4E17-894F-EFB30772CFBE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{36427C99-2A3B-4AAB-9639-72CD6FCDA8B6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3895254B-E848-469A-AE00-A0CED9E4367B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4BD5525A-63C4-4538-8073-EBC3D7AAD314}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5A7FDCFE-0E27-4344-8226-45B153B5F1AD}" = rport=137 | protocol=17 | dir=out | app=system | 
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6D3CB3FF-6608-4CC3-BC33-4B805F1B5696}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{716C686C-780C-493C-902B-A63200BE1E1F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{861E45CA-D218-4E70-BFA9-706F1524BDFA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{96BFBDBF-672D-41D7-8B67-7817B55FF149}" = lport=138 | protocol=17 | dir=in | app=system | 
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E7575C33-044E-45C3-9DEA-8D2B58A3CDF3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F78C56E2-2DFE-49EE-BB54-3302640136A1}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FE15AFB3-62FA-4E67-BF4B-3BF3B4DD41F2}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{05528151-2EF9-4715-9FAB-8BA593BA5AC3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0AF0C3E2-71B0-4365-87A2-4D1D84D45C3D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{0D152461-CFDC-48B7-BF7E-FB97227A7BB3}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe | 
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{25C1AA3F-F392-49A9-94B2-27AD4C297CA7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{2CBE2CED-317B-42CA-A171-F54EC9369541}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{2FB151F9-2769-4F5B-B84D-B9459AEB5654}" = dir=in | app=c:\windows\system32\dleacoms.exe | 
"{3C7F1F0D-6E15-4148-8EDA-8E8B81AFAC45}" = dir=in | app=c:\windows\system32\dleacoms.exe | 
"{3F918F79-3DD8-4EE7-8DE7-DF0858DD3AC3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{45445766-ED73-42E2-AF51-A710158702DB}" = dir=in | app=c:\windows\system32\dleacoms.exe | 
"{475A3F7A-4983-40BA-94DC-2F3E2B8ADBD3}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4C697F9D-6764-4E00-8A8D-A8505B997513}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe | 
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{60BAAF38-C858-4A5B-904E-D77B9F6B37B6}" = protocol=6 | dir=in | app=c:\program files\dell v310-v510 series\dleafax.exe | 
"{616B0C0C-84A9-4BD9-9B1C-A5DE45CAB674}" = protocol=17 | dir=in | app=c:\program files\dell v310-v510 series\dleafax.exe | 
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{68A5108D-5537-453A-B43D-2AB06D401341}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe | 
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7EF17BDC-5A59-4CAA-9374-111A091C3CF4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8ACFBF59-4AFE-4921-BDDB-948C3F35979D}" = protocol=17 | dir=in | app=c:\windows\system32\dlcxcoms.exe | 
"{9E1B688F-ED74-41A1-9910-3B15D2E8A22E}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe | 
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BB3C4B33-6FEF-465C-B642-8CCC03DBB716}" = dir=in | app=c:\windows\system32\dleacoms.exe | 
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | 
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DF728C45-3195-46AE-84A2-5EDA512A2F1C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E408FDF7-61B1-49E7-81CA-6FC6AB667928}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{E5F2882E-55F5-4B90-9E78-21120DA59ABC}" = dir=in | app=c:\windows\system32\dleacoms.exe | 
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FA61C09B-4919-4D44-A999-19C0335BE032}" = protocol=6 | dir=in | app=c:\windows\system32\dlcxcoms.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09B71986-2AC5-482d-B6CB-42EA34F4F85B}" = Dell Symbolleiste
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.3
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{36A1E3D6-288A-4EEE-A081-30D9808B2BE3}" = Joe
"{37A54340-6655-4FFC-BC4C-0B945764DA4B}" = Canon PhotoRecord
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53AD87D3-72AE-4D07-8A7A-1F4D54E83777}" = ACDSee Foto-Editor
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{61B65BA2-ACB0-4109-B6AC-C73A93106FA6}" = MAGIX Screenshare
"{68D73A1E-9B15-4519-8B62-67606DA80082}" = MAGIX Speed burnR (MSI)
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Foto-Manager 12
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{B4A6DE2E-5E84-4F1D-B26A-EAB0D42ED932}" = CP Printer Guide
"{BB533746-CF08-11D7-BCF1-005004748D87}" = Java SATARaid
"{C960FB07-BBAA-4D26-BE81-D119A15A6E84}" = MAGIX Video deluxe MX Plus Download-Version
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{DA38EC64-4D83-4E46-83CA-C0D1175921DC}" = MAGIX Video deluxe MX
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F748FAE2-3D19-44F7-AC03-EB9ADA517752}" = FotoSlate 4
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Canon SELPHY CP510" = Canon SELPHY CP510
"Dell Photo AIO Printer 926" = Dell Photo AIO Printer 926
"Dell V310-V510 Series" = Dell V310-V510 Series
"Designer 2.0_is1" = Designer 2.0
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ESET Online Scanner" = ESET Online Scanner v3
"Foxit Reader" = Foxit Reader
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{B4A6DE2E-5E84-4F1D-B26A-EAB0D42ED932}" = Canon Utilities Anleitung zum CP-Drucker
"IrfanView" = IrfanView (remove only)
"MAGIX_MSI_Videodeluxe18" = MAGIX Video deluxe MX
"MAGIX_MSI_Videodeluxe18_plus" = MAGIX Video deluxe MX Plus Download-Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"VLC media player" = VLC media player 2.0.1
"WinCDEmu" = WinCDEmu
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.06.2012 05:05:03 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe".  Die abhängige Assemblierung
 "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.06.2012 05:05:08 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe".  Die abhängige Assemblierung
 "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.06.2012 05:05:13 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe".  Die abhängige Assemblierung
 "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.06.2012 05:05:13 | Computer Name = ***-PC | Source = MsiInstaller | ID = 11920
Description = 
 
Error - 18.06.2012 07:59:07 | Computer Name = ***-PC | Source = ESENT | ID = 215
Description = WinMail (2404) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 18.06.2012 09:07:47 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\WinCDEmu\vmnt64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.06.2012 12:22:20 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
 Zeitstempel: 0x4d6727a7  Name des fehlerhaften Moduls: WinCDEmuContextMenu.dll_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x4e402656  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x6d3eeb75  ID des fehlerhaften Prozesses: 0xae4  Startzeit der fehlerhaften Anwendung:
 0x01cd4d636c5aa6d6  Pfad der fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad 
des fehlerhaften Moduls: WinCDEmuContextMenu.dll  Berichtskennung: c6cec144-b961-11e1-b311-0011098a348f
 
Error - 18.06.2012 15:23:24 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: sechost.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdb04  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000075b5  ID des fehlerhaften
 Prozesses: 0x41c  Startzeit der fehlerhaften Anwendung: 0x01cd4d87c10db67c  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\sechost.dll  Berichtskennung: 125e357c-b97b-11e1-8593-0011098a348f
 
Error - 18.06.2012 15:50:35 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: sechost.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdb04  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000075b5  ID des fehlerhaften
 Prozesses: 0x3e8  Startzeit der fehlerhaften Anwendung: 0x01cd4d8b8eb92f4a  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\sechost.dll  Berichtskennung: de55ac40-b97e-11e1-9896-0011098a348f
 
Error - 18.06.2012 15:57:49 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: sechost.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdb04  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000075b5  ID des fehlerhaften
 Prozesses: 0x3e0  Startzeit der fehlerhaften Anwendung: 0x01cd4d8c91422eaa  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\sechost.dll  Berichtskennung: e0f14bff-b97f-11e1-8a98-0011098a348f
 
[ System Events ]
Error - 18.06.2012 15:57:52 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000
 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 18.06.2012 15:57:52 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Update" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 18.06.2012 15:57:53 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "DNS-Client" ist von folgendem Dienst abhängig: Tdx. Dieser
 Dienst ist eventuell nicht installiert.
 
Error - 18.06.2012 15:57:53 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "DNS-Client" ist von folgendem Dienst abhängig: Tdx. Dieser
 Dienst ist eventuell nicht installiert.
 
Error - 18.06.2012 15:57:53 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "DNS-Client" ist von folgendem Dienst abhängig: Tdx. Dieser
 Dienst ist eventuell nicht installiert.
 
Error - 18.06.2012 15:57:53 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "DNS-Client" ist von folgendem Dienst abhängig: Tdx. Dieser
 Dienst ist eventuell nicht installiert.
 
Error - 18.06.2012 15:57:54 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "DNS-Client" ist von folgendem Dienst abhängig: Tdx. Dieser
 Dienst ist eventuell nicht installiert.
 
Error - 18.06.2012 15:58:52 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Server" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, 
ist fehlgeschlagen. Fehler:   %%1056
 
Error - 18.06.2012 15:59:52 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart 
des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:   %%1056
 
Error - 18.06.2012 16:00:18 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "DNS-Client" ist von folgendem Dienst abhängig: Tdx. Dieser
 Dienst ist eventuell nicht installiert.
 
 
< End of report >

Gmer.txt

[code]
GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-18 23:33:57
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_SP1614C rev.SW100-34
Running: ifb3sf54.exe; Driver: C:\Users\***\AppData\Local\Temp\awliquob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!ZwRollbackEnlistment + 1409                                                                            82C78989 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                              82C984E2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           C:\Windows\system32\drivers\atikmdag.sys                                                                            section is writeable [0x91C3E000, 0x227A14, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!CreateWindowExW                                    7598EC7C 5 Bytes  JMP 6DD938A4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!DialogBoxParamW                                    759A3B9B 5 Bytes  JMP 6DCC7F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!DialogBoxIndirectParamW                            759B3B7F 5 Bytes  JMP 6DECFEF8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!DialogBoxParamA                                    759CCF42 5 Bytes  JMP 6DECFE95 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!DialogBoxIndirectParamA                            759CD274 5 Bytes  JMP 6DECFF5B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!MessageBoxIndirectA                                759DE869 5 Bytes  JMP 6DECFE2A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!MessageBoxIndirectW                                759DE963 5 Bytes  JMP 6DECFDBF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!MessageBoxExA                                      759DE9C9 5 Bytes  JMP 6DECFD5D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1104] USER32.dll!MessageBoxExW                                      759DE9ED 5 Bytes  JMP 6DECFCFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3688] USER32.dll!CallNextHookEx                                     7598ABE1 5 Bytes  JMP 6DD03CA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3688] USER32.dll!UnhookWindowsHookEx                                7598ADF9 5 Bytes  JMP 6DDBD91F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3688] USER32.dll!SetWindowsHookExW                                  7598E30C 5 Bytes  JMP 6DD57DE1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3688] USER32.dll!CreateWindowExW                                    7598EC7C 5 Bytes  JMP 6DD938A4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3688] USER32.dll!DialogBoxParamW                                    759A3B9B 5 Bytes  JMP 6DCC7F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3688] USER32.dll!DialogBoxIndirectParamW                            759B3B7F 5 Bytes  JMP 6DECFEF8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3688] USER32.dll!DialogBoxParamA                                    759CCF42 5 Bytes  JMP 6DECFE95 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3688] USER32.dll!DialogBoxIndirectParamA                            759CD274 5 Bytes  JMP 6DECFF5B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3688] USER32.dll!MessageBoxIndirectA                                759DE869 5 Bytes  JMP 6DECFE2A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3688] USER32.dll!MessageBoxIndirectW                                759DE963 5 Bytes  JMP 6DECFDBF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3688] USER32.dll!MessageBoxExA                                      759DE9C9 5 Bytes  JMP 6DECFD5D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3688] USER32.dll!MessageBoxExW                                      759DE9ED 5 Bytes  JMP 6DECFCFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3688] ole32.dll!OleLoadFromStream                                   75776143 5 Bytes  JMP 6DED024B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3688] ole32.dll!CoCreateInstance                                    757B9D0B 5 Bytes  JMP 6DD93432 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!CallNextHookEx                                     7598ABE1 5 Bytes  JMP 6DD03CA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!UnhookWindowsHookEx                                7598ADF9 5 Bytes  JMP 6DDBD91F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!SetWindowsHookExW                                  7598E30C 5 Bytes  JMP 6DD57DE1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!CreateWindowExW                                    7598EC7C 5 Bytes  JMP 6DD938A4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!DialogBoxParamW                                    759A3B9B 5 Bytes  JMP 6DCC7F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!DialogBoxIndirectParamW                            759B3B7F 5 Bytes  JMP 6DECFEF8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!DialogBoxParamA                                    759CCF42 5 Bytes  JMP 6DECFE95 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!DialogBoxIndirectParamA                            759CD274 5 Bytes  JMP 6DECFF5B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!MessageBoxIndirectA                                759DE869 5 Bytes  JMP 6DECFE2A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!MessageBoxIndirectW                                759DE963 5 Bytes  JMP 6DECFDBF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!MessageBoxExA                                      759DE9C9 5 Bytes  JMP 6DECFD5D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!MessageBoxExW                                      759DE9ED 5 Bytes  JMP 6DECFCFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4020] ole32.dll!OleLoadFromStream                                   75776143 5 Bytes  JMP 6DED024B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4020] ole32.dll!CoCreateInstance                                    757B9D0B 5 Bytes  JMP 6DD93432 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                              SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)

Device          \Driver\ACPI_HAL \Device\00000049                                                                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xF5 0x26 0xAF 0x07 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x1A 0xE4 0x3C 0x82 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x32 0x3C 0x70 0xBF ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xF5 0x26 0xAF 0x07 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x1A 0xE4 0x3C 0x82 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x32 0x3C 0x70 0xBF ...

---- EOF - GMER 1.0.15 ----

--- --- ---

WinCDEmu wurde bereits deinstalliert.
Manuell kann ich eine IP vergeben, wenn ich jedoch von manuell auf dhcp zurück wechseln will, verlangt er einen Neustart.

Psychotic · 19.06.2012, 22:20

Das war vermutlich ein Bug in Combofix!

Combofix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Armin_M · 20.06.2012, 11:14

Combofix-Log:

Code:

ATTFilter

ComboFix 12-06-19.03 - *** 20.06.2012  11:51:39.5.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2048.1310 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-20 bis 2012-06-20  ))))))))))))))))))))))))))))))
.
.
2012-06-20 10:01 . 2012-06-20 10:01	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-20 09:45 . 2012-06-20 09:45	56200	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C14B1477-1E7F-4F51-B00B-6D5D0DE05ABF}\offreg.dll
2012-06-18 14:16 . 2012-03-01 05:46	19824	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-06-18 14:16 . 2012-03-01 05:37	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-06-18 14:16 . 2012-03-01 05:33	159232	----a-w-	c:\windows\system32\imagehlp.dll
2012-06-18 14:16 . 2012-03-01 05:29	5120	----a-w-	c:\windows\system32\wmi.dll
2012-06-18 14:12 . 2012-01-04 08:58	442880	----a-w-	c:\windows\system32\ntshrui.dll
2012-06-18 14:12 . 2012-04-07 11:26	2342400	----a-w-	c:\windows\system32\msi.dll
2012-06-18 14:10 . 2011-05-04 04:34	1549312	----a-w-	c:\windows\system32\tquery.dll
2012-06-18 14:09 . 2011-08-17 04:24	465408	----a-w-	c:\windows\system32\psisdecd.dll
2012-06-18 13:59 . 2012-04-24 04:36	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2012-06-18 13:59 . 2012-04-24 04:36	1158656	----a-w-	c:\windows\system32\crypt32.dll
2012-06-18 13:59 . 2012-04-24 04:36	103936	----a-w-	c:\windows\system32\cryptnet.dll
2012-06-18 12:05 . 2012-05-08 07:40	6737808	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C14B1477-1E7F-4F51-B00B-6D5D0DE05ABF}\mpengine.dll
2012-06-18 11:46 . 2012-06-18 11:46	--------	d-----w-	c:\windows\system32\SPReview
2012-06-18 10:59 . 2010-11-20 02:21	868864	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2012-06-18 10:58 . 2010-11-20 02:19	954288	----a-w-	c:\windows\system32\mfc40u.dll
2012-06-18 10:56 . 2010-11-20 02:18	630784	----a-w-	c:\windows\system32\DXPTaskRingtone.dll
2012-06-18 10:56 . 2010-11-20 02:18	399872	----a-w-	c:\windows\system32\DXP.dll
2012-06-18 10:56 . 2010-11-20 02:18	242176	----a-w-	c:\windows\system32\eapp3hst.dll
2012-06-18 10:56 . 2010-11-20 02:18	17408	----a-w-	c:\windows\system32\credssp.dll
2012-06-18 10:56 . 2010-11-20 02:18	139264	----a-w-	c:\windows\system32\cscobj.dll
2012-06-18 10:56 . 2010-11-20 02:18	109568	----a-w-	c:\windows\system32\CscMig.dll
2012-06-18 10:56 . 2010-11-19 22:44	388096	----a-w-	c:\windows\system32\drivers\csc.sys
2012-06-18 10:56 . 2010-11-20 02:18	863744	----a-w-	c:\windows\system32\diagperf.dll
2012-06-18 10:56 . 2010-11-20 02:16	128000	----a-w-	c:\windows\system32\desk.cpl
2012-06-18 10:56 . 2010-11-19 23:50	31232	----a-w-	c:\windows\system32\drivers\CompositeBus.sys
2012-06-18 10:56 . 2010-11-20 02:18	546304	----a-w-	c:\windows\system32\cscsvc.dll
2012-06-18 10:24 . 2012-06-18 10:24	--------	d-----w-	c:\windows\CheckSur
2012-06-18 10:02 . 2012-06-18 10:02	--------	d-----w-	c:\program files\Common Files\Java
2012-06-18 10:01 . 2012-06-18 10:01	--------	d-----w-	c:\program files\Oracle
2012-06-18 10:00 . 2012-05-04 17:29	772504	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-06-18 09:03 . 2012-06-18 09:03	--------	d-----w-	c:\program files\Bonjour
2012-06-15 15:16 . 2012-06-15 15:16	--------	d-----w-	c:\program files\Microsoft Silverlight
2012-06-15 15:12 . 2012-05-08 07:40	6737808	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-14 13:57 . 2012-06-14 13:57	--------	d-----w-	c:\users\***\AppData\Local\Macromedia
2012-06-14 13:14 . 2012-06-14 13:14	713784	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3366CA71-E991-46A0-85A5-37675C5E4324}\gapaengine.dll
2012-06-14 13:12 . 2012-06-14 13:12	--------	d-----w-	c:\program files\Microsoft Security Client
2012-06-14 08:03 . 2012-06-14 08:03	--------	d-----w-	c:\program files\ESET
2012-06-14 04:56 . 2012-06-14 05:18	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-14 04:56 . 2012-06-14 05:18	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-06-12 17:00 . 2012-06-20 10:01	--------	d-----w-	c:\users\***\AppData\Local\temp
2012-06-05 20:48 . 2012-06-05 20:48	--------	d-----w-	c:\windows\system32\EventProviders
2012-06-04 15:28 . 2012-06-04 15:28	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2012-06-04 15:28 . 2012-06-04 15:28	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-04 15:28 . 2012-06-11 20:06	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-06-04 15:28 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-05-24 07:04 . 2012-05-24 07:04	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2012-05-24 07:04 . 2012-05-24 07:04	157352	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-24 07:04 . 2012-05-24 07:04	129976	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-18 11:37 . 2009-07-14 02:05	152576	----a-w-	c:\windows\system32\msclmd.dll
2012-05-14 23:43 . 2012-06-14 07:23	6737808	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD78EDD8-09EB-4428-8FF8-A4C1555F2B4F}\mpengine.dll
2012-05-04 17:29 . 2010-08-09 15:09	687504	----a-w-	c:\windows\system32\deployJava1.dll
2012-04-18 18:56 . 2012-04-18 18:56	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56	69632	----a-w-	c:\windows\system32\QuickTime.qts
2012-05-24 07:04 . 2011-06-02 21:07	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-15 106496]
"dleamon.exe"="c:\program files\Dell V310-V510 Series\dleamon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files\Dell V310-V510 Series\ezprint.exe" [2011-01-24 139944]
"Dell V310-V510 Series Fax Server"="c:\program files\Dell V310-V510 Series\fm3032.exe" [2011-01-24 316072]
"TrayServer"="c:\program files\MAGIX\Video_deluxe_MX\TrayServer_de.exe" [2008-08-07 90112]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Exif Launcher 2.lnk - c:\programme\FinePixViewer\QuickDCF2.exe [2010-8-9 294912]
Java SATARaid.lnk - c:\program files\Silicon Image\Java SATARaid\siicfg.jar [2010-8-7 1750703]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 257696]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [2011-08-08 117584]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-24 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 74112]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-09 691696]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-10-11 532480]
S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe [2009-07-01 602792]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 05:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4E7D8419-DFD9-44BD-97C8-80FCEEB1D5BB}: NameServer = 192.168.1.254
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4329hxqe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.csc]
"ImagePath"="\?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.tdx]
"ImagePath"="\?"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.032"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.abr"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ANI\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ani"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (S-1-5-21-2232143414-1069646403-3848905212-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSeePhotoEditor.apd"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.arw"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bay"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bmp"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bw"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CR2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cr2"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CRW\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.crw"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cs1"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CUR\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cur"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dcr"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DCX\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dcx"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dib"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.djv"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DJVU\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.djvu"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dng"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.emf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.EPS\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.eps"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.erf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.fff"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.FPX\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.fpx"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.gif"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.hdr"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ICL\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.icl"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.icn"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.IFF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.iff"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ilbm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.int"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.inta"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.iw4"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.j2c"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.j2k"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jbr"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jfif"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jif"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JP2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jp2"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpc"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpe"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpeg"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpg"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpk"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpx"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.KDC\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.kdc"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.lbm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mef"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mos"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mrw"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.nef"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.nrw"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.orf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PBM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pbm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pbr"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PCD\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pcd"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pct"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PCX\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pcx"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pef"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PGM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pgm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pic"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pict"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pix"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.png"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PPM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ppm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PSD\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.psd"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PSP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.psp"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pspbrush"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pspimage"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.raf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RAS\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ras"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RAW\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.raw"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rgb"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rgba"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rle"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rsb"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rw2"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rwl"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SGI\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.sgi"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.sr2"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.srf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TGA\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.tga"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.thm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.tif"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.tiff"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ttc"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ttf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.v30po"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.v30pp"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.v30ppf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.wbm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WBMP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.wbmp"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.wmf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.XBM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xbm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xif"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xmp"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.XPM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xpm"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\SOUNDMAN.EXE
c:\windows\servicing\TrustedInstaller.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-20  12:10:57 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-20 10:10
.
Vor Suchlauf: 10 Verzeichnis(se), 11.154.640.896 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 11.052.322.816 Bytes frei
.
- - End Of File - - 16204214A460CEAF0E06000F592DCA79

Psychotic · 20.06.2012, 12:25

Wie ist es jetzt mit dem DHCP?

Armin_M · 20.06.2012, 16:05

Geht jetzt wieder.
Irgendwie scheint er beim Combofix /Uninstall die Dienste mit falschen Rechten ausgestattet zu haben. Jedenfalls war wieder der Abhängigkeitsdienst wie am Anfang nicht startbar.
Jetzt die Reste vom Desktop einfach löschen?
Da sind Combofix, OTL, Gmer und defogger und deren logs.
Hab in den Logs auch noch Verweise auf stpd gesehen. Die gehörten zu den Daemon Tools die bereits deinstalliert wurden. Auch WinCDEmu wird noch erwähnt, auch bereits deinstalliert.

Psychotic · 21.06.2012, 07:14

Zitat:

"WinCDEmu" = WinCDEmu

In der Softwareliste wird der CD Emu noch angezeigt...bist du sicher, dass er weg ist?

20.06.2012, 12:25	#28
Psychotic /// Malwareteam	Rootkit.Zeroaccess Wie ist es jetzt mit dem DHCP? __________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Rootkit.Zeroaccess

Plagegeister aller Art und deren Bekämpfung: Rootkit.Zeroaccess