Home » Viren, Trojaner & Malware Forum » Win32/Olmarik.AYA oder evtl andere Tierchen? » Themenansicht

Win32/Olmarik.AYA oder evtl andere Tierchen?
#0
11.01.2012, 12:12
Swisstreasure
Moderator

Beiträge: 5694
#16 Das es direkt von ESET ist wusste ich nicht. Die TDL4 Infektion auf einem 64Bit System ist eine echte Knacknuss. Ich werde meine Spezialistenkollgen auf den anderen Foren einmal anfragen. Melde mich dann umgehend. Ob es sich mit dem löschen erübrigt hat bezweifle ich.
Seitenanfang Seitenende
11.01.2012, 12:24
bluepill
Member

Themenstarter

Beiträge: 15
#17 Alles klar ich danke dir für deine Bemühungen. Schön das es noch Leute gibt die einem helfen wollen ;)

Nur not muss ich halt wieder das system neu aufspielen nur möchte ich dann auch sicher gehen das sich da dann nich doch noch irgend was versteckt hat was dann wieder auftauchen könnte
Seitenanfang Seitenende
11.01.2012, 13:00
Swisstreasure
Moderator

Beiträge: 5694
#18 Ich frage einmal nach was besser wäre. Also falls Du Dich für das Neuaufsetzen entscheidest dann musst Du einfach alles komplett platt machen und von Grund auf neu aufsetzen. Nicht darüber installieren oder reparieren.
Hättest Du einen USB Stick zur Hand?
Seitenanfang Seitenende
11.01.2012, 13:21
bluepill
Member

Themenstarter

Beiträge: 15
#19 ja usb stick ist da. warum? Das Ding ist ich habe hier einige wichtige und vorallem große Daten die ich nicht so einfach sichern kann. Also die Systemplatte denke ich schon das ich die leer bekomme. Nur es sind noch 2 andere Festplatten verbaut die ich nicht sichern kann bzw nur wenn ich mir eine neue kaufen müsste und da die Preise für Platten gerade unverschämt hoch sind fällt das weg. Es würde ja trotzdem noch das Problem bestehen das sich malware auch auf die neue Festplatte übertragen könnte da der Rechner nicht 100% clean ist oder?
Seitenanfang Seitenende
11.01.2012, 16:36
Swisstreasure
Moderator

Beiträge: 5694
#20 Füge folgende Datei als Anhang hier ein:
C:\Users\six\Desktop\MBR.dat

Dann verusche einmal die Partition zu löschen auf welcher die Infektion angezeigt wird.
Dann starte den Rechner neu und poste ein neues Log von aswMBR.
Seitenanfang Seitenende
11.01.2012, 16:46
bluepill
Member

Themenstarter

Beiträge: 15
#21 Hier erstmal die MBR.dat

De Partition werde ich gleich löschen dauert noch ein paar Minuten

Anhang: MBR.zip
Seitenanfang Seitenende
11.01.2012, 17:17
bluepill
Member

Themenstarter

Beiträge: 15
#22 So aswMBR läuft gerade durch bis jetzt siehts gut aus.. ABER:

es war gerade ein wenig seltsam: ich habe die Partition in der Windows Datenträgerverwaltung gelöscht und der speicherplatz ist einfach verschwunden. Normal sollten ja die 2 MB nach dem löschen als nicht zugewiesener speicherplatz angezeigt werden. Doch die Partition ist weg es ist kein nicht zugewiedener Speicher da. Es ist so als ob die 2MB Partition niemals existiert hätte... Sehr komisch...

Ist heute Windows Patch day?
Weiterhin hat windows 4 Updates installiert aber ich habe keine Benachrichtigung bekommen das überhaupt updates vorhanden waren (windows ist so eingestellt das ich updates erst bestätigen muss bevor sie installiert werden). Sie wurden vor dem neustart also während des runterfahrens installiert.

Der Neustart lief auch nicht sauber ab zumindest denke ich das.. Normal kommt beim hochfahren das Windows Logo darunter steht windows wird gestartet. doch unter dem Logo standen eben ein Paar Registrierungseinträge und sowas wie 190/229 oder so. Danach noch ein selbstständiger Neustart.Ging leider alles viel zu schnell als das ich mir hätte was merken können.

Als der Desktop dann da war hab ich kurz ein Fenster bekommen wo drin stand Snap-In Constole wird konfiguriert oder ähnlich ging auch sehr schnell...

vielleicht grade auch nur ein wenig Paranoia und dummer Zufall aber war doch sehr komisch..

Werde gleich mal in dem Windows update log nachschauen ob das wirklich ein Windows Update war


Code

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-11 17:02:26
-----------------------------
17:02:26.605    OS Version: Windows x64 6.1.7601 Service Pack 1
17:02:26.605    Number of processors: 4 586 0x403
17:02:26.605    ComputerName: SIXER  UserName: six
17:02:28.261    Initialize success
17:02:31.730    AVAST engine defs: 12011100
17:02:34.730    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
17:02:34.746    Disk 0 Vendor: SAMSUNG_HD501LJ CR100-13 Size: 476940MB BusType: 3
17:02:34.746    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-5
17:02:34.746    Disk 1 Vendor: SAMSUNG_HD321KJ CP100-10 Size: 305245MB BusType: 3
17:02:34.761    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T1L0-7
17:02:34.761    Disk 2 Vendor: SAMSUNG_HD502HJ 1AJ100E4 Size: 476940MB BusType: 3
17:02:34.824    Disk 0 MBR read successfully
17:02:34.839    Disk 0 MBR scan
17:02:34.839    Disk 0 Windows 7 default MBR code
17:02:34.855    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        99999 MB offset 2048
17:02:34.871    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       376937 MB offset 204800400
17:02:34.902    Service scanning
17:02:37.339    Modules scanning
17:02:37.339    Disk 0 trace - called modules:
17:02:37.386    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
17:02:37.402    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a3f060]
17:02:37.402    3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8003af0520]
17:02:37.402    5 ACPI.sys[fffff88000f9a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa8003aef680]
17:02:37.761    AVAST engine scan C:\Windows
17:02:42.277    File: C:\Windows\PEV.exe  **INFECTED** Win32:Rootkit-gen [Rtk]
17:02:43.839    AVAST engine scan C:\Windows\system32
17:05:26.433    AVAST engine scan C:\Windows\system32\drivers
17:05:38.121    AVAST engine scan C:\Users\six
17:15:58.965    File: C:\Users\six\Downloads\EOlmarikTdl4Cleaner.exe  **INFECTED** MBR:Alureon-K [Rtk]
17:16:19.200    File: C:\Users\six\Downloads\sicher\gmer\EOlmarikTdl4Cleaner.exe  **INFECTED** MBR:Alureon-K [Rtk]
17:18:07.028    AVAST engine scan C:\ProgramData
17:19:10.215    Scan finished successfully
17:19:56.918    Disk 0 MBR has been saved successfully to "C:\Users\six\Desktop\MBR.dat"
17:19:56.918    The log file has been saved successfully to "C:\Users\six\Desktop\aswMBR11.1.12.17.20.txt"
ok habe grad im update log nachgeschaut... scheinen wirklich updates gewesen zu sein aber warum zum Teufel wurde ich nicht darüber informiert?! Das ist das erste mal das windows einfach so ohne nach zu fragen irgend was selbst installiert
Dieser Beitrag wurde am 11.01.2012 um 17:26 Uhr von bluepill editiert.
Seitenanfang Seitenende
11.01.2012, 22:58
Swisstreasure
Moderator

Beiträge: 5694
#23 hast Du denn nun nochmals neu gestartet nach den updates? Läuft dann alles normal?

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
• Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
Seitenanfang Seitenende
12.01.2012, 12:17
bluepill
Member

Themenstarter

Beiträge: 15
#24 Ob der Rechner wieder normal läuft ist schwer zu sagen. Hatte ja eh nur durch nod32 festgestellt das was nicht stimmt. Auf jedenfall gab es heute Nacht einen selbstständigen Neustart der aber viele Ursachen haben könnte.. Im Windows log steht nur was von:

Das System wurde neu gestartet, ohne dass es zuvor ordnungsgemäß heruntergefahren wurde. Dieser Fehler kann auftreten, wenn das System nicht mehr reagiert hat oder abgestürzt ist oder die Stromzufuhr unerwartet unterbrochen wurde.

In dieser zeit war der Rechner leider unbeaufsichtigt.


Hier mal der Combofix log

Code

ComboFix 12-01-12.02 - six 12.01.2012  11:43:33.3.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.4095.2631 [GMT 1:00]
ausgeführt von:: c:\users\six\Desktop\test.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_0
-------\Service_1
-------\Service_5
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-12 bis 2012-01-12  ))))))))))))))))))))))))))))))
.
.
2012-01-12 10:49 . 2012-01-12 10:49    --------    d-----w-    c:\users\Default\AppData\Local\temp
2012-01-11 08:01 . 2011-10-26 05:25    1572864    ----a-w-    c:\windows\system32\quartz.dll
2012-01-11 08:01 . 2011-10-26 05:25    366592    ----a-w-    c:\windows\system32\qdvd.dll
2012-01-11 08:01 . 2011-10-26 04:32    514560    ----a-w-    c:\windows\SysWow64\qdvd.dll
2012-01-11 08:01 . 2011-10-26 04:32    1328128    ----a-w-    c:\windows\SysWow64\quartz.dll
2012-01-11 08:01 . 2011-11-17 05:38    1292080    ----a-w-    c:\windows\SysWow64\ntdll.dll
2012-01-11 08:01 . 2011-11-17 06:41    1731920    ----a-w-    c:\windows\system32\ntdll.dll
2012-01-11 08:01 . 2011-11-19 14:58    77312    ----a-w-    c:\windows\system32\packager.dll
2012-01-11 08:01 . 2011-11-19 14:01    67072    ----a-w-    c:\windows\SysWow64\packager.dll
2012-01-10 15:11 . 2012-01-10 15:11    --------    d-----w-    c:\program files (x86)\Smart Projects
2012-01-10 14:35 . 2012-01-10 14:35    281200    ----a-w-    c:\windows\SysWow64\PnkBstrB.xtr
2012-01-10 14:35 . 2012-01-10 14:35    --------    d-----w-    c:\users\six\AppData\Local\PunkBuster
2012-01-10 14:30 . 2012-01-10 14:35    281200    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2012-01-10 14:30 . 2012-01-10 14:30    189248    ----a-w-    c:\windows\SysWow64\PnkBstrB.ex0
2012-01-10 14:30 . 2012-01-10 14:30    75136    ----a-w-    c:\windows\SysWow64\PnkBstrA.exe
2012-01-10 14:29 . 2012-01-10 14:29    --------    d-----w-    c:\program files (x86)\NVIDIA Corporation
2012-01-10 14:29 . 2012-01-10 14:29    --------    d-----w-    c:\program files (x86)\Common Files\Wise Installation Wizard
2012-01-10 12:16 . 2012-01-10 12:18    --------    d-----w-    C:\TDSSKiller_Quarantine
2012-01-10 10:16 . 2011-11-21 11:40    8822856    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BEB3644-1B3C-461C-989D-F83B533B61E3}\mpengine.dll
2012-01-09 18:19 . 2011-11-28 18:01    256960    ----a-w-    c:\windows\system32\aswBoot.exe
2012-01-09 18:19 . 2012-01-09 23:33    --------    d-----w-    c:\programdata\AVAST Software
2012-01-09 18:19 . 2012-01-09 18:19    --------    d-----w-    c:\program files\AVAST Software
2012-01-09 10:44 . 2012-01-09 10:44    388096    ----a-r-    c:\users\six\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-09 10:44 . 2012-01-09 10:44    --------    d-----w-    c:\program files (x86)\Trend Micro
2012-01-06 03:57 . 2012-01-06 03:57    --------    d-----w-    c:\program files (x86)\LSoft Technologies
2012-01-06 02:42 . 2012-01-06 02:42    --------    d-----w-    c:\users\six\AppData\Local\ElevatedDiagnostics
2012-01-06 02:04 . 2012-01-06 02:04    --------    d-----w-    c:\users\six\AppData\Roaming\Malwarebytes
2012-01-06 02:03 . 2012-01-06 02:03    --------    d-----w-    c:\programdata\Malwarebytes
2012-01-05 01:36 . 2012-01-05 01:36    --------    d-----w-    c:\program files\Windows Imaging
2012-01-04 21:23 . 2012-01-05 01:36    --------    d-----w-    c:\program files\Windows AIK
2012-01-03 23:31 . 2012-01-03 23:31    --------    d-----w-    c:\users\six\AppData\Local\Oblivion
2012-01-03 06:29 . 2012-01-03 06:29    --------    d-----w-    c:\program files\MAXON
2012-01-03 06:23 . 2012-01-03 06:49    --------    d-----w-    c:\users\six\AppData\Roaming\MAXON
2012-01-01 15:25 . 2012-01-01 15:25    626688    ----a-w-    c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-01 15:25 . 2012-01-01 15:25    548864    ----a-w-    c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-01 15:25 . 2012-01-01 15:25    479232    ----a-w-    c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-01 15:25 . 2012-01-01 15:25    43992    ----a-w-    c:\program files (x86)\Mozilla Firefox\mozutils.dll
2011-12-29 22:52 . 2011-12-29 22:53    --------    d-----w-    C:\crap
2011-12-29 22:51 . 2011-12-29 22:51    --------    d-----w-    c:\programdata\Big Fish Games
2011-12-29 22:51 . 2011-12-29 22:52    --------    d-----w-    c:\program files (x86)\bfgclient
2011-12-29 22:50 . 2011-12-29 22:53    --------    d-----w-    C:\BigFishGamesCache
2011-12-29 22:33 . 2011-12-29 22:54    --------    d-----w-    c:\programdata\FarmFrenzy2
2011-12-29 22:33 . 2011-12-29 22:33    --------    d-----w-    c:\windows\Farm Frenzy 2
2011-12-29 05:53 . 2012-01-05 10:02    --------    d-----w-    c:\users\six\AppData\Local\Mobile Master
2011-12-27 11:33 . 2011-12-27 11:33    --------    d-----w-    c:\users\six\AppData\Local\thumbs
2011-12-26 01:43 . 2009-07-16 15:32    139264    ----a-w-    c:\windows\NeoUninstall.exe
2011-12-25 21:58 . 2011-12-25 21:59    --------    d-----w-    c:\users\six\AppData\Roaming\Ubisoft
2011-12-25 21:57 . 2011-12-25 21:57    --------    d-----w-    c:\programdata\Solidshield
2011-12-25 21:28 . 2011-12-25 21:28    314016    ----a-w-    c:\windows\system32\drivers\atksgt.sys
2011-12-25 21:28 . 2011-12-25 21:28    43680    ----a-w-    c:\windows\system32\drivers\lirsgt.sys
2011-12-24 21:21 . 2011-12-24 21:32    --------    d-----w-    c:\users\six\AppData\Local\Ubisoft Game Launcher
2011-12-24 21:19 . 2011-12-24 21:19    --------    d-----w-    c:\program files (x86)\Ubisoft
2011-12-23 08:05 . 2011-12-23 08:05    --------    d-----w-    c:\users\six\AppData\Local\Google
2011-12-22 16:37 . 2011-12-22 16:37    --------    d-----w-    c:\users\six\AppData\Local\2DBoy
2011-12-22 16:37 . 2011-12-22 16:37    --------    d-----w-    c:\programdata\2DBoy
2011-12-21 14:28 . 2011-12-21 14:30    --------    d-----w-    c:\windows\WindowsMobile
2011-12-21 14:13 . 2008-08-19 20:15    56104    ----a-w-    c:\windows\system32\drivers\btwusb.sys
2011-12-21 14:13 . 2008-07-24 16:37    156584    ----a-w-    c:\windows\system32\drivers\btwdndis.sys
2011-12-21 14:13 . 2008-06-11 13:14    69672    ----a-w-    c:\windows\system32\drivers\btwsecfl.sys
2011-12-21 14:13 . 2008-05-30 10:46    135208    ----a-w-    c:\windows\system32\drivers\btaudio.sys
2011-12-21 14:13 . 2008-03-10 17:18    71592    ----a-w-    c:\windows\system32\drivers\btwhid.sys
2011-12-21 14:13 . 2008-02-04 16:58    44200    ----a-w-    c:\windows\system32\drivers\btport.sys
2011-12-21 14:13 . 2008-02-04 16:58    43944    ----a-w-    c:\windows\system32\drivers\btwmodem.sys
2011-12-21 14:09 . 2008-08-19 20:15    1283368    ----a-w-    c:\windows\system32\drivers\btkrnl.sys
2011-12-21 14:09 . 2007-09-20 10:59    114176    ----a-w-    c:\windows\system32\btw_ci.dll
2011-12-21 14:09 . 2011-12-21 14:09    --------    d-----w-    c:\program files\ThinkPad
2011-12-21 13:54 . 2011-12-21 13:54    --------    d-----w-    c:\programdata\Mobile Master
2011-12-21 13:54 . 2012-01-05 10:03    --------    d-----w-    c:\users\six\AppData\Roaming\Mobile Master
2011-12-21 13:54 . 2011-12-21 13:54    --------    d-----w-    c:\program files (x86)\Common Files\Jumping Bytes
2011-12-21 13:53 . 2011-12-27 11:39    --------    d-----w-    c:\program files (x86)\Mobile Master
2011-12-21 13:53 . 2011-12-21 13:53    --------    d-----w-    c:\users\six\AppData\Roaming\Jumping Bytes
2011-12-21 13:08 . 2011-12-21 13:10    --------    d-----w-    c:\program files (x86)\Blue Manager Suite
2011-12-18 12:40 . 2011-12-18 12:40    --------    d-----w-    c:\program files\CCleaner
2011-12-17 14:21 . 2011-12-17 14:36    --------    d-----w-    c:\users\six\.android
2011-12-17 14:21 . 2011-12-17 14:21    --------    d-----w-    c:\program files (x86)\Android
2011-12-17 14:19 . 2011-12-17 14:20    --------    d-----w-    c:\program files\Oracle
2011-12-17 14:18 . 2011-11-08 18:40    750488    ----a-w-    c:\windows\system32\npdeployJava1.dll
2011-12-17 00:13 . 2011-12-17 00:13    --------    d-----w-    c:\users\six\AppData\Local\DDMSettings
2011-12-16 16:44 . 2011-12-16 16:44    --------    d-----w-    c:\users\six\AppData\Roaming\Unified Remote
2011-12-16 16:43 . 2011-12-16 16:43    --------    d-----w-    c:\program files (x86)\Unified Remote
2011-12-15 01:21 . 2011-10-26 05:21    43520    ----a-w-    c:\windows\system32\csrsrv.dll
2011-12-15 01:21 . 2011-11-24 04:52    3145216    ----a-w-    c:\windows\system32\win32k.sys
2011-12-15 01:21 . 2011-10-15 06:31    723456    ----a-w-    c:\windows\system32\EncDec.dll
2011-12-15 01:21 . 2011-10-15 05:38    534528    ----a-w-    c:\windows\SysWow64\EncDec.dll
2011-12-15 01:21 . 2011-11-05 05:32    2048    ----a-w-    c:\windows\system32\tzres.dll
2011-12-15 01:21 . 2011-11-05 04:26    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2011-12-14 21:10 . 2011-12-14 21:10    --------    d-----w-    c:\users\six\AppData\Local\PokerStars
2011-12-14 21:05 . 2011-12-14 21:10    --------    d-----w-    c:\program files (x86)\PokerStars
2011-12-13 20:34 . 2011-12-13 20:34    --------    d-----w-    C:\Temp
2011-12-13 20:31 . 2012-01-09 09:29    --------    d-----w-    c:\users\six\AppData\Local\Samsung
2011-12-13 20:31 . 2011-12-13 20:31    --------    d-----w-    c:\users\six\AppData\Roaming\Samsung
2011-12-13 20:28 . 2011-11-29 15:39    4659712    ----a-w-    c:\windows\SysWow64\Redemption.dll
2011-12-13 20:28 . 2011-12-13 20:28    --------    d-----w-    c:\program files (x86)\MarkAny
2011-12-13 20:28 . 2011-11-29 15:38    821824    ----a-w-    c:\windows\SysWow64\dgderapi.dll
2011-12-13 20:27 . 2011-12-13 20:29    --------    d-----w-    c:\program files (x86)\Samsung
2011-12-13 20:27 . 2011-12-13 20:29    --------    d-----w-    c:\programdata\Samsung
2011-12-13 20:26 . 2011-12-13 20:26    --------    d-----w-    c:\users\six\AppData\Local\Downloaded Installations
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-20 10:25 . 2011-11-05 03:25    414368    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-29 15:38 . 2011-11-29 15:38    90112    ----a-w-    c:\windows\MAMCityDownload.ocx
2011-11-29 15:38 . 2011-11-29 15:38    325552    ----a-w-    c:\windows\MASetupCaller.dll
2011-11-29 15:38 . 2011-11-29 15:38    30568    ----a-w-    c:\windows\MusiccityDownload.exe
2011-11-29 15:38 . 2011-11-29 15:38    974848    ----a-w-    c:\windows\SysWow64\cis-2.4.dll
2011-11-29 15:38 . 2011-11-29 15:38    81920    ----a-w-    c:\windows\SysWow64\issacapi_bs-2.3.dll
2011-11-29 15:38 . 2011-11-29 15:38    65536    ----a-w-    c:\windows\SysWow64\issacapi_pe-2.3.dll
2011-11-29 15:38 . 2011-11-29 15:38    57344    ----a-w-    c:\windows\SysWow64\MTXSYNCICON.dll
2011-11-29 15:38 . 2011-11-29 15:38    57344    ----a-w-    c:\windows\SysWow64\MK_Lyric.dll
2011-11-29 15:38 . 2011-11-29 15:38    57344    ----a-w-    c:\windows\SysWow64\issacapi_se-2.3.dll
2011-11-29 15:38 . 2011-11-29 15:38    569344    ----a-w-    c:\windows\SysWow64\muzdecode.ax
2011-11-29 15:38 . 2011-11-29 15:38    491520    ----a-w-    c:\windows\SysWow64\muzapp.dll
2011-11-29 15:38 . 2011-11-29 15:38    49152    ----a-w-    c:\windows\SysWow64\MaJGUILib.dll
2011-11-29 15:38 . 2011-11-29 15:38    45056    ----a-w-    c:\windows\SysWow64\MaXMLProto.dll
2011-11-29 15:38 . 2011-11-29 15:38    45056    ----a-w-    c:\windows\SysWow64\MACXMLProto.dll
2011-11-29 15:38 . 2011-11-29 15:38    40960    ----a-w-    c:\windows\SysWow64\MTTELECHIP.dll
2011-11-29 15:38 . 2011-11-29 15:38    40960    ----a-w-    c:\windows\SysWow64\MAMACExtract.dll
2011-11-29 15:38 . 2011-11-29 15:38    352256    ----a-w-    c:\windows\SysWow64\MSLUR71.dll
2011-11-29 15:38 . 2011-11-29 15:38    258048    ----a-w-    c:\windows\SysWow64\muzoggsp.ax
2011-11-29 15:38 . 2011-11-29 15:38    245760    ----a-w-    c:\windows\SysWow64\MSCLib.dll
2011-11-29 15:38 . 2011-11-29 15:38    24576    ----a-w-    c:\windows\SysWow64\MASetupCleaner.exe
2011-11-29 15:38 . 2011-11-29 15:38    200704    ----a-w-    c:\windows\SysWow64\muzwmts.dll
2011-11-29 15:38 . 2011-11-29 15:38    155648    ----a-w-    c:\windows\SysWow64\MSFLib.dll
2011-11-29 15:38 . 2011-11-29 15:38    143360    ----a-w-    c:\windows\SysWow64\3DAudio.ax
2011-11-29 15:38 . 2011-11-29 15:38    135168    ----a-w-    c:\windows\SysWow64\muzaf1.dll
2011-11-29 15:38 . 2011-11-29 15:38    131072    ----a-w-    c:\windows\SysWow64\muzmpgsp.ax
2011-11-29 15:38 . 2011-11-29 15:38    122880    ----a-w-    c:\windows\SysWow64\muzeffect.ax
2011-11-29 15:38 . 2011-11-29 15:38    118784    ----a-w-    c:\windows\SysWow64\MaDRM.dll
2011-11-29 15:38 . 2011-11-29 15:38    110592    ----a-w-    c:\windows\SysWow64\muzmp4sp.ax
2011-11-24 21:23 . 2011-11-24 21:23    203320    ----a-w-    c:\windows\system32\drivers\ssudobex.sys
2011-11-24 21:23 . 2011-11-24 21:23    203320    ----a-w-    c:\windows\system32\drivers\ssudmdm.sys
2011-11-24 21:23 . 2011-11-24 21:23    98616    ----a-w-    c:\windows\system32\drivers\ssudbus.sys
2011-11-08 18:40 . 2011-11-05 15:30    660368    ----a-w-    c:\windows\system32\deployJava1.dll
2011-11-07 18:40 . 2011-11-07 18:40    472808    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2011-11-07 13:20 . 2011-03-28 17:36    18328    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-05 20:12 . 2011-11-05 20:12    419840    ----a-w-    c:\windows\system32\wrap_oal.dll
2011-11-05 20:12 . 2011-11-05 20:12    413696    ----a-w-    c:\windows\SysWow64\wrap_oal.dll
2011-11-05 20:12 . 2011-11-05 20:12    133632    ----a-w-    c:\windows\system32\OpenAL32.dll
2011-11-05 20:12 . 2011-11-05 20:12    110592    ----a-w-    c:\windows\SysWow64\OpenAL32.dll
2011-11-05 04:02 . 2009-07-14 02:36    152576    ----a-w-    c:\windows\SysWow64\msclmd.dll
2011-11-05 04:02 . 2009-07-14 02:36    175616    ----a-w-    c:\windows\system32\msclmd.dll
2011-11-05 02:22 . 2011-11-05 02:22    86528    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2011-11-05 02:22 . 2011-11-05 02:22    76800    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2011-11-05 02:22 . 2011-11-05 02:22    74752    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-11-05 02:22 . 2011-11-05 02:22    74752    ----a-w-    c:\windows\SysWow64\iesetup.dll
2011-11-05 02:22 . 2011-11-05 02:22    63488    ----a-w-    c:\windows\SysWow64\tdc.ocx
2011-11-05 02:22 . 2011-11-05 02:22    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2011-11-05 02:22 . 2011-11-05 02:22    420864    ----a-w-    c:\windows\SysWow64\vbscript.dll
2011-11-05 02:22 . 2011-11-05 02:22    367104    ----a-w-    c:\windows\SysWow64\html.iec
2011-11-05 02:22 . 2011-11-05 02:22    35840    ----a-w-    c:\windows\SysWow64\imgutil.dll
2011-11-05 02:22 . 2011-11-05 02:22    23552    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2011-11-05 02:22 . 2011-11-05 02:22    161792    ----a-w-    c:\windows\SysWow64\msls31.dll
2011-11-05 02:22 . 2011-11-05 02:22    152064    ----a-w-    c:\windows\SysWow64\wextract.exe
2011-11-05 02:22 . 2011-11-05 02:22    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2011-11-05 02:22 . 2011-11-05 02:22    142848    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2011-11-05 02:22 . 2011-11-05 02:22    11776    ----a-w-    c:\windows\SysWow64\mshta.exe
2011-11-05 02:22 . 2011-11-05 02:22    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2011-11-05 02:22 . 2011-11-05 02:22    101888    ----a-w-    c:\windows\SysWow64\admparse.dll
2011-11-05 02:22 . 2011-11-05 02:22    91648    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2011-11-05 02:22 . 2011-11-05 02:22    89088    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2011-11-05 02:22 . 2011-11-05 02:22    85504    ----a-w-    c:\windows\system32\iesetup.dll
2011-11-05 02:22 . 2011-11-05 02:22    76800    ----a-w-    c:\windows\system32\tdc.ocx
2011-11-05 02:22 . 2011-11-05 02:22    603648    ----a-w-    c:\windows\system32\vbscript.dll
2011-11-05 02:22 . 2011-11-05 02:22    49664    ----a-w-    c:\windows\system32\imgutil.dll
2011-11-05 02:22 . 2011-11-05 02:22    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2011-11-05 02:22 . 2011-11-05 02:22    448512    ----a-w-    c:\windows\system32\html.iec
2011-11-05 02:22 . 2011-11-05 02:22    30720    ----a-w-    c:\windows\system32\licmgr10.dll
2011-11-05 02:22 . 2011-11-05 02:22    222208    ----a-w-    c:\windows\system32\msls31.dll
2011-11-05 02:22 . 2011-11-05 02:22    173056    ----a-w-    c:\windows\system32\ieUnatt.exe
2011-11-05 02:22 . 2011-11-05 02:22    165888    ----a-w-    c:\windows\system32\iexpress.exe
2011-11-05 02:22 . 2011-11-05 02:22    160256    ----a-w-    c:\windows\system32\wextract.exe
2011-11-05 02:22 . 2011-11-05 02:22    135168    ----a-w-    c:\windows\system32\IEAdvpack.dll
2011-11-05 02:22 . 2011-11-05 02:22    12288    ----a-w-    c:\windows\system32\mshta.exe
2011-11-05 02:22 . 2011-11-05 02:22    114176    ----a-w-    c:\windows\system32\admparse.dll
2011-11-05 02:22 . 2011-11-05 02:22    111616    ----a-w-    c:\windows\system32\iesysprep.dll
2011-11-05 00:45 . 2009-06-28 23:36    28704    ----a-w-    c:\windows\system32\drivers\nvsmu.sys
2011-11-05 00:45 . 2009-06-26 15:15    167936    ----a-w-    c:\windows\system32\NVCOSMU.DLL
2011-11-05 00:45 . 2009-06-26 15:15    539168    ----a-w-    c:\windows\system32\nvusmu.exe
2011-11-05 00:44 . 2011-11-05 00:45    704000    ----a-w-    c:\windows\system32\cohelper.dll
2011-11-05 00:44 . 2009-07-01 11:20    339744    ----a-w-    c:\windows\system32\drivers\nvmf6264.sys
2011-11-05 00:44 . 2009-07-01 10:55    898560    ----a-w-    c:\windows\system32\fdco1.dll
2011-11-05 00:44 . 2009-07-01 06:00    845736    ----a-w-    c:\windows\system32\eDPInst.exe
2011-11-05 00:44 . 2009-06-30 23:42    167936    ----a-w-    c:\windows\system32\nvconrm.dll
2011-11-05 00:44 . 2009-06-30 23:42    539168    ----a-w-    c:\windows\system32\nvunrm.exe
2011-10-26 03:05 . 2011-10-26 03:05    10496512    ----a-w-    c:\windows\system32\drivers\atikmdag.sys
2011-10-26 02:16 . 2011-10-26 02:16    24866816    ----a-w-    c:\windows\system32\atio6axx.dll
2011-10-26 02:06 . 2011-10-26 02:06    159744    ----a-w-    c:\windows\system32\atiapfxx.exe
2011-10-26 02:05 . 2011-09-08 17:34    748544    ----a-w-    c:\windows\SysWow64\aticfx32.dll
2011-10-26 02:04 . 2011-09-08 17:32    892416    ----a-w-    c:\windows\system32\aticfx64.dll
2011-10-26 02:01 . 2011-10-26 02:01    466944    ----a-w-    c:\windows\system32\ATIDEMGX.dll
2011-10-26 02:01 . 2011-10-26 02:01    517120    ----a-w-    c:\windows\system32\atieclxx.exe
2011-10-26 02:00 . 2011-10-26 02:00    204288    ----a-w-    c:\windows\system32\atiesrxx.exe
2011-10-26 01:59 . 2011-10-26 01:59    18757120    ----a-w-    c:\windows\SysWow64\atioglxx.dll
2011-10-26 01:59 . 2011-10-26 01:59    120320    ----a-w-    c:\windows\system32\atitmm64.dll
2011-10-26 01:59 . 2011-10-26 01:59    423424    ----a-w-    c:\windows\system32\atipdl64.dll
2011-10-26 01:59 . 2011-10-26 01:59    356352    ----a-w-    c:\windows\SysWow64\atipdlxx.dll
2011-10-26 01:59 . 2011-10-26 01:59    278528    ----a-w-    c:\windows\SysWow64\Oemdspif.dll
2011-10-26 01:58 . 2011-10-26 01:58    21504    ----a-w-    c:\windows\system32\atimuixx.dll
2011-10-26 01:58 . 2011-10-26 01:58    59392    ----a-w-    c:\windows\system32\atiedu64.dll
2011-10-26 01:58 . 2011-10-26 01:58    43520    ----a-w-    c:\windows\SysWow64\ati2edxx.dll
.
.
(((((((((((((((((((((((((((((   SnapShot_2012-01-09_17.35.18   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-01-09 22:25    16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2009-07-14 04:55    16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2009-07-14 04:55    32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-09 22:25    32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2009-07-14 04:55    16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-09 22:25    16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-14 05:16 . 2012-01-12 10:54    39310              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-12 10:54    39676              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:46 . 2012-01-12 10:33    88160              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-01-10 02:14 . 2012-01-10 02:14    10240              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Serializ#\57216ad7373e6d7baa598d1d66a08c23\System.Xml.Serialization.ni.dll
+ 2012-01-10 02:13 . 2012-01-10 02:13    70656              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml.Hosting\45480e8b49a609bd6c799fbadda3544f\System.Xaml.Hosting.ni.dll
+ 2012-01-10 02:13 . 2012-01-10 02:13    43520              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\b6170e7fb00f4636b75d98d3e1c2cf9a\System.Windows.Presentation.ni.dll
+ 2012-01-10 02:13 . 2012-01-10 02:13    26112              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Routing\1b0839626a59638263d1a275ae4715ca\System.Web.Routing.ni.dll
+ 2012-01-10 02:13 . 2012-01-10 02:13    53760              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DynamicD#\28585656c63b7e5cfba706349f7036fb\System.Web.DynamicData.Design.ni.dll
+ 2012-01-10 02:10 . 2012-01-10 02:10    86016              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\c94c2374ecd83995e6a3b67b076dceb9\System.Web.ApplicationServices.ni.dll
+ 2012-01-10 02:13 . 2012-01-10 02:13    26112              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Abstract#\3541905d4ad49ba1cff5f8629cc8251b\System.Web.Abstractions.ni.dll
+ 2012-01-10 02:13 . 2012-01-10 02:13    13824              c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\2d66dcc0b10bebdb29f68496179a31bf\System.ServiceModel.ServiceMoniker40.ni.dll
+ 2012-01-10 02:11 . 2012-01-10 02:11    97792              c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn.Contra#\b773d45385c63d887737f7364e52e4ee\System.AddIn.Contract.ni.dll
+ 2012-01-10 02:08 . 2012-01-10 02:08    47616              c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Workflow.#\474f13c6ce6de8eae6fac7ad5411d803\Microsoft.Workflow.Compiler.ni.exe
+ 2012-01-10 02:08 . 2012-01-10 02:08    14336              c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\0e3bacb206b50cf80b7d47de2f21a39e\Microsoft.VisualC.ni.dll
+ 2012-01-10 02:07 . 2012-01-10 02:07    10752              c:\windows\assembly\NativeImages_v4.0.30319_64\dfsvc\51567965249be433a81c10cae15c9ae5\dfsvc.ni.exe
+ 2012-01-10 02:07 . 2012-01-10 02:07    58368              c:\windows\assembly\NativeImages_v4.0.30319_64\Accessibility\7ffe31ae2c8aa9fbd90ec52440059b75\Accessibility.ni.dll
- 2011-11-08 14:09 . 2012-01-09 10:09    9290              c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-11-08 14:09 . 2012-01-10 08:08    9290              c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-11-05 00:33 . 2012-01-12 10:54    8428              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2059813294-1679485015-2318070993-1000_UserData.bin
- 2012-01-09 17:34 . 2012-01-09 17:34    2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-12 10:52 . 2012-01-12 10:52    2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-12 10:52 . 2012-01-12 10:52    2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-09 17:34 . 2012-01-09 17:34    2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-14 07:38 . 2012-01-12 03:41    247376              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 05:01 . 2012-01-09 17:32    363164              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-12 10:50    363164              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-11-05 03:24 . 2010-11-20 13:27    465920              c:\windows\ehome\mstvcapn.dll
+ 2012-01-11 08:01 . 2011-10-29 05:23    465920              c:\windows\ehome\mstvcapn.dll
+ 2012-01-10 02:14 . 2012-01-10 02:14    553984              c:\windows\assembly\NativeImages_v4.0.30319_64\XamlBuildTask\9551c11414035545ed4ac9507661200d\XamlBuildTask.ni.dll
+ 2012-01-10 02:08 . 2012-01-10 02:08    462336              c:\windows\assembly\NativeImages_v4.0.30319_64\WsatConfig\02fc1b5b78d308fb25fb633bc7b274f8\WsatConfig.ni.exe
+ 2012-01-10 02:14 . 2012-01-10 02:14    336896              c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\6414985b59eef6d594e51de99b0c93cf\WindowsFormsIntegration.ni.dll
+ 2012-01-10 02:11 . 2012-01-10 02:11    231424              c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationTypes\f2f2e91b338350a8cb56b83d7e6a4331\UIAutomationTypes.ni.dll
+ 2012-01-10 02:11 . 2012-01-10 02:11    122368              c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationProvider\11bb813c8dc42eb003b35b4019833d65\UIAutomationProvider.ni.dll
+ 2012-01-10 02:14 . 2012-01-10 02:14    645120              c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\d82644b33ef1d1b1b21aca574d41a3ed\UIAutomationClient.ni.dll
+ 2012-01-10 02:09 . 2012-01-10 02:09    528896              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\774b24b658c2ec79e05ea7846f2095df\System.Xml.Linq.ni.dll
+ 2012-01-10 02:11 . 2012-01-10 02:11    256000              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\61d845b154ab7c094d41f34e51c93ba2\System.Windows.Input.Manipulations.ni.dll
+ 2012-01-10 02:13 . 2012-01-10 02:13    244736              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\155d40ec3a5a8effa75cc49f6109e00e\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2012-01-10 02:11 . 2012-01-10 02:11    314880              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.RegularE#\2a5b3b8c4a3e329d06568294fb4fff47\System.Web.RegularExpressions.ni.dll
+ 2012-01-10 02:13 . 2012-01-10 02:13    451072              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Entity\58d6014a3d2bf8cec1b20fff1090dee2\System.Web.Entity.ni.dll
+ 2012-01-10 02:13 . 2012-01-10 02:13    367104              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Entity.D#\9f20099c00b4bfe1028cffb6d77e77e9\System.Web.Entity.Design.ni.dll
+ 2012-01-10 02:13 . 2012-01-10 02:13    973824              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DynamicD#\bce70176ac8b9af7395ce2381f0cecb3\System.Web.DynamicData.ni.dll
+ 2012-01-10 02:13 . 2012-01-10 02:13    331264              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DataVisu#\84a08af8e5e796596c40362916b082e0\System.Web.DataVisualization.Design.ni.dll
+ 2012-01-10 02:10 . 2012-01-10 02:10    903168              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\f72b46268a709c0b7f96784d0cf58d7d\System.Transactions.ni.dll
+ 2012-01-10 02:11 . 2012-01-10 02:11    281088              c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\fc14e8d62ec5a9ff251cdb8a202bf40e\System.ServiceProcess.ni.dll
+ 2012-01-10 02:13 . 2012-01-10 02:13    517120              c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\bbe413203a25cfa61328d3914944347c\System.ServiceModel.Routing.ni.dll
+ 2012-01-10 02:12 . 2012-01-10 02:12    587264              c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\ab730d2a25ce517d0ca86ba601d33566\System.ServiceModel.Activation.ni.dll
+ 2012-01-10 02:13 . 2012-01-10 02:13    108032              c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\3b4cb53b32aacc5a8f26bf68ffa1faec\System.ServiceModel.Channels.ni.dll
+ 2012-01-10 02:08 . 2012-01-10 02:08    946688              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\f4bd592d2045f06abfbdc68a27755e7e\System.Security.ni.dll
+ 2012-01-10 02:11 . 2012-01-10 02:11    376832              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\06e388c829239feed16fda7eb89c51c4\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-01-10 02:10 . 2012-01-10 02:10    995328              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\065fc5235c5b744ece0dacb7055b4883\System.Runtime.Remoting.ni.dll
+ 2012-01-10 02:10 . 2012-01-10 02:10    311296              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Cach#\f6749fb25e20448abe7476fdbb03f949\System.Runtime.Caching.ni.dll
+ 2012-01-10 02:08 . 2012-01-10 02:08    176640              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\bbebbbafc55031c36374fb546047a4b4\System.Numerics.ni.dll
+ 2012-01-10 02:13 . 2012-01-10 02:13    933376              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\c12bc191fe39648b4af277f265215d36\System.Net.ni.dll
+ 2012-01-10 02:12 . 2012-01-10 02:12    781824              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\861d827a51624a7d4837ba8892872634\System.Messaging.ni.dll
+ 2012-01-10 02:13 . 2012-01-10 02:13    521728              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\f930df93e53cdc050d23fc8851bd0d0e\System.Management.Instrumentation.ni.dll
+ 2012-01-10 02:13 . 2012-01-10 02:13    531456              c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\2ecbf5384c08137c9f9a7dc9d6ebb0e3\System.IO.Log.ni.dll
+ 2012-01-10 02:12 . 2012-01-10 02:12    290816              c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\b42d39fe4ec4285b9a4766a9132f0502\System.IdentityModel.Selectors.ni.dll
+ 2012-01-10 02:10 . 2012-01-10 02:10    348672              c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\1456a68b6712f42c8bb906616edc6be0\System.EnterpriseServices.Wrapper.dll
+ 2012-01-10 02:08 . 2012-01-10 02:08    512000              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\4f1a4cec3ac19e2d82ae2377f3cb0b80\System.Dynamic.ni.dll
+ 2012-01-10 02:11 . 2012-01-10 02:11    289792              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing.Desi#\755e039d194043ca085d94acde2cb239\System.Drawing.Design.ni.dll
+ 2012-01-10 02:11 . 2012-01-10 02:11    632832              c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\8664bfa1caba390feb1ec769e5f409f8\System.DirectoryServices.Protocols.ni.dll
+ 2012-01-10 02:13 . 2012-01-10 02:13    141824              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\0e2dbb486563b408269b6589fa4c9f98\System.Device.ni.dll
+ 2012-01-10 02:13 . 2012-01-10 02:13    662016              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\461083d1bf9024de2e715ac02194c9e6\System.Data.Services.Design.ni.dll
+ 2012-01-10 02:11 . 2012-01-10 02:11    176128              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\e7017ebc9947670447563d6c8b98c0fb\System.Data.DataSetExtensions.ni.dll
+ 2012-01-10 02:11 . 2012-01-10 02:11    181760              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\9ecf4eab2ee917353cde9c4bc56473ba\System.Configuration.Install.ni.dll
+ 2012-01-10 02:11 . 2012-01-10 02:11    255488              c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\2ca9e241a810cdcb3ffdf6726a7fdf26\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-01-10 02:11 . 2012-01-10 02:11    865792              c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\a7fc3036cf7d4b6b593bef6c64ad03ab\System.AddIn.ni.dll
+ 2012-01-10 02:11 . 2012-01-10 02:11    560640              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\258825c6fcbfb9851acf1b3c37a25d2e\System.Activities.DurableInstancing.ni.dll
+ 2012-01-10 02:08 . 2012-01-10 02:08    432640              c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\622f29e0f5b6e94f8164ac66d355834e\SMSvcHost.ni.exe
+ 2012-01-10 02:10 . 2012-01-10 02:10    185344              c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\e722f71f816e903540cd5b17b0e3094e\SMDiagnostics.ni.dll
+ 2012-01-10 02:09 . 2012-01-10 02:09    622592              c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\f8bbb5d6aae3e6c9e6bb3b45d94c1470\PresentationFramework.Aero.ni.dll
+ 2012-01-10 02:09 . 2012-01-10 02:09    428032              c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\b45f13f754e8c6749a606556ebc75b55\PresentationFramework.Royale.ni.dll
+ 2012-01-10 02:09 . 2012-01-10 02:09    352256              c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\b2a4c30d9508cd544b15832ea7603b5d\PresentationFramework.Classic.ni.dll
+ 2012-01-10 02:09 . 2012-01-10 02:09    802304              c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\021007e5fa4f312ad6f5c5f0bfcc9a07\PresentationFramework.Luna.ni.dll
+ 2012-01-10 02:08 . 2012-01-10 02:08    364544              c:\windows\assembly\NativeImages_v4.0.30319_64\MSBuild\9efd9cabb002bd9490504b9fbbad6d36\MSBuild.ni.exe
+ 2012-01-10 02:08 . 2012-01-10 02:08    289280              c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\b2b94408fed68a0f220f7a47d3d15860\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-01-10 02:08 . 2012-01-10 02:08    600064              c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\e53165794e1f987b244762d83801b76d\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-01-10 02:08 . 2012-01-10 02:08    851456              c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Uti#\b2abdc4941cd19a19081f974f158d726\Microsoft.Build.Utilities.v4.0.ni.dll
+ 2012-01-10 02:08 . 2012-01-10 02:08    353792              c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Fra#\8202336061aa6f176b87d3f600b59968\Microsoft.Build.Framework.ni.dll
+ 2012-01-10 02:08 . 2012-01-10 02:08    279552              c:\windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\6cf8156ce369f2886320b47fdec85cba\CustomMarshalers.ni.dll
+ 2012-01-10 02:07 . 2012-01-10 02:07    661504              c:\windows\assembly\NativeImages_v4.0.30319_64\ComSvcConfig\841f6b660cc90abf5148c18be9532b9b\ComSvcConfig.ni.exe
- 2009-07-14 04:45 . 2012-01-06 01:43    5984148              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-01-11 15:56    5984148              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2011-11-05 01:13 . 2012-01-09 17:32    1627576              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-11-05 01:13 . 2012-01-12 10:50    1627576              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-12 01:35 . 2009-07-12 01:35    2736640              c:\windows\Installer\7561cf.msi
+ 2012-01-10 02:08 . 2012-01-10 02:08    5272064              c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\f6ec5b27f8053fbc4ae24fc09a56ca61\WindowsBase.ni.dll
+ 2012-01-10 02:14 . 2012-01-10 02:14    1430016              c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\266508b7707a62d3af7c4640be03d497\UIAutomationClientsideProviders.ni.dll
+ 2012-01-10 02:07 . 2012-01-10 02:07    7037952              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\a71acde0777cdbde509850fd82cea5c6\System.Xml.ni.dll
+ 2012-01-10 02:08 . 2012-01-10 02:08    2449408              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\ad1602d53a6672158d1ce919698fab5b\System.Xaml.ni.dll
+ 2012-01-10 02:14 . 2012-01-10 02:14    1601024              c:\windows\assembly\NativeImages_v4.0.30319_64\System.WorkflowServ#\faa9dc5a9c09ee8f57e899f7a3d33bde\System.WorkflowServices.ni.dll
+ 2012-01-10 02:14 . 2012-01-10 02:14    2887680              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Workflow.Run#\0a01dd406e0d333baf1429d3855107c3\System.Workflow.Runtime.ni.dll
+ 2012-01-10 02:13 . 2012-01-10 02:13    5909504              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Workflow.Com#\c29fd10852653029954a6987b2a10ea8\System.Workflow.ComponentModel.ni.dll
+ 2012-01-10 02:13 . 2012-01-10 02:13    3743744              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Workflow.Act#\04bd154a4db04e9d037d956962ff9093\System.Workflow.Activities.ni.dll
+ 2012-01-10 02:13 . 2012-01-10 02:13    5627904              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\fd706d068f8af6806b8950237176aa85\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-01-10 02:10 . 2012-01-10 02:10    2287104              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\813077bca2f206696d5c05f92312368b\System.Web.Services.ni.dll
+ 2012-01-10 02:13 . 2012-01-10 02:13    2964480              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Mobile\a47a00d0a8eb801b65972326f46996be\System.Web.Mobile.ni.dll
+ 2012-01-10 02:13 . 2012-01-10 02:13    1100800              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Extensio#\51b902067bdf751b236d51b1cbd4f5bf\System.Web.Extensions.Design.ni.dll
+ 2012-01-10 02:13 . 2012-01-10 02:13    3805184              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Extensio#\24fc561aebe434bfe9e8c0527929ae43\System.Web.Extensions.ni.dll
+ 2012-01-10 02:13 . 2012-01-10 02:13    5599232              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DataVisu#\881bc593c47c6b0bb2bcd32a02058af2\System.Web.DataVisualization.ni.dll
+ 2012-01-10 02:13 . 2012-01-10 02:13    2736128              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\9aa2587740c2d917a1c302818174155c\System.Speech.ni.dll
+ 2012-01-10 02:13 . 2012-01-10 02:13    1579008              c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\f6fd9a082eee4b2cfe36f34d4f681a24\System.ServiceModel.Discovery.ni.dll
+ 2012-01-10 02:13 . 2012-01-10 02:13    1918976              c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\d2a2d97095b4ae95e8aa4d3a40b7f008\System.ServiceModel.Activities.ni.dll
+ 2012-01-10 02:12 . 2012-01-10 02:12    1506816              c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\3df6feb4fd893a71ecdb2a4e60edb332\System.ServiceModel.Web.ni.dll
+ 2012-01-10 02:10 . 2012-01-10 02:10    3412992              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\df367a5a9c437c213f7cb9924517f4e9\System.Runtime.Serialization.ni.dll
+ 2012-01-10 02:10 . 2012-01-10 02:10    1348096              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\b4b188ba77a9f08105ba9a3f9f1959b6\System.Runtime.DurableInstancing.ni.dll
+ 2012-01-10 02:11 . 2012-01-10 02:11    1473536              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\10b06d99a8efe741487b4efb66e4dae5\System.Printing.ni.dll
+ 2012-01-10 02:13 . 2012-01-10 02:13    1470464              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\b772e708b7a29fe6a8ee87fdc5a64e3a\System.Management.ni.dll
+ 2012-01-10 02:12 . 2012-01-10 02:12    1416192              c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\3c97c5cb736a9080b61ed1f00ad5bf60\System.IdentityModel.ni.dll
+ 2012-01-10 02:10 . 2012-01-10 02:10    1098752              c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\1456a68b6712f42c8bb906616edc6be0\System.EnterpriseServices.ni.dll
+ 2012-01-10 02:09 . 2012-01-10 02:09    2290688              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\0a3965da5c2b2b1c7e474616597c83ce\System.Drawing.ni.dll
+ 2012-01-10 02:13 . 2012-01-10 02:13    1217536              c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\d0d3f6f44b93395c3e2691b0729a675a\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-01-10 02:10 . 2012-01-10 02:10    1622528              c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\0ecb336503adf9ff81d52f1c52a8b0e3\System.DirectoryServices.ni.dll
+ 2012-01-10 02:11 . 2012-01-10 02:11    2402816              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\40a380f9b4e32035c78236b9f9165af0\System.Deployment.ni.dll
+ 2012-01-10 02:10 . 2012-01-10 02:10    8637440              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\4d7c642122d1fb112948b0a9e596810e\System.Data.ni.dll
+ 2012-01-10 02:07 . 2012-01-10 02:07    3390976              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\3d8a93ad36d48ac8cfcfd332b89ab73f\System.Data.SqlXml.ni.dll
+ 2012-01-10 02:12 . 2012-01-10 02:12    2702848              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Services\55f7a2e3dacff14a6945f076b23ad146\System.Data.Services.ni.dll
+ 2012-01-10 02:13 . 2012-01-10 02:13    1798656              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\38c772a646a36e06dd6068c8d853eee6\System.Data.Services.Client.ni.dll
+ 2012-01-10 02:11 . 2012-01-10 02:11    1498112              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.OracleC#\023197b2b4deecb5743c4bffff90fa7a\System.Data.OracleClient.ni.dll
+ 2012-01-10 02:12 . 2012-01-10 02:12    3386368              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\880073ae7d3e00cacae57f6bf3009ccc\System.Data.Linq.ni.dll
+ 2012-01-10 02:12 . 2012-01-10 02:12    1750528              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity.#\632c8d09056a34940af32537385c38a8\System.Data.Entity.Design.ni.dll
+ 2012-01-10 02:07 . 2012-01-10 02:07    1257472              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\529a8b5fe32ad817d9101ea5230c2893\System.Configuration.ni.dll
+ 2012-01-10 02:11 . 2012-01-10 02:11    1007616              c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\b522be70b2689db864f694c7eeffcdf1\System.ComponentModel.Composition.ni.dll
+ 2012-01-10 02:11 . 2012-01-10 02:11    5695488              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\420b2c2cb1ea6c8fa32cc233e93a802c\System.Activities.ni.dll
+ 2012-01-10 02:11 . 2012-01-10 02:11    5059072              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\2931cb6898d749f39973c979df80e13b\System.Activities.Presentation.ni.dll
+ 2012-01-10 02:11 . 2012-01-10 02:11    2076160              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\39b82f90b5ef18190422131cf8b28d27\System.Activities.Core.Presentation.ni.dll
+ 2012-01-10 02:11 . 2012-01-10 02:11    4237824              c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\0fd34f2ca4ae714dd30e028e1d88add2\ReachFramework.ni.dll
+ 2012-01-10 02:09 . 2012-01-10 02:09    2062848              c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\2de054b7a55657dda8fec991b57da845\PresentationUI.ni.dll
+ 2012-01-10 02:08 . 2012-01-10 02:08    1891328              c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationBuildTa#\88e022ab366a65cf9f04090679af7692\PresentationBuildTasks.ni.dll
+ 2012-01-10 02:08 . 2012-01-10 02:08    1824256              c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\a0f9aa19537b9b97a7d38fead12391a1\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-01-10 02:08 . 2012-01-10 02:08    2317312              c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\370230ff0e66322fcd97195d40ab2b75\Microsoft.VisualBasic.ni.dll
+ 2012-01-10 02:08 . 2012-01-10 02:08    1623040              c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\11bed65c25eb6a8caa92ec4a3e502153\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-01-10 02:08 . 2012-01-10 02:08    1527296              c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\5470ae9e1991f145f40d90e31901937a\Microsoft.Transactions.Bridge.ni.dll
+ 2012-01-10 02:13 . 2012-01-10 02:13    3313664              c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\f87b6cab6a6b7307cce838f6afaa321c\Microsoft.JScript.ni.dll
+ 2012-01-10 02:08 . 2012-01-10 02:08    2009600              c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\bf1137a034f89c26906598bcf53270f7\Microsoft.CSharp.ni.dll
+ 2012-01-10 02:08 . 2012-01-10 02:08    6004736              c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build\440b6cbc564837ac19b2ab9c9b5f5c17\Microsoft.Build.ni.dll
+ 2012-01-10 02:11 . 2012-01-10 02:11    3821056              c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Tas#\bcd9962d81ea84f62121b8851f1faf62\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2012-01-10 02:08 . 2012-01-10 02:08    2521088              c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Eng#\78dcae8f78ee65e46a952031fe23569b\Microsoft.Build.Engine.ni.dll
+ 2012-01-10 02:07 . 2012-01-10 02:07    1007104              c:\windows\assembly\NativeImages_v4.0.30319_64\AspNetMMCExt\996d0b9488ea7094be8eb1257f444e1a\AspNetMMCExt.ni.dll
+ 2009-10-14 05:12 . 2012-01-11 15:51    54008112              c:\windows\system32\MRT.exe
+ 2011-11-05 03:55 . 2012-01-12 10:50    58459965              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2059813294-1679485015-2318070993-1000-12288.dat
+ 2012-01-10 14:29 . 2012-01-10 14:29    27089408              c:\windows\Installer\7561b7.msi
+ 2012-01-10 02:11 . 2012-01-10 02:11    17290752              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\fc55c258eeea5cb2f568796bb0c21d55\System.Windows.Forms.ni.dll
+ 2012-01-10 02:10 . 2012-01-10 02:10    15766016              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web\fb6b05512d0ffebfcb75dc7760c34c54\System.Web.ni.dll
+ 2012-01-10 02:12 . 2012-01-10 02:12    24567808              c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\bfc674488c53374ff65ae2158ad69f1c\System.ServiceModel.ni.dll
+ 2012-01-10 02:10 . 2012-01-10 02:10    13302784              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Design\238b19885812d199b30b50437a801531\System.Design.ni.dll
+ 2012-01-10 02:12 . 2012-01-10 02:12    18480128              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\da4939ec82b1ec21329d175b70cf9090\System.Data.Entity.ni.dll
+ 2012-01-10 02:08 . 2012-01-10 02:08    10439168              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\1733716b44dcf9c3c0814166e0743f3c\System.Core.ni.dll
+ 2012-01-10 02:09 . 2012-01-10 02:09    24433664              c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\71284cc0346b9e8e66db2e11fa768e4e\PresentationFramework.ni.dll
+ 2012-01-10 02:09 . 2012-01-10 02:09    15943168              c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\a43e42a91c0fce9c6b7116fb74792607\PresentationCore.ni.dll
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"XWidget"="c:\program files (x86)\XWidget\xwidget.exe" [2011-11-19 4785664]
"Unified Remote v2"="c:\program files (x86)\Unified Remote\RemoteServer.exe" [2011-12-02 226816]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-01-04 937872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-25 343168]
"Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-01-04 3508624]
.
c:\users\six\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Murmur.lnk - c:\windows\Installer\{CEECECD5-A430-4451-8D62-7C4ACB30F93B}\murmur.ico [2011-11-5 9326]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Blue Manager Suite.lnk -  [N/A]
BTTray.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2008-8-18 835624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages    REG_MULTI_SZ       kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 btiaa2dp;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btiaa2dp.sys [x]
R3 BTiAPan;Bluetooth PAN Miniport;c:\windows\system32\DRIVERS\btiapan.sys [x]
R3 btiarcp;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btiarcp.sys [x]
R3 btiaspp;Bluetooth Serial driver;c:\windows\system32\DRIVERS\btiaspp.sys [x]
R3 BTIAUSB;Generic Bluetooth Device;c:\windows\system32\DRIVERS\btiausb.sys [x]
R3 BTPROT;Generic Bluetooth Filter;c:\windows\system32\DRIVERS\btprot.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 iAnywhere_btAudio;Bluetooth Virtual SCO Device;c:\windows\system32\drivers\btiasco.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2011-12-12 751464]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-10-25 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-02 2923392]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2059813294-1679485015-2318070993-1000Core.job
- c:\users\six\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-23 08:05]
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2059813294-1679485015-2318070993-1000UA.job
- c:\users\six\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-23 08:05]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-18 8067616]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"combofix"="c:\test\CF10122.3XE" [2010-11-20 345088]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\six\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\six\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Senden an &Bluetooth-Gerät... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Senden an Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\six\AppData\Roaming\Mozilla\Firefox\Profiles\mdsyc49z.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-74102706.sys
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2059813294-1679485015-2318070993-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2059813294-1679485015-2318070993-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2059813294-1679485015-2318070993-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*BUÕ]**€#]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2059813294-1679485015-2318070993-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*BUÕ]**€#\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Mumble\murmur.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-12  11:57:31 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-12 10:57
ComboFix2.txt  2012-01-09 17:40
ComboFix3.txt  2012-01-09 10:21
.
Vor Suchlauf: 7.823.081.472 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 10.580.262.912 Bytes frei
.
- - End Of File - - 457E0D09251065C113A3AD9C1DF65F6E
Seitenanfang Seitenende
12.01.2012, 18:08
Swisstreasure
Moderator

Beiträge: 5694
#25 Das sieht doch gut aus. Hast Du denn noch Beschwerden?
Seitenanfang Seitenende
12.01.2012, 18:29
bluepill
Member

Themenstarter

Beiträge: 15
#26 Gute Frage... kann ich noch nicht richtig beantworten.. Bis auf den selbstständigen Neustart heute Morgen Läuft der Rechner im Moment recht stabil aber ich mache zur Zeit auch nix großartiges daran. Ich werde mich mal dransetzen und ein wenig arbeiten und gucken ob noch lags oder irgend was anderes auftaucht.

Ich kann erstmal davon ausgehn das der Rechner clean aussieht ja?
Seitenanfang Seitenende
12.01.2012, 21:31
Swisstreasure
Moderator

Beiträge: 5694
#27 Ja sieht sauber aus. Aber melde Dich nochmals nach einige Tagen Belastung.
Seitenanfang Seitenende
13.01.2012, 18:23
bluepill
Member

Themenstarter

Beiträge: 15
#28 Alles klar
Ich dank dir vielmals für deine Hilfe und die Geduld ;) Ich beobachte die Sache jetzt noch ein paar Tage und melde mich dann nochmal zurück.

So long
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 12