Zurück   Trojaner-Board > Malware entfernen > Antiviren-, Firewall- und andere Schutzprogramme

Antiviren-, Firewall- und andere Schutzprogramme: Interpretierung Bericht Combofix

Windows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen.

Antwort
Alt 06.07.2010, 22:52   #1
McJoy
 
Interpretierung Bericht Combofix - Standard

Interpretierung Bericht Combofix



Liebe Fachlleute,
meine versteckten Datein waren trotz Aktivierung von "alle Datein und Ordner anzeigen" in den Ordneroptionen unter Ansicht nicht sichtbar (Windows XP). Ich habe nun auf Anraten eines Freundes "Combofix" ausgeführt, nachdem ich alle temporären Datein gelöscht und mein Antivirenprogramm (Kaspersky) sowie die Firewall deaktiviert hatte. Nach dem Entfernen eines Dateipfades und einem Neustart funktioniert die Anzeige der versteckten Datein auch wieder - JUCHU! Allerdings hieß es auf der Homepage von w*w.bleepingcomputer.com, von denen ich das Combofix habe, dass man das Script noch einmal von einem Fachmann durchschauen lassen sollte, für den Fall, dass noch Dinge gelöscht/modifiziert werden müssen, was durch das Programm noch nicht geschehen ist.

Was muss ich noch tun, damit evtl. vorhandene Viren/Spyprogramme komplett vom Rechner entfernt werden? Hier ist die von Combofix erstellte Text-Datei:
Combofix Logfile:
Code:
ATTFilter
ComboFix 10-07-06.01 - Andreas 06.07.2010  20:14:48.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1916.1478 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Andreas\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\Andreas\Anwendungsdaten\test

.
(((((((((((((((((((((((   Dateien erstellt von 2010-06-06 bis 2010-07-06  ))))))))))))))))))))))))))))))
.

2010-07-06 17:48 . 2010-07-06 17:48	--------	d-----w-	c:\programme\CleanUp!
2010-07-06 17:00 . 2010-01-27 11:51	767952	----a-w-	c:\windows\BDTSupport.dll
2010-07-06 17:00 . 2010-01-22 06:56	149456	----a-w-	c:\windows\SGDetectionTool.dll
2010-07-06 17:00 . 2008-11-26 09:08	131	----a-w-	c:\windows\IDB.zip
2010-07-06 17:00 . 2010-01-22 06:56	165840	----a-w-	c:\windows\PCTBDRes.dll
2010-07-06 17:00 . 2010-01-22 06:56	1652688	----a-w-	c:\windows\PCTBDCore.dll
2010-07-06 17:00 . 2009-10-27 22:36	1152444	----a-w-	c:\windows\UDB.zip
2010-07-06 16:57 . 2010-02-05 07:17	233136	----a-w-	c:\windows\system32\drivers\pctgntdi.sys
2010-07-06 16:56 . 2010-03-29 08:06	218592	----a-w-	c:\windows\system32\drivers\PCTCore.sys
2010-07-06 16:56 . 2009-11-23 11:54	88040	----a-w-	c:\windows\system32\drivers\PCTAppEvent.sys
2010-07-06 16:56 . 2010-04-08 12:29	63360	----a-w-	c:\windows\system32\drivers\pctplsg.sys
2010-07-06 16:56 . 2010-07-06 17:32	--------	d-----w-	c:\programme\Spyware Doctor
2010-07-06 16:56 . 2010-07-06 17:00	--------	d-----w-	c:\programme\Gemeinsame Dateien\PC Tools
2010-07-06 16:56 . 2010-07-06 16:56	--------	d-----w-	c:\dokumente und einstellungen\Andreas\Anwendungsdaten\PC Tools
2010-07-06 16:56 . 2010-07-06 16:56	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools
2010-07-06 16:56 . 2010-07-06 18:19	--------	d---a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2010-07-04 08:57 . 2010-07-04 08:57	--------	d-----w-	C:\test
2010-07-04 00:53 . 2010-07-04 08:57	--------	d-----w-	c:\dokumente und einstellungen\Andreas\test
2010-07-04 00:53 . 2010-07-04 00:53	--------	d-----w-	C:\Neuer Ordner
2010-07-04 00:44 . 2010-07-04 00:45	--------	d-----w-	C:\altes Iphone Backup
2010-07-03 16:50 . 2010-07-03 16:50	--------	d-----w-	c:\dokumente und einstellungen\Andreas\com.apple.Notes
2010-07-03 16:50 . 2010-07-03 16:50	--------	d-----w-	c:\dokumente und einstellungen\Andreas\com.apple.MailAccounts
2010-07-03 16:50 . 2010-07-03 16:50	--------	d-----w-	c:\dokumente und einstellungen\Andreas\com.apple.Contacts
2010-07-03 16:50 . 2010-07-03 16:50	--------	d-----w-	c:\dokumente und einstellungen\Andreas\com.apple.Calendars
2010-07-03 16:50 . 2010-07-03 16:50	--------	d-----w-	c:\dokumente und einstellungen\Andreas\com.apple.Bookmarks
2010-06-30 08:39 . 2010-06-30 08:39	--------	d-----w-	c:\dokumente und einstellungen\Andreas\Neuer Ordner
2010-06-30 07:57 . 2010-06-30 07:57	--------	d-----w-	c:\programme\iPod
2010-06-30 07:57 . 2010-06-30 07:57	--------	d-----w-	c:\programme\iTunes
2010-06-30 07:57 . 2010-06-30 07:57	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-30 07:55 . 2010-06-30 07:55	--------	d-----w-	c:\programme\QuickTime
2010-06-30 07:52 . 2010-06-30 07:52	--------	d-----w-	c:\programme\Bonjour
2010-06-30 07:49 . 2010-06-30 07:49	72504	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-18 16:47 . 2010-06-18 16:47	--------	d-----w-	c:\programme\TeamViewer
2010-06-15 12:38 . 2010-06-18 16:48	--------	d-----w-	c:\dokumente und einstellungen\Andreas\Anwendungsdaten\TeamViewer
2010-06-15 12:38 . 2010-06-15 12:38	--------	d-----w-	c:\dokumente und einstellungen\Andreas\temp
2010-06-13 17:58 . 2010-02-08 10:06	266240	----a-w-	c:\windows\system32\sevZip40.dll
2010-06-13 17:58 . 2001-05-24 10:20	544256	----a-w-	c:\windows\system32\jangraphics.dll
2010-06-13 13:04 . 2010-06-30 11:23	--------	d-----w-	C:\SEMteam
2010-06-08 19:50 . 2010-06-08 19:50	503808	----a-w-	c:\dokumente und einstellungen\Andreas\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\46\f84c6ae-6bb62c3e-n\msvcp71.dll
2010-06-08 19:50 . 2010-06-08 19:50	499712	----a-w-	c:\dokumente und einstellungen\Andreas\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\46\f84c6ae-6bb62c3e-n\jmc.dll
2010-06-08 19:50 . 2010-06-08 19:50	348160	----a-w-	c:\dokumente und einstellungen\Andreas\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\46\f84c6ae-6bb62c3e-n\msvcr71.dll
2010-06-08 19:45 . 2010-06-08 19:46	--------	d-----w-	c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Temp

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 18:21 . 2009-03-28 12:37	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2010-07-06 18:18 . 2009-03-28 12:37	483360	--sha-w-	c:\windows\system32\drivers\fidbox2.dat
2010-07-06 18:18 . 2009-03-28 12:37	3780	--sha-w-	c:\windows\system32\drivers\fidbox2.idx
2010-07-06 18:18 . 2009-03-28 12:37	2200608	--sha-w-	c:\windows\system32\drivers\fidbox.dat
2010-07-06 18:18 . 2009-03-28 12:37	20368	--sha-w-	c:\windows\system32\drivers\fidbox.idx
2010-07-04 00:50 . 2009-03-29 20:57	--------	d-----w-	c:\dokumente und einstellungen\Andreas\Anwendungsdaten\Apple Computer
2010-06-30 08:01 . 2009-03-30 03:37	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple
2010-06-30 07:57 . 2009-03-30 03:37	--------	d-----w-	c:\programme\Gemeinsame Dateien\Apple
2010-06-08 19:48 . 2009-03-29 20:51	--------	d-----w-	c:\programme\Google
2010-06-01 04:37 . 2009-03-29 20:23	28160	----a-w-	c:\windows\system32\Sevkto32.dll
2010-05-18 14:35 . 2010-05-18 14:35	91424	----a-w-	c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35	197920	----a-w-	c:\windows\system32\dnssdX.dll
2010-05-18 14:35 . 2010-05-18 14:35	107808	----a-w-	c:\windows\system32\dns-sd.exe
2010-05-14 09:00 . 2009-03-28 12:37	97549	----a-w-	c:\windows\system32\drivers\klick.dat
2010-05-14 09:00 . 2009-03-28 12:37	113933	----a-w-	c:\windows\system32\drivers\klin.dat
2010-04-19 18:47 . 2009-03-30 03:37	3062048	----a-w-	c:\windows\system32\usbaaplrc.dll
2010-04-19 18:47 . 2009-03-30 03:37	41984	----a-w-	c:\windows\system32\drivers\usbaapl.sys
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 142360]
"LtMoh"="c:\programme\ltmoh\Ltmoh.exe" [2005-12-16 188416]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-02 17530368]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-03-28 148888]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1343488]
"AVP"="c:\programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-30 208616]
"DataCardMonitor"="c:\programme\Huawei Modems\DataCardMonitor.exe" [2009-03-28 249856]
"THotkey"="c:\programme\Toshiba\Toshiba Applet\thotkey.exe" [2008-05-27 360448]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-06-15 141624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Aktualisierungsagent.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Aktualisierungsagent.lnk
backup=c:\windows\pss\Aktualisierungsagent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 14:33	141624	----a-w-	c:\programme\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 20:16	421888	----a-w-	c:\programme\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
2008-05-27 07:23	360448	----a-w-	c:\programme\TOSHIBA\TOSHIBA Applet\THotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\system32\\pol32evt.exe"=
"c:\\PROGRA~1\\MICROS~3\\OFFICE11\\OUTLOOK.EXE"=
"c:\\Programme\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:Public ShareFolder - DCOM Access
"137:UDP"= 137:UDP:@xpsp2res.dll,-22001
"9352:TCP"= 9352:TCP:coeunvhz

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29.01.2008 18:29 33808]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [06.07.2010 18:56 218592]
R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [15.06.2009 21:03 20992]
R1 cdrport;cdrport;c:\windows\system32\drivers\cdrport.sys [15.06.2009 21:03 4608]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programme\Spyware Doctor\BDT\BDTUpdateService.exe [06.07.2010 19:00 112592]
R2 gtdetectsc;GtDetectSc Service;c:\windows\system32\Gtdetectsc.exe [28.03.2009 18:54 122880]
R2 GtFlashSwitch;GtFlashSwitch;c:\programme\Gemeinsame Dateien\GtFlashSwitch\GtFlashSwitch.exe [09.02.2007 15:48 176128]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [30.03.2009 10:20 5888]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13.03.2008 19:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30.04.2008 18:06 24592]
R3 mdvdrv;Connectivity Driver;c:\windows\system32\drivers\mdvdrv.sys [28.03.2009 22:38 115200]
S2 evclbg;Shell Driver;c:\windows\system32\svchost.exe -k netsvcs [14.04.2008 07:53 14336]
S2 gupdate1c9b0b0eef0a210;Google Update Service (gupdate1c9b0b0eef0a210);c:\programme\Google\Update\GoogleUpdate.exe [29.03.2009 22:57 133104]
S2 SUNLITE;SIUDI OUT;c:\windows\system32\drivers\siudi.sys [19.11.2009 15:45 17680]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28.03.2009 12:53 1684736]
S3 AX88172;Conceptronic USB 2.0 10/100 Ethernet Adapter;c:\windows\system32\drivers\ax88172.sys [28.03.2009 13:27 11264]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programme\Spyware Doctor\pctsAuxs.exe [06.07.2010 18:56 366840]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
evclbg
.
Inhalt des "geplante Tasks" Ordners

2010-06-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-03-29 20:57]

2010-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-03-29 20:57]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll
TCP: {77D92AEE-3AAE-4402-B7E6-C6BA2062A83C} = 192.168.0.2
FF - ProfilePath - c:\dokumente und einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\zry0kxrw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://de.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-07-06 20:21
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DataCardMonitor = c:\programme\Huawei Modems\DataCardMonitor.exe?R ??? ???????OKUME~1\Andreas\LOKALE~1\Temp\DataCardPM32.tmp?nd Einstellungen\Andr?? ?????????????????????????????????????????rogramme\Huawei Modems\DataCardMonitor.exe?x????????????rogramme\Huawei Modems\?Disk 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\evclbg]
"ServiceDll"="c:\windows\system32\upcczovr.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]
"7040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(1760)
c:\programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(148)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\brss01a.exe
c:\windows\system32\agrsmsvc.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programme\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\programme\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-07-06  20:24:33 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-07-06 18:24

Vor Suchlauf: 9 Verzeichnis(se), 39.891.755.008 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 39.788.503.040 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 28B9BD27A6B4948C92249A66C19AE034
         
--- --- ---

DANKE für eure Antworten - ANDREAS

Alt 07.07.2010, 10:25   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Interpretierung Bericht Combofix - Standard

Interpretierung Bericht Combofix



Hallo und

bitte erstmal einen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 07.07.2010, 16:15   #3
McJoy
 
Interpretierung Bericht Combofix - Standard

Interpretierung Bericht Combofix



Hallo Arne,

vielen Dank für deine Antwort. Hier kommt das Logfile von AntiMalware, was nach einem soeben erfolgten "Vollständigen Suchlauf" entstanden ist. Infizierte Objkekte wurden nicht gefunden. Nun begebe ich mich an OTL und werde das Ergebnis hier später posten.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4288

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

07.07.2010 16:07:42
mbam-log-2010-07-07 (16-07-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|P:\|)
Durchsuchte Objekte: 192706
Laufzeit: 54 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
__________________

Alt 07.07.2010, 16:33   #4
McJoy
 
Interpretierung Bericht Combofix - Standard

Interpretierung Bericht Combofix



hier kommen die OTL-files. Vielen Dank schon einmal vorab für die Hilfe!
LG
Andreas


extras.txt:


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 07.07.2010 16:18:47 - Run 1
OTL by OldTimer - Version 3.2.7.1     Folder = C:\Dokumente und Einstellungen\Andreas\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 50,00 Gb Total Space | 36,69 Gb Free Space | 73,38% Space Free | Partition Type: NTFS
Drive D: | 99,04 Gb Total Space | 61,28 Gb Free Space | 61,87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 27,12 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive P: | 3,61 Gb Total Space | 3,60 Gb Free Space | 99,63% Space Free | Partition Type: FAT32
 
Computer Name: ANDREAS-
Current User Name: Andreas
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"135:TCP" = 135:TCP:*:Enabled:Public ShareFolder - DCOM Access
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"135:TCP" = 135:TCP:*:Enabled:Public ShareFolder - DCOM Access
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"9352:TCP" = 9352:TCP:*:Enabled:coeunvhz
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\pol32evt.exe" = %windir%\system32\pol32evt.exe:*:Enabled:Public ShareFolder - Client -- ()
"C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE" = C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE:*:Enabled:Microsoft Outlook -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\pol32evt.exe" = %windir%\system32\pol32evt.exe:*:Enabled:Public ShareFolder - Client -- ()
"C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE" = C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE:*:Enabled:Microsoft Outlook -- (Microsoft Corporation)
"C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0000C5E1-B640-4fbe-B926-0E3FA9BFEE74}" = EDIUS4 Settings
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator 0.8.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07F58BB0-50D4-4477-B491-A97B2AD059B6}" = TOSHIBA Hotkey Utility
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP100_series" = Canon iP100 series
"{1E16A5B2-6E2E-4B05-96C3-9635D483E41C}" = Canopus GXF SpeedEncoder 1.3
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{44AFDB86-1509-4CDC-9B2E-1C73B2DEE5F0}" = Mobile Broadband Drivers
"{61B84435-7A82-4F5C-87EC-1071EC28D72D}" = TOSHIBA Utilities
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1" = TypingMaster Pro
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = T-Mobile web'n'walk Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC4600DB-4897-4EAF-B153-6335B9AA066D}" = GT HSDPA driver installer
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D438FA08-515F-41DD-BBDC-AC3428AE9754}" = Canopus ProCoder Express For EDIUS
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F28111F1-8DCC-4E3C-A6D4-5E1D05F28300}" = EDIUS4(SetupManager)
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = TOSHIBA Software Modem
"Browser Defender_is1" = Browser Defender 2.0.6.15
"Canon iP100 series Benutzerregistrierung" = Canon iP100 series Benutzerregistrierung
"CleanUp!" = CleanUp!
"Easy Stand Alone_is1" = Easy Stand Alone
"ENTTEC DMX USB PRO- Utility" = ENTTEC DMX USB PRO- Utility 1.36
"FTDICOMM" = FTDI USB Serial Converter Drivers
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Huawei Modems" = Huawei modem
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallWIX_{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Michas Jingle-Player" = Michas Jingle-Player
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Novatel_700_800_PCCardInstaller" = Novatel 700/800 driver
"Novatel_V20051Installer" = Novatel driver package V2.00.51
"OptionHsxpa72_PCCardInstaller" = Option Globetrotter HSXPA 7.2 PC-Cards
"OptionPCCardInstaller_tmcc" = Option PC Cards driver package
"OptionPluss_PCCardInstaller" = Option GT HSDPA driver suit
"Public ShareFolder Client_is1" = Public ShareFolder Client 1.3
"sem_GCXX" = Sony Ericsson GCXX (75/79/82/83/85/89)
"SEMteam" = SEMteam
"SEMteam Update" = SEMteam Update
"SHOW!time 5 Net" = SHOW!time 5 Net
"SHOWTIME NET Update" = SHOWTIME NET Update
"Spyware Doctor" = Spyware Doctor 7.0
"Synology Assistant" = Synology Assistant (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 5" = TeamViewer 5
"TypingMaster Pro" = TypingMaster Pro
"VLC media player" = VideoLAN VLC media player 0.8.6
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.07.2010 13:28:58 | Computer Name = ANDREAS- | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 78015
 
Error - 06.07.2010 19:25:52 | Computer Name = ANDREAS- | Source = Google Update | ID = 20
Description = 
 
Error - 06.07.2010 19:55:05 | Computer Name = ANDREAS- | Source = Google Update | ID = 20
Description = 
 
Error - 06.07.2010 20:55:05 | Computer Name = ANDREAS- | Source = Google Update | ID = 20
Description = 
 
Error - 06.07.2010 21:55:05 | Computer Name = ANDREAS- | Source = Google Update | ID = 20
Description = 
 
Error - 06.07.2010 22:55:05 | Computer Name = ANDREAS- | Source = Google Update | ID = 20
Description = 
 
Error - 06.07.2010 23:55:05 | Computer Name = ANDREAS- | Source = Google Update | ID = 20
Description = 
 
Error - 07.07.2010 00:55:05 | Computer Name = ANDREAS- | Source = Google Update | ID = 20
Description = 
 
Error - 07.07.2010 01:55:05 | Computer Name = ANDREAS- | Source = Google Update | ID = 20
Description = 
 
Error - 07.07.2010 02:55:05 | Computer Name = ANDREAS- | Source = Google Update | ID = 20
Description = 
 
[ System Events ]
Error - 06.07.2010 14:37:14 | Computer Name = ANDREAS- | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "BITS"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {4991D34B-80A1-4291-83B6-3328366B9097}
 
Error - 06.07.2010 14:37:14 | Computer Name = ANDREAS- | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "BITS"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {4991D34B-80A1-4291-83B6-3328366B9097}
 
Error - 06.07.2010 14:37:15 | Computer Name = ANDREAS- | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SIUDI OUT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1058
 
Error - 06.07.2010 14:37:15 | Computer Name = ANDREAS- | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Shell Driver" wurde mit folgendem Fehler beendet:   %%126
 
Error - 06.07.2010 14:37:50 | Computer Name = ANDREAS- | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "BITS"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {4991D34B-80A1-4291-83B6-3328366B9097}
 
Error - 06.07.2010 14:37:50 | Computer Name = ANDREAS- | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "BITS"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {4991D34B-80A1-4291-83B6-3328366B9097}
 
Error - 06.07.2010 16:55:00 | Computer Name = ANDREAS- | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "BITS"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {4991D34B-80A1-4291-83B6-3328366B9097}
 
Error - 07.07.2010 08:51:22 | Computer Name = ANDREAS- | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "BITS"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {4991D34B-80A1-4291-83B6-3328366B9097}
 
Error - 07.07.2010 08:51:22 | Computer Name = ANDREAS- | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "BITS"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {4991D34B-80A1-4291-83B6-3328366B9097}
 
Error - 07.07.2010 08:51:22 | Computer Name = ANDREAS- | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "BITS"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {4991D34B-80A1-4291-83B6-3328366B9097}
 
 
< End of report >
         
--- --- ---





und OTL.txt:


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.07.2010 16:18:47 - Run 1
OTL by OldTimer - Version 3.2.7.1     Folder = C:\Dokumente und Einstellungen\Andreas\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 50,00 Gb Total Space | 36,69 Gb Free Space | 73,38% Space Free | Partition Type: NTFS
Drive D: | 99,04 Gb Total Space | 61,28 Gb Free Space | 61,87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 27,12 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive P: | 3,61 Gb Total Space | 3,60 Gb Free Space | 99,63% Space Free | Partition Type: FAT32
 
Computer Name: ANDREAS-
Current User Name: Andreas
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Andreas\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Programme\Huawei Modems\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Programme\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
PRC - C:\Programme\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\GtFlashSwitch\GtFlashSwitch.exe (OptionNV)
PRC - C:\WINDOWS\system32\Gtdetectsc.exe (OptionNV)
PRC - C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\ltmoh\ltmoh.exe (Agere Systems)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd)
PRC - C:\WINDOWS\system32\BRSS01A.EXE (brother Industries Ltd)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\Andreas\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (sdCoreService) -- C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (Browser Defender Update Service) -- C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
SRV - (TAPPSRV) -- C:\Programme\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
SRV - (GtFlashSwitch) -- C:\Programme\Gemeinsame Dateien\GtFlashSwitch\GtFlashSwitch.exe (OptionNV)
SRV - (gtdetectsc) -- C:\WINDOWS\system32\Gtdetectsc.exe (OptionNV)
SRV - (AgereModemAudio) -- C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (Brother XP spl Service) -- C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (PCASp50) -- C:\WINDOWS\System32\drivers\PCASp50.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (KLFLTDEV) -- C:\WINDOWS\system32\drivers\klfltdev.sys (Kaspersky Lab)
DRV - (cdrblock) -- C:\WINDOWS\system32\drivers\cdrblock.sys (Canopus Co,. Ltd.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (mdvdrv) -- C:\WINDOWS\system32\drivers\mdvdrv.sys ()
DRV - (mdvrmng) -- C:\WINDOWS\system32\drivers\mdvrmng.sys ()
DRV - (FwLnk) -- C:\WINDOWS\system32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (NWADI) -- C:\WINDOWS\system32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (aksusb) -- C:\WINDOWS\system32\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.)
DRV - (akshasp) -- C:\WINDOWS\system32\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (odysseyIM4) -- C:\WINDOWS\system32\drivers\odysseyIM4.sys (Funk Software, Inc.)
DRV - (cdrport) -- C:\WINDOWS\system32\drivers\cdrport.sys (Canopus Co,. Ltd.)
DRV - (AX88172) -- C:\WINDOWS\system32\drivers\ax88172.sys (ASIX Electronics Corp.)
DRV - (SUNLITE) -- C:\WINDOWS\system32\drivers\siudi.sys (Digital Art System)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://de.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.06.30 09:55:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.06.30 09:55:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\THBExt [2009.03.28 14:37:08 | 000,000,000 | ---D | M]
 
[2009.03.29 23:31:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Extensions
[2010.07.06 20:55:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\zry0kxrw.default\extensions
[2010.06.17 17:39:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\zry0kxrw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.03.29 22:48:19 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.10.17 22:09:14 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.10.17 22:09:14 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.10.17 22:09:14 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.10.17 22:09:14 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.10.17 22:09:14 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.07.06 20:21:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [DataCardMonitor] C:\Programme\Huawei Modems\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [LtMoh] C:\Programme\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [THotkey] C:\Programme\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238241120453 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238241192453 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Andreas\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Andreas\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.28 12:11:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.11.21 17:29:34 | 000,110,592 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007.08.01 23:31:24 | 000,363,750 | R--- | M] () - F:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2008.02.25 20:50:00 | 000,000,046 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{45152797-1bd8-11de-90cb-001e339eddb2}\Shell - "" = AutoRun
O33 - MountPoints2\{45152797-1bd8-11de-90cb-001e339eddb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45152797-1bd8-11de-90cb-001e339eddb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.11.21 17:29:34 | 000,110,592 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.07 15:22:26 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Andreas\Desktop\OTL.exe
[2010.07.07 14:58:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Malwarebytes
[2010.07.07 14:57:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.07.07 14:57:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.07.07 14:57:51 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.07.07 14:57:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.07.07 14:40:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010.07.07 14:39:47 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Andreas\Desktop\mbam-setup.exe
[2010.07.06 22:32:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas\Lokale Einstellungen\Anwendungsdaten\Threat Expert
[2010.07.06 20:55:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.07.06 20:13:31 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.07.06 20:05:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.07.06 20:05:56 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.07.06 20:05:56 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.07.06 20:05:56 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.07.06 20:05:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.07.06 20:04:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.07.06 19:48:00 | 000,000,000 | ---D | C] -- C:\Programme\CleanUp!
[2010.07.06 19:00:48 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010.07.06 19:00:47 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010.07.06 19:00:47 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010.07.06 18:57:00 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010.07.06 18:56:55 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010.07.06 18:56:55 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010.07.06 18:56:48 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010.07.06 18:56:42 | 000,000,000 | ---D | C] -- C:\Programme\Spyware Doctor
[2010.07.06 18:56:42 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\PC Tools
[2010.07.06 18:56:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\PC Tools
[2010.07.06 18:56:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools
[2010.07.06 18:56:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2010.07.06 18:53:27 | 036,598,544 | ---- | C] (PC Tools                                                    ) -- C:\Dokumente und Einstellungen\Andreas\Desktop\sdsetup.exe
[2010.07.04 10:57:50 | 000,000,000 | ---D | C] -- C:\test
[2010.07.04 02:53:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas\test
[2010.07.04 02:53:42 | 000,000,000 | ---D | C] -- C:\Neuer Ordner
[2010.07.04 02:44:49 | 000,000,000 | ---D | C] -- C:\altes Iphone Backup
[2010.07.03 18:50:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas\com.apple.Notes
[2010.07.03 18:50:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas\com.apple.MailAccounts
[2010.07.03 18:50:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas\com.apple.Contacts
[2010.07.03 18:50:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas\com.apple.Calendars
[2010.07.03 18:50:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas\com.apple.Bookmarks
[2010.06.30 10:39:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas\Neuer Ordner
[2010.06.30 09:57:05 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.06.30 09:57:00 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.06.30 09:57:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.06.30 09:55:18 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.06.30 09:52:46 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.06.18 18:47:47 | 000,000,000 | ---D | C] -- C:\Programme\TeamViewer
[2010.06.15 14:38:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\TeamViewer
[2010.06.15 14:38:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas\temp
[2010.06.13 19:58:46 | 000,266,240 | ---- | C] (Dieter Otter, Tools & Components) -- C:\WINDOWS\System32\sevZip40.dll
[2010.06.13 15:07:28 | 000,438,272 | ---- | C] (Dart Communications) -- C:\WINDOWS\System32\DartMail.dll
[2010.06.13 15:07:28 | 000,221,184 | ---- | C] (Dart Communications) -- C:\WINDOWS\System32\DartSock.dll
[2010.06.13 15:07:27 | 000,147,456 | ---- | C] (Dart Communications) -- C:\WINDOWS\System32\DartUtil.dll
[2010.06.13 15:07:27 | 000,137,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msinet.ocx
[2010.06.13 15:07:26 | 000,371,712 | ---- | C] (Tools & Components) -- C:\WINDOWS\System32\sevDataGrid2.ocx
[2010.06.13 15:07:25 | 001,589,248 | ---- | C] (Dirk Richter - Softwaredevelopment) -- C:\WINDOWS\System32\LibMyWitch.ocx
[2010.06.13 15:07:25 | 000,294,400 | ---- | C] (Tools & Components) -- C:\WINDOWS\System32\sevEin20.ocx
[2010.06.13 15:07:24 | 000,190,464 | ---- | C] (Tools & Components) -- C:\WINDOWS\System32\sevImLib.dll
[2010.06.13 15:07:24 | 000,141,824 | ---- | C] (Tools & Components) -- C:\WINDOWS\System32\sevCmd3.ocx
[2010.06.13 15:07:24 | 000,057,856 | ---- | C] (Tools & Components) -- C:\WINDOWS\System32\sevFTP10.dll
[2010.06.13 15:07:24 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Flxgdde.dll
[2010.06.13 15:07:23 | 000,529,656 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\llview13.exe
[2010.06.13 15:07:23 | 000,042,232 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\cmll13sx.dll
[2010.06.13 15:07:22 | 002,475,768 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\cmll13ht.llx
[2010.06.13 15:07:22 | 002,251,512 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\cmls13.dll
[2010.06.13 15:07:22 | 002,125,560 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\cmct13.dll
[2010.06.13 15:07:22 | 002,035,352 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\cmll13xl.dll
[2010.06.13 15:07:22 | 001,567,480 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\cmbr13.dll
[2010.06.13 15:07:22 | 000,905,464 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\cmmx02.dll
[2010.06.13 15:07:22 | 000,876,280 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\cmdw13.dll
[2010.06.13 15:07:22 | 000,771,320 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\cmll13ex.llx
[2010.06.13 15:07:22 | 000,644,264 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\cmll13eu.llx
[2010.06.13 15:07:22 | 000,637,160 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\cmll13bm.llx
[2010.06.13 15:07:22 | 000,482,040 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\cmut13.dll
[2010.06.13 15:07:22 | 000,471,288 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\cmpr13.dll
[2010.06.13 15:07:22 | 000,356,600 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\cmll13pw.llx
[2010.06.13 15:07:22 | 000,336,632 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\cmll13oc.llx
[2010.06.13 15:07:21 | 005,617,912 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\cmll13.dll
[2010.06.13 15:07:21 | 003,866,528 | ---- | C] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\Flash10b.ocx
[2010.06.13 15:07:21 | 001,137,912 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\cmll1300.lng
[2010.06.13 15:07:21 | 000,427,256 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\cmll13o.ocx
[2010.06.13 15:07:21 | 000,290,816 | ---- | C] (Software-Entwicklung & Vertrieb) -- C:\WINDOWS\System32\sevImCol.dll
[2010.06.13 15:07:21 | 000,234,744 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\cmll13fx.ocx
[2010.06.13 15:07:21 | 000,206,144 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\cmll13ox.ocx
[2010.06.13 15:07:21 | 000,201,976 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\cmll13v.ocx
[2010.06.13 15:07:21 | 000,165,112 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\cmll13r.ocx
[2010.06.13 15:07:21 | 000,082,168 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\cmls1300.lng
[2010.06.13 15:04:58 | 000,000,000 | ---D | C] -- C:\SEMteam
[2010.06.08 21:45:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Temp
[2009.03.30 10:20:50 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.07 15:55:01 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.07 15:24:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Andreas\Desktop\OTL.exe
[2010.07.07 14:57:54 | 000,000,682 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.07 14:52:49 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Andreas\Desktop\mbam-setup.exe
[2010.07.06 22:55:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.06 22:05:50 | 000,001,429 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\SEMteam Fernschulung.lnk
[2010.07.06 22:05:49 | 000,001,500 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\SSEMteam ReportDesigner.lnk
[2010.07.06 22:05:49 | 000,001,405 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\SEMteamUpdate.lnk
[2010.07.06 22:05:49 | 000,001,383 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\SEMteamDBrep.lnk
[2010.07.06 22:05:49 | 000,001,376 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\SEMteamText.lnk
[2010.07.06 22:05:49 | 000,001,346 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\SEMteam.lnk
[2010.07.06 21:39:31 | 000,018,432 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.06 20:37:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.07.06 20:37:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.06 20:37:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.06 20:36:11 | 002,200,608 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010.07.06 20:36:11 | 000,483,360 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010.07.06 20:36:11 | 000,020,368 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010.07.06 20:36:11 | 000,003,780 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010.07.06 20:36:08 | 004,194,304 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\NTUSER.DAT
[2010.07.06 20:36:08 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Andreas\ntuser.ini
[2010.07.06 20:21:32 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.07.06 20:21:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.07.06 20:13:35 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.07.06 19:47:23 | 000,339,257 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\CleanUp452.exe
[2010.07.06 19:41:36 | 003,727,961 | R--- | M] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\ComboFix.exe
[2010.07.06 18:55:14 | 036,598,544 | ---- | M] (PC Tools                                                    ) -- C:\Dokumente und Einstellungen\Andreas\Desktop\sdsetup.exe
[2010.06.30 14:26:03 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.06.30 09:57:44 | 000,001,804 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.06.29 22:15:31 | 000,065,536 | ---- | M] () -- C:\data.syncdb
[2010.06.13 15:11:50 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010.06.08 21:49:20 | 000,001,893 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.07.07 14:57:54 | 000,000,682 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.06 20:13:35 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.07.06 20:13:32 | 000,262,448 | ---- | C] () -- C:\cmldr
[2010.07.06 20:05:56 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.07.06 20:05:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.07.06 20:05:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.07.06 20:05:56 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.07.06 20:05:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.07.06 19:47:22 | 000,339,257 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\CleanUp452.exe
[2010.07.06 19:40:27 | 003,727,961 | R--- | C] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\ComboFix.exe
[2010.07.06 19:00:48 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010.07.06 19:00:48 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010.07.06 19:00:48 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010.07.06 19:00:48 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010.07.06 19:00:47 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010.07.06 18:57:00 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010.07.06 18:56:55 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010.07.06 18:56:55 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010.07.06 18:56:48 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010.07.03 18:56:04 | 000,065,536 | ---- | C] () -- C:\data.syncdb
[2010.06.30 13:23:24 | 000,001,500 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\SSEMteam ReportDesigner.lnk
[2010.06.30 13:23:24 | 000,001,429 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\SEMteam Fernschulung.lnk
[2010.06.30 13:23:24 | 000,001,405 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\SEMteamUpdate.lnk
[2010.06.30 13:23:24 | 000,001,383 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\SEMteamDBrep.lnk
[2010.06.30 13:23:24 | 000,001,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\SEMteamText.lnk
[2010.06.30 13:23:24 | 000,001,346 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\SEMteam.lnk
[2010.06.30 09:57:44 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.06.13 19:58:47 | 000,000,279 | ---- | C] () -- C:\WINDOWS\System32\sevISDN.dep
[2010.06.13 19:58:46 | 000,544,256 | ---- | C] () -- C:\WINDOWS\System32\jangraphics.dll
[2010.06.13 19:58:45 | 000,120,472 | ---- | C] () -- C:\WINDOWS\System32\VSVPort7.ocx
[2010.06.13 15:07:24 | 001,069,056 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll
[2010.06.13 15:07:24 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2010.06.13 15:07:23 | 002,127,345 | ---- | C] () -- C:\WINDOWS\System32\cmLL1300.chm
[2010.06.13 15:07:23 | 000,188,371 | ---- | C] () -- C:\WINDOWS\System32\cmll1300.inf
[2010.06.13 15:07:21 | 000,581,368 | ---- | C] () -- C:\WINDOWS\System32\cmmx0200.lng
[2010.06.13 15:07:21 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\Flash10b.oca
[2010.06.13 15:07:21 | 000,008,277 | ---- | C] () -- C:\WINDOWS\System32\cmll13si.chm
[2010.06.08 21:49:20 | 000,001,893 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2009.12.27 20:52:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009.11.19 16:02:22 | 000,000,133 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2009.10.08 17:39:15 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_8420.ini
[2009.10.08 17:39:15 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009.10.08 17:39:14 | 000,000,442 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009.10.08 17:39:14 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009.06.15 21:50:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\canopus.ini
[2009.06.15 21:33:16 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\pavedius4db.dll
[2009.06.15 21:01:36 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\pavedius.dll
[2009.03.30 10:20:50 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2009.03.29 22:23:13 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\SHTDLL32.DLL
[2009.03.29 22:23:13 | 000,000,478 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[2009.03.29 22:23:12 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2009.03.28 22:38:27 | 000,115,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdvdrv.sys
[2009.03.28 22:28:45 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdvrmng.sys
[2009.03.28 18:55:03 | 000,000,057 | ---- | C] () -- C:\WINDOWS\init.ini
[2009.03.28 18:27:26 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.03.28 12:40:20 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2009.03.28 12:40:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2009.03.28 12:40:20 | 000,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2009.03.28 12:40:20 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2007.10.22 08:53:12 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\RemoveDevice.dll
[2007.10.22 08:53:12 | 000,466,944 | ---- | C] () -- C:\WINDOWS\RemoveDevice.dll
[2006.11.30 14:53:12 | 000,331,867 | ---- | C] () -- C:\WINDOWS\System32\pol32ps.dll
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001.10.28 18:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 163 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8
< End of report >
         
--- --- ---

Alt 09.07.2010, 19:20   #5
McJoy
 
Interpretierung Bericht Combofix - Standard

Interpretierung Bericht Combofix



Hallo Leute,

da sich keiner aus dem Forum mit besorgniserregendem Beitrag zu meinen Files geäußert hat, und mein PC wieder stabil zu laufen scheint (ich kann meine versteckten Dateien wieder anzeigen lassen), werde ich mich vorerst aus dem Forum verabschieden. Wenn noch jemand das Logfile von Combofix unter die Lupe nimmt, würde mich das natürlcih freuen :-)

Ansonsten Dir, Arne, nochmals vielen Dank für die schnelle Hilfe!

LG
Andreas


Alt 10.07.2010, 14:25   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Interpretierung Bericht Combofix - Standard

Interpretierung Bericht Combofix



Sry, bei der Menge an Strängen, die ich bearbeite, übersehe ich leider hin und wieder auch welche

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\evclbg]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9352:TCP"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=-

Regnull::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Componen ts\h–€|ÿÿÿÿ¤•€|ù•6~*]

File::
c:\windows\system32\upcczovr.dll
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
--> Interpretierung Bericht Combofix

Alt 11.07.2010, 18:56   #7
McJoy
 
Interpretierung Bericht Combofix - Standard

Interpretierung Bericht Combofix



Hallo Arne,

toll, dass du dir die Zeit für mich genommen hast. Hier kommt die nach deinen Vorgaben erstellte combofix.txt:


Combofix Logfile:
Code:
ATTFilter
ComboFix 10-07-06.01 - Andreas 11.07.2010  17:44:35.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1916.1425 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Andreas\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Andreas\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
 * Neuer Wiederherstellungspunkt wurde erstellt

FILE ::
"c:\windows\system32\upcczovr.dll"
.

(((((((((((((((((((((((   Dateien erstellt von 2010-06-11 bis 2010-07-11  ))))))))))))))))))))))))))))))
.

2010-07-08 20:07 . 2010-07-08 20:07	--------	d-----w-	c:\windows\system32\wbem\Repository
2010-07-07 13:09 . 2010-02-12 10:03	293376	------w-	c:\windows\system32\browserchoice.exe
2010-07-07 12:58 . 2010-07-07 12:58	--------	d-----w-	c:\dokumente und einstellungen\Andreas\Anwendungsdaten\Malwarebytes
2010-07-07 12:57 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-07 12:57 . 2010-07-07 12:57	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2010-07-07 12:57 . 2010-07-07 12:57	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-07-07 12:57 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-07-06 20:32 . 2010-07-06 20:32	--------	d-----w-	c:\dokumente und einstellungen\Andreas\Lokale Einstellungen\Anwendungsdaten\Threat Expert
2010-07-06 17:48 . 2010-07-06 17:48	--------	d-----w-	c:\programme\CleanUp!
2010-07-06 17:00 . 2010-06-23 04:01	149456	----a-w-	c:\windows\SGDetectionTool.dll
2010-07-06 17:00 . 2010-06-23 04:01	767952	----a-w-	c:\windows\BDTSupport.dll
2010-07-06 17:00 . 2008-11-26 09:08	131	----a-w-	c:\windows\IDB.zip
2010-07-06 17:00 . 2010-06-23 04:01	264144	----a-w-	c:\windows\PCTBDRes.dll
2010-07-06 17:00 . 2010-06-23 04:01	192	----a-w-	c:\windows\UDB.zip
2010-07-06 17:00 . 2010-06-23 04:01	1435600	----a-w-	c:\windows\PCTBDCore.dll
2010-07-06 16:57 . 2010-02-05 07:17	233136	----a-w-	c:\windows\system32\drivers\pctgntdi.sys
2010-07-06 16:56 . 2010-03-29 08:06	218592	----a-w-	c:\windows\system32\drivers\PCTCore.sys
2010-07-06 16:56 . 2009-11-23 11:54	88040	----a-w-	c:\windows\system32\drivers\PCTAppEvent.sys
2010-07-06 16:56 . 2010-04-08 12:29	63360	----a-w-	c:\windows\system32\drivers\pctplsg.sys
2010-07-06 16:56 . 2010-07-06 17:32	--------	d-----w-	c:\programme\Spyware Doctor
2010-07-06 16:56 . 2010-07-06 17:00	--------	d-----w-	c:\programme\Gemeinsame Dateien\PC Tools
2010-07-06 16:56 . 2010-07-06 16:56	--------	d-----w-	c:\dokumente und einstellungen\Andreas\Anwendungsdaten\PC Tools
2010-07-06 16:56 . 2010-07-06 16:56	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools
2010-07-06 16:56 . 2010-07-11 15:30	--------	d---a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2010-07-04 08:57 . 2010-07-04 08:57	--------	d-----w-	C:\test
2010-07-04 00:53 . 2010-07-04 00:53	--------	d-----w-	C:\Neuer Ordner
2010-07-04 00:44 . 2010-07-04 00:45	--------	d-----w-	C:\altes Iphone Backup
2010-07-03 16:50 . 2010-07-03 16:50	--------	d-----w-	c:\dokumente und einstellungen\Andreas\com.apple.Notes
2010-07-03 16:50 . 2010-07-03 16:50	--------	d-----w-	c:\dokumente und einstellungen\Andreas\com.apple.MailAccounts
2010-07-03 16:50 . 2010-07-03 16:50	--------	d-----w-	c:\dokumente und einstellungen\Andreas\com.apple.Contacts
2010-07-03 16:50 . 2010-07-03 16:50	--------	d-----w-	c:\dokumente und einstellungen\Andreas\com.apple.Calendars
2010-07-03 16:50 . 2010-07-03 16:50	--------	d-----w-	c:\dokumente und einstellungen\Andreas\com.apple.Bookmarks
2010-06-30 07:57 . 2010-06-30 07:57	--------	d-----w-	c:\programme\iPod
2010-06-30 07:57 . 2010-06-30 07:57	--------	d-----w-	c:\programme\iTunes
2010-06-30 07:57 . 2010-06-30 07:57	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-30 07:55 . 2010-06-30 07:55	--------	d-----w-	c:\programme\QuickTime
2010-06-30 07:52 . 2010-06-30 07:52	--------	d-----w-	c:\programme\Bonjour
2010-06-30 07:49 . 2010-06-30 07:49	72504	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-18 16:47 . 2010-06-18 16:47	--------	d-----w-	c:\programme\TeamViewer
2010-06-15 12:38 . 2010-06-18 16:48	--------	d-----w-	c:\dokumente und einstellungen\Andreas\Anwendungsdaten\TeamViewer
2010-06-15 12:38 . 2010-06-15 12:38	--------	d-----w-	c:\dokumente und einstellungen\Andreas\temp
2010-06-13 17:58 . 2010-02-08 10:06	266240	----a-w-	c:\windows\system32\sevZip40.dll
2010-06-13 17:58 . 2001-05-24 10:20	544256	----a-w-	c:\windows\system32\jangraphics.dll
2010-06-13 13:04 . 2010-07-06 20:05	--------	d-----w-	C:\SEMteam

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-11 15:29 . 2009-03-28 12:37	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2010-07-10 12:18 . 2009-03-28 12:37	524320	--sha-w-	c:\windows\system32\drivers\fidbox2.dat
2010-07-10 12:18 . 2009-03-28 12:37	3920	--sha-w-	c:\windows\system32\drivers\fidbox2.idx
2010-07-10 12:18 . 2009-03-28 12:37	2340384	--sha-w-	c:\windows\system32\drivers\fidbox.dat
2010-07-10 12:18 . 2009-03-28 12:37	21460	--sha-w-	c:\windows\system32\drivers\fidbox.idx
2010-07-10 11:05 . 2009-03-28 12:15	--------	d-----w-	c:\programme\Microsoft Silverlight
2010-07-08 10:49 . 2003-04-02 12:00	81506	----a-w-	c:\windows\system32\perfc007.dat
2010-07-08 10:49 . 2003-04-02 12:00	452470	----a-w-	c:\windows\system32\perfh007.dat
2010-07-07 16:09 . 2009-03-29 20:57	--------	d-----w-	c:\dokumente und einstellungen\Andreas\Anwendungsdaten\Apple Computer
2010-06-30 08:49 . 2010-07-08 20:06	185060	----a-w-	c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1031.dat
2010-06-30 08:01 . 2009-03-30 03:37	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple
2010-06-30 07:57 . 2009-03-30 03:37	--------	d-----w-	c:\programme\Gemeinsame Dateien\Apple
2010-06-08 19:50 . 2010-06-08 19:50	503808	----a-w-	c:\dokumente und einstellungen\Andreas\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\46\f84c6ae-6bb62c3e-n\msvcp71.dll
2010-06-08 19:50 . 2010-06-08 19:50	499712	----a-w-	c:\dokumente und einstellungen\Andreas\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\46\f84c6ae-6bb62c3e-n\jmc.dll
2010-06-08 19:50 . 2010-06-08 19:50	348160	----a-w-	c:\dokumente und einstellungen\Andreas\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\46\f84c6ae-6bb62c3e-n\msvcr71.dll
2010-06-08 19:48 . 2009-03-29 20:51	--------	d-----w-	c:\programme\Google
2010-06-01 04:37 . 2009-03-29 20:23	28160	----a-w-	c:\windows\system32\Sevkto32.dll
2010-05-18 14:35 . 2010-05-18 14:35	91424	----a-w-	c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35	197920	----a-w-	c:\windows\system32\dnssdX.dll
2010-05-18 14:35 . 2010-05-18 14:35	107808	----a-w-	c:\windows\system32\dns-sd.exe
2010-05-14 09:00 . 2009-03-28 12:37	97549	----a-w-	c:\windows\system32\drivers\klick.dat
2010-05-14 09:00 . 2009-03-28 12:37	113933	----a-w-	c:\windows\system32\drivers\klin.dat
2010-05-04 17:14 . 2008-04-14 05:52	832512	----a-w-	c:\windows\system32\wininet.dll
2010-05-04 17:14 . 2008-04-14 05:52	78336	----a-w-	c:\windows\system32\ieencode.dll
2010-05-04 17:14 . 2008-04-14 05:52	17408	----a-w-	c:\windows\system32\corpol.dll
2010-05-02 08:05 . 2008-04-14 05:23	1851392	----a-w-	c:\windows\system32\win32k.sys
2010-04-20 05:29 . 2008-04-14 05:50	285696	----a-w-	c:\windows\system32\atmfd.dll
2010-04-19 18:47 . 2009-03-30 03:37	3062048	----a-w-	c:\windows\system32\usbaaplrc.dll
2010-04-19 18:47 . 2009-03-30 03:37	41984	----a-w-	c:\windows\system32\drivers\usbaapl.sys
.

(((((((((((((((((((((((((((((   SnapShot@2010-07-06_18.21.29   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-11 15:28 . 2010-07-11 15:28	16384              c:\windows\Temp\Perflib_Perfdata_6d4.dat
+ 2009-03-28 11:52 . 2009-08-06 17:24	44768              c:\windows\system32\wups2.dll
+ 2009-03-28 10:09 . 2009-08-06 17:24	35552              c:\windows\system32\wups.dll
+ 2009-03-28 10:09 . 2009-08-06 17:24	53472              c:\windows\system32\wuauclt.exe
- 2008-04-14 05:53 . 2009-07-14 11:03	46080              c:\windows\system32\tzchange.exe
+ 2008-04-14 05:53 . 2010-04-21 13:28	46080              c:\windows\system32\tzchange.exe
- 2008-04-14 05:52 . 2008-04-14 05:52	75776              c:\windows\system32\strmfilt.dll
+ 2008-04-14 05:52 . 2009-10-21 05:38	75776              c:\windows\system32\strmfilt.dll
- 2009-03-28 12:05 . 2009-05-26 11:40	18808              c:\windows\system32\spmsg.dll
+ 2009-03-28 12:05 . 2008-07-08 13:00	18808              c:\windows\system32\spmsg.dll
+ 2010-07-07 12:40 . 2009-08-06 17:24	44768              c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2010-07-07 12:40 . 2009-08-06 17:24	35552              c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2010-07-08 20:07 . 2010-07-08 20:07	15160              c:\windows\system32\Restore\rstrlog.dat
- 2008-04-14 05:52 . 2008-04-14 05:52	79872              c:\windows\system32\raschap.dll
+ 2008-04-14 05:52 . 2009-10-12 13:38	79872              c:\windows\system32\raschap.dll
+ 2010-03-30 22:16 . 2010-03-30 22:16	99176              c:\windows\system32\PresentationHostProxy.dll
- 2008-04-14 05:52 . 2009-08-29 07:24	44544              c:\windows\system32\pngfilt.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	44544              c:\windows\system32\pngfilt.dll
+ 2003-04-02 12:00 . 2010-07-08 10:49	68490              c:\windows\system32\perfc009.dat
- 2003-04-02 12:00 . 2009-10-17 22:25	68490              c:\windows\system32\perfc009.dat
+ 2009-11-06 23:07 . 2009-11-06 23:07	49488              c:\windows\system32\netfxperf.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	11600              c:\windows\system32\mui\0409\mscorees.dll
+ 2008-04-14 07:52 . 2009-11-27 17:11	17920              c:\windows\system32\msyuv.dll
+ 2003-04-02 12:00 . 2009-11-27 16:08	28672              c:\windows\system32\msvidc32.dll
+ 2008-04-14 05:52 . 2009-11-27 16:08	11264              c:\windows\system32\msrle32.dll
- 2008-04-14 05:52 . 2008-04-14 05:52	11264              c:\windows\system32\msrle32.dll
+ 2007-08-13 17:54 . 2010-05-04 17:14	52224              c:\windows\system32\msfeedsbs.dll
- 2007-08-13 17:54 . 2009-08-29 07:24	52224              c:\windows\system32\msfeedsbs.dll
- 2008-04-14 05:52 . 2009-08-29 07:24	27648              c:\windows\system32\jsproxy.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	27648              c:\windows\system32\jsproxy.dll
+ 2008-04-14 07:52 . 2009-11-27 16:08	48128              c:\windows\system32\iyuv_32.dll
+ 2007-08-13 17:39 . 2010-05-04 12:39	13824              c:\windows\system32\ieudinit.exe
- 2007-08-13 17:39 . 2009-08-28 10:28	13824              c:\windows\system32\ieudinit.exe
- 2008-04-14 05:52 . 2009-08-29 07:24	44544              c:\windows\system32\iernonce.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	44544              c:\windows\system32\iernonce.dll
- 2008-04-14 05:52 . 2009-08-28 10:28	70656              c:\windows\system32\ie4uinit.exe
+ 2008-04-14 05:52 . 2010-05-04 12:39	70656              c:\windows\system32\ie4uinit.exe
+ 2007-08-13 17:36 . 2010-05-04 17:14	63488              c:\windows\system32\icardie.dll
- 2007-08-13 17:36 . 2009-08-29 07:24	63488              c:\windows\system32\icardie.dll
+ 2008-04-14 05:52 . 2009-10-21 05:38	25088              c:\windows\system32\httpapi.dll
+ 2008-04-14 05:52 . 2009-10-15 16:28	81920              c:\windows\system32\fontsub.dll
- 2008-04-14 05:52 . 2009-06-16 14:36	81920              c:\windows\system32\fontsub.dll
+ 2009-03-28 10:09 . 2009-08-06 17:24	35552              c:\windows\system32\dllcache\wups.dll
+ 2009-03-28 10:09 . 2009-08-06 17:24	53472              c:\windows\system32\dllcache\wuauclt.exe
- 2008-04-14 05:52 . 2008-04-14 05:52	75776              c:\windows\system32\dllcache\strmfilt.dll
+ 2008-04-14 05:52 . 2009-10-21 05:38	75776              c:\windows\system32\dllcache\strmfilt.dll
+ 2008-04-14 05:52 . 2009-10-12 13:38	79872              c:\windows\system32\dllcache\raschap.dll
- 2008-04-14 05:52 . 2008-04-14 05:52	79872              c:\windows\system32\dllcache\raschap.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	44544              c:\windows\system32\dllcache\pngfilt.dll
- 2008-04-14 05:52 . 2009-08-29 07:24	44544              c:\windows\system32\dllcache\pngfilt.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11	17920              c:\windows\system32\dllcache\msyuv.dll
+ 2003-04-02 12:00 . 2009-11-27 16:08	28672              c:\windows\system32\dllcache\msvidc32.dll
- 2008-04-14 05:52 . 2008-04-14 05:52	11264              c:\windows\system32\dllcache\msrle32.dll
+ 2008-04-14 05:52 . 2009-11-27 16:08	11264              c:\windows\system32\dllcache\msrle32.dll
+ 2009-03-28 12:23 . 2010-05-04 17:14	52224              c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-03-28 12:23 . 2009-08-29 07:24	52224              c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	27648              c:\windows\system32\dllcache\jsproxy.dll
- 2008-04-14 05:52 . 2009-08-29 07:24	27648              c:\windows\system32\dllcache\jsproxy.dll
+ 2009-11-27 16:08 . 2009-11-27 16:08	48128              c:\windows\system32\dllcache\iyuv_32.dll
- 2009-03-28 12:23 . 2009-08-28 10:28	13824              c:\windows\system32\dllcache\ieudinit.exe
+ 2009-03-28 12:23 . 2010-05-04 12:39	13824              c:\windows\system32\dllcache\ieudinit.exe
- 2008-04-14 05:52 . 2009-08-29 07:24	44544              c:\windows\system32\dllcache\iernonce.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	44544              c:\windows\system32\dllcache\iernonce.dll
- 2008-04-14 05:52 . 2009-08-29 07:24	78336              c:\windows\system32\dllcache\ieencode.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	78336              c:\windows\system32\dllcache\ieencode.dll
- 2008-04-14 05:52 . 2009-08-28 10:28	70656              c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-04-14 05:52 . 2010-05-04 12:39	70656              c:\windows\system32\dllcache\ie4uinit.exe
- 2009-03-28 12:23 . 2009-08-29 07:24	63488              c:\windows\system32\dllcache\icardie.dll
+ 2009-03-28 12:23 . 2010-05-04 17:14	63488              c:\windows\system32\dllcache\icardie.dll
+ 2008-04-14 05:52 . 2009-10-21 05:38	25088              c:\windows\system32\dllcache\httpapi.dll
- 2008-04-14 05:52 . 2009-06-16 14:36	81920              c:\windows\system32\dllcache\fontsub.dll
+ 2008-04-14 05:52 . 2009-10-15 16:28	81920              c:\windows\system32\dllcache\fontsub.dll
+ 2008-04-14 05:52 . 2009-12-14 07:08	33280              c:\windows\system32\dllcache\csrsrv.dll
- 2008-04-14 05:52 . 2009-08-29 07:24	17408              c:\windows\system32\dllcache\corpol.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	17408              c:\windows\system32\dllcache\corpol.dll
+ 2008-04-14 05:52 . 2009-08-06 17:24	96480              c:\windows\system32\dllcache\cdm.dll
+ 2008-04-14 05:52 . 2010-01-13 14:00	86528              c:\windows\system32\dllcache\cabview.dll
- 2008-04-14 05:52 . 2009-06-10 14:13	85504              c:\windows\system32\dllcache\avifil32.dll
+ 2008-04-14 05:52 . 2009-11-27 16:08	85504              c:\windows\system32\dllcache\avifil32.dll
+ 2008-04-14 05:52 . 2010-03-05 14:37	65536              c:\windows\system32\dllcache\asycfilt.dll
+ 2008-04-14 05:52 . 2009-12-14 07:08	33280              c:\windows\system32\csrsrv.dll
+ 2009-03-28 10:23 . 2010-07-11 15:30	32768              c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat
- 2009-03-28 10:23 . 2010-07-06 17:56	32768              c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat
+ 2009-03-28 10:23 . 2010-07-11 15:30	49152              c:\windows\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-08 11:23 . 2010-07-11 15:30	16384              c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-28 10:23 . 2010-07-06 17:56	16384              c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-14 05:52 . 2009-08-06 17:24	96480              c:\windows\system32\cdm.dll
+ 2008-04-14 05:52 . 2010-01-13 14:00	86528              c:\windows\system32\cabview.dll
- 2008-04-14 05:52 . 2009-06-10 14:13	85504              c:\windows\system32\avifil32.dll
+ 2008-04-14 05:52 . 2009-11-27 16:08	85504              c:\windows\system32\avifil32.dll
+ 2008-04-14 05:52 . 2010-03-05 14:37	65536              c:\windows\system32\asycfilt.dll
- 2008-07-29 18:16 . 2008-07-29 18:16	32768              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2010-04-07 21:48 . 2010-04-07 21:48	32768              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13648              c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2010-03-23 03:31 . 2010-03-23 03:31	30544              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2009-11-06 23:07 . 2009-11-06 23:07	13648              c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13648              c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13648              c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13648              c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13664              c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13688              c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13664              c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13696              c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13656              c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13656              c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13656              c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13672              c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13664              c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	86864              c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
- 2009-03-28 16:27 . 2009-10-17 22:23	23040              c:\windows\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-03-28 16:27 . 2010-07-09 20:10	23040              c:\windows\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-03-28 16:27 . 2009-10-17 22:23	27136              c:\windows\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-03-28 16:27 . 2010-07-09 20:10	27136              c:\windows\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-03-28 16:27 . 2009-10-17 22:23	11264              c:\windows\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-03-28 16:27 . 2010-07-09 20:10	11264              c:\windows\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-03-28 16:27 . 2009-10-17 22:23	12288              c:\windows\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-03-28 16:27 . 2010-07-09 20:10	12288              c:\windows\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-07-09 22:01 . 2010-07-09 22:01	49152              c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-07-08 10:36 . 2009-08-29 07:24	44544              c:\windows\ie7updates\KB982381-IE7\pngfilt.dll
+ 2010-07-08 10:36 . 2009-08-29 07:24	52224              c:\windows\ie7updates\KB982381-IE7\msfeedsbs.dll
+ 2010-07-08 10:36 . 2009-08-29 07:24	27648              c:\windows\ie7updates\KB982381-IE7\jsproxy.dll
+ 2010-07-08 10:36 . 2009-08-28 10:28	13824              c:\windows\ie7updates\KB982381-IE7\ieudinit.exe
+ 2010-07-08 10:36 . 2009-08-29 07:24	44544              c:\windows\ie7updates\KB982381-IE7\iernonce.dll
+ 2010-07-08 10:36 . 2009-08-29 07:24	78336              c:\windows\ie7updates\KB982381-IE7\ieencode.dll
+ 2010-07-08 10:36 . 2009-08-28 10:28	70656              c:\windows\ie7updates\KB982381-IE7\ie4uinit.exe
+ 2010-07-08 10:36 . 2009-08-29 07:24	63488              c:\windows\ie7updates\KB982381-IE7\icardie.dll
+ 2010-07-08 10:36 . 2009-08-29 07:24	17408              c:\windows\ie7updates\KB982381-IE7\corpol.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11	17920              c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:08 . 2009-11-27 16:08	48128              c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2010-07-08 10:52 . 2010-07-08 10:52	60928              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ea1b4fbde0e772748c6ac42d627cf684\UIAutomationProvider.ni.dll
+ 2010-07-08 11:11 . 2010-07-08 11:11	37888              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\f46915dfc57bc7e49c5402e9b8f7ec18\System.Windows.Presentation.ni.dll
+ 2010-07-08 11:10 . 2010-07-08 11:10	36864              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\1464c662c302ea6372a885161b983732\System.Web.DynamicData.Design.ni.dll
+ 2010-07-08 11:09 . 2010-07-08 11:09	94208              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\5d535ecadf77ac2d9278a1661beb2855\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-07-08 10:42 . 2010-07-08 10:42	47104              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\e67992626a30603458b0df22841c2423\PresentationFontCache.ni.exe
+ 2010-07-08 10:51 . 2010-07-08 10:51	47104              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\18729514178d458aa1225dd068718d4e\PresentationFontCache.ni.exe
+ 2010-07-08 10:42 . 2010-07-08 10:42	39424              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\6be27d744e6e2bfc4b0e25bd2998ef7c\PresentationCFFRasterizer.ni.dll
+ 2010-07-08 10:50 . 2010-07-08 10:50	39424              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\0375dfa28e2f6ef7e89df9edede4b83d\PresentationCFFRasterizer.ni.dll
+ 2010-07-08 11:10 . 2010-07-08 11:10	55296              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\4a52287444c36c89310856b38ff52fe0\Microsoft.Vsa.ni.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	77824              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	77824              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-07-08 10:42 . 2010-07-08 10:42	32768              c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2009-03-28 12:11 . 2009-03-28 12:11	32768              c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	77824              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	77824              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	77824              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	77824              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	69120              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	69120              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	8192              c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	8192              c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2001-08-18 04:54 . 2009-11-27 16:08	8704              c:\windows\system32\tsbyuv.dll
+ 2009-11-27 16:08 . 2009-11-27 16:08	8704              c:\windows\system32\dllcache\tsbyuv.dll
+ 2009-03-28 16:27 . 2010-07-09 20:10	4096              c:\windows\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-03-28 16:27 . 2009-10-17 22:23	4096              c:\windows\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-11-27 16:08 . 2009-11-27 16:08	8704              c:\windows\Driver Cache\i386\tsbyuv.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-10-17 22:25 . 2009-10-17 22:25	5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-10-17 22:25 . 2009-10-17 22:25	6656              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	6656              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	8192              c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	8192              c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	113664              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	113664              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02	159032              c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2009-03-28 10:09 . 2009-08-06 17:24	209632              c:\windows\system32\wuweb.dll
+ 2009-03-28 10:09 . 2009-08-06 17:24	327896              c:\windows\system32\wucltui.dll
+ 2009-03-28 10:09 . 2009-08-06 17:23	575704              c:\windows\system32\wuapi.dll
+ 2008-04-14 05:52 . 2009-12-24 06:59	177664              c:\windows\system32\wintrust.dll
+ 2008-04-14 05:52 . 2009-08-25 09:17	354816              c:\windows\system32\winhttp.dll
- 2008-04-14 05:52 . 2009-08-29 07:24	233472              c:\windows\system32\webcheck.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	233472              c:\windows\system32\webcheck.dll
+ 2008-04-14 05:52 . 2010-03-09 11:09	430080              c:\windows\system32\vbscript.dll
- 2008-04-14 05:52 . 2008-05-09 10:54	430080              c:\windows\system32\vbscript.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	105984              c:\windows\system32\url.dll
- 2008-04-14 05:52 . 2009-08-29 07:24	105984              c:\windows\system32\url.dll
+ 2008-04-14 05:52 . 2009-10-15 16:28	119808              c:\windows\system32\t2embed.dll
- 2008-04-14 05:52 . 2009-06-16 14:36	119808              c:\windows\system32\t2embed.dll
+ 2008-04-14 05:52 . 2009-12-08 09:23	474624              c:\windows\system32\shlwapi.dll
- 2008-04-14 05:52 . 2008-04-14 05:52	474624              c:\windows\system32\shlwapi.dll
+ 2008-04-14 05:52 . 2009-10-12 13:38	150528              c:\windows\system32\rastls.dll
+ 2010-03-30 22:10 . 2010-03-30 22:10	295264              c:\windows\system32\PresentationHost.exe
+ 2003-04-02 12:00 . 2010-07-08 10:49	435594              c:\windows\system32\perfh009.dat
- 2003-04-02 12:00 . 2009-10-17 22:25	435594              c:\windows\system32\perfh009.dat
- 2008-04-14 05:52 . 2009-08-29 07:24	102912              c:\windows\system32\occache.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	102912              c:\windows\system32\occache.dll
+ 2008-04-14 05:52 . 2009-10-13 10:32	271360              c:\windows\system32\oakley.dll
- 2008-04-14 05:52 . 2008-04-14 05:52	271360              c:\windows\system32\oakley.dll
+ 2008-10-16 13:07 . 2009-08-06 17:23	215920              c:\windows\system32\muweb.dll
+ 2009-03-29 19:55 . 2009-08-06 17:23	274288              c:\windows\system32\mucltui.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	671232              c:\windows\system32\mstime.dll
- 2008-04-14 05:52 . 2009-08-29 07:24	671232              c:\windows\system32\mstime.dll
- 2008-04-14 05:52 . 2009-08-29 07:24	193024              c:\windows\system32\msrating.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	193024              c:\windows\system32\msrating.dll
- 2009-03-28 10:07 . 2008-04-14 05:52	346624              c:\windows\system32\mspaint.exe
+ 2009-03-28 10:07 . 2009-12-17 07:40	346624              c:\windows\system32\mspaint.exe
+ 2008-04-14 05:52 . 2010-05-04 17:14	477696              c:\windows\system32\mshtmled.dll
- 2008-04-14 05:52 . 2009-08-29 07:24	477696              c:\windows\system32\mshtmled.dll
- 2007-08-13 17:54 . 2009-08-29 07:24	459264              c:\windows\system32\msfeeds.dll
+ 2007-08-13 17:54 . 2010-05-04 17:14	459264              c:\windows\system32\msfeeds.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	297808              c:\windows\system32\mscoree.dll
- 2009-03-28 10:09 . 2008-04-11 19:04	691712              c:\windows\system32\inetcomm.dll
+ 2009-03-28 10:09 . 2010-01-29 14:59	691712              c:\windows\system32\inetcomm.dll
- 2007-08-13 17:34 . 2009-08-29 07:24	268288              c:\windows\system32\iertutil.dll
+ 2007-08-13 17:34 . 2010-05-04 17:14	268288              c:\windows\system32\iertutil.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	192512              c:\windows\system32\iepeers.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	385024              c:\windows\system32\iedkcs32.dll
- 2008-04-14 05:52 . 2009-08-29 07:24	385024              c:\windows\system32\iedkcs32.dll
+ 2007-07-11 11:27 . 2010-05-04 17:14	380928              c:\windows\system32\ieapfltr.dll
- 2007-07-11 11:27 . 2009-08-29 07:24	380928              c:\windows\system32\ieapfltr.dll
+ 2003-04-02 12:00 . 2010-04-16 11:43	161792              c:\windows\system32\ieakui.dll
- 2003-04-02 12:00 . 2009-08-27 05:18	161792              c:\windows\system32\ieakui.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	230400              c:\windows\system32\ieaksie.dll
- 2008-04-14 05:52 . 2009-08-29 07:24	230400              c:\windows\system32\ieaksie.dll
- 2008-04-14 05:52 . 2009-08-29 07:24	153088              c:\windows\system32\ieakeng.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	153088              c:\windows\system32\ieakeng.dll
+ 2009-03-28 09:50 . 2010-07-08 11:22	116560              c:\windows\system32\FNTCACHE.DAT
- 2009-03-28 09:50 . 2009-07-03 14:20	116560              c:\windows\system32\FNTCACHE.DAT
- 2008-04-14 05:52 . 2009-08-29 07:24	133120              c:\windows\system32\extmgr.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	133120              c:\windows\system32\extmgr.dll
- 2008-04-14 05:52 . 2009-08-29 07:24	214528              c:\windows\system32\dxtrans.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	214528              c:\windows\system32\dxtrans.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	347136              c:\windows\system32\dxtmsft.dll
- 2008-04-14 05:52 . 2009-08-29 07:24	347136              c:\windows\system32\dxtmsft.dll
+ 2008-04-13 22:30 . 2010-02-11 12:02	226880              c:\windows\system32\drivers\tcpip6.sys
+ 2008-04-13 22:45 . 2009-12-31 16:50	353792              c:\windows\system32\drivers\srv.sys
+ 2008-04-13 22:47 . 2010-02-24 13:11	455680              c:\windows\system32\drivers\mrxsmb.sys
+ 2008-04-13 22:23 . 2009-10-20 16:20	265728              c:\windows\system32\drivers\http.sys
+ 2009-03-28 10:09 . 2009-08-06 17:24	209632              c:\windows\system32\dllcache\wuweb.dll
+ 2009-03-28 10:09 . 2009-08-06 17:24	327896              c:\windows\system32\dllcache\wucltui.dll
+ 2009-03-28 10:09 . 2009-08-06 17:23	575704              c:\windows\system32\dllcache\wuapi.dll
+ 2008-04-14 05:52 . 2009-12-24 06:59	177664              c:\windows\system32\dllcache\wintrust.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	832512              c:\windows\system32\dllcache\wininet.dll
- 2008-04-14 05:52 . 2009-08-29 07:24	832512              c:\windows\system32\dllcache\wininet.dll
+ 2008-04-14 05:52 . 2009-08-25 09:17	354816              c:\windows\system32\dllcache\winhttp.dll
- 2008-04-14 05:52 . 2009-08-29 07:24	233472              c:\windows\system32\dllcache\webcheck.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	233472              c:\windows\system32\dllcache\webcheck.dll
+ 2008-04-14 05:52 . 2010-03-09 11:09	430080              c:\windows\system32\dllcache\vbscript.dll
- 2008-04-14 05:52 . 2008-05-09 10:54	430080              c:\windows\system32\dllcache\vbscript.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	105984              c:\windows\system32\dllcache\url.dll
- 2008-04-14 05:52 . 2009-08-29 07:24	105984              c:\windows\system32\dllcache\url.dll
+ 2008-04-13 22:30 . 2010-02-11 12:02	226880              c:\windows\system32\dllcache\tcpip6.sys
- 2008-04-14 05:52 . 2009-06-16 14:36	119808              c:\windows\system32\dllcache\t2embed.dll
+ 2008-04-14 05:52 . 2009-10-15 16:28	119808              c:\windows\system32\dllcache\t2embed.dll
+ 2008-04-13 22:45 . 2009-12-31 16:50	353792              c:\windows\system32\dllcache\srv.sys
+ 2008-04-14 05:52 . 2009-12-08 09:23	474624              c:\windows\system32\dllcache\shlwapi.dll
- 2008-04-14 05:52 . 2008-04-14 05:52	474624              c:\windows\system32\dllcache\shlwapi.dll
+ 2008-04-14 05:52 . 2009-10-12 13:38	150528              c:\windows\system32\dllcache\rastls.dll
- 2008-04-14 05:52 . 2009-08-29 07:24	102912              c:\windows\system32\dllcache\occache.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	102912              c:\windows\system32\dllcache\occache.dll
+ 2008-04-14 05:52 . 2009-10-13 10:32	271360              c:\windows\system32\dllcache\oakley.dll
- 2008-04-14 05:52 . 2008-04-14 05:52	271360              c:\windows\system32\dllcache\oakley.dll
- 2008-04-14 05:52 . 2009-08-29 07:24	671232              c:\windows\system32\dllcache\mstime.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	671232              c:\windows\system32\dllcache\mstime.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	193024              c:\windows\system32\dllcache\msrating.dll
- 2008-04-14 05:52 . 2009-08-29 07:24	193024              c:\windows\system32\dllcache\msrating.dll
+ 2009-03-28 10:07 . 2009-12-17 07:40	346624              c:\windows\system32\dllcache\mspaint.exe
- 2009-03-28 10:07 . 2008-04-14 05:52	346624              c:\windows\system32\dllcache\mspaint.exe
- 2008-04-14 05:52 . 2009-08-29 07:24	477696              c:\windows\system32\dllcache\mshtmled.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	477696              c:\windows\system32\dllcache\mshtmled.dll
- 2009-03-28 12:23 . 2009-08-29 07:24	459264              c:\windows\system32\dllcache\msfeeds.dll
+ 2009-03-28 12:23 . 2010-05-04 17:14	459264              c:\windows\system32\dllcache\msfeeds.dll
+ 2009-03-28 11:56 . 2010-02-24 13:11	455680              c:\windows\system32\dllcache\mrxsmb.sys
+ 2009-03-28 10:09 . 2010-01-29 14:59	691712              c:\windows\system32\dllcache\inetcomm.dll
- 2009-03-28 10:09 . 2008-04-11 19:04	691712              c:\windows\system32\dllcache\inetcomm.dll
+ 2009-03-28 10:08 . 2010-04-16 11:43	634656              c:\windows\system32\dllcache\iexplore.exe
- 2009-03-28 12:23 . 2009-08-29 07:24	268288              c:\windows\system32\dllcache\iertutil.dll
+ 2009-03-28 12:23 . 2010-05-04 17:14	268288              c:\windows\system32\dllcache\iertutil.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	192512              c:\windows\system32\dllcache\iepeers.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	385024              c:\windows\system32\dllcache\iedkcs32.dll
- 2008-04-14 05:52 . 2009-08-29 07:24	385024              c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-28 12:23 . 2009-08-29 07:24	380928              c:\windows\system32\dllcache\ieapfltr.dll
+ 2009-03-28 12:23 . 2010-05-04 17:14	380928              c:\windows\system32\dllcache\ieapfltr.dll
+ 2003-04-02 12:00 . 2010-04-16 11:43	161792              c:\windows\system32\dllcache\ieakui.dll
- 2003-04-02 12:00 . 2009-08-27 05:18	161792              c:\windows\system32\dllcache\ieakui.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	230400              c:\windows\system32\dllcache\ieaksie.dll
- 2008-04-14 05:52 . 2009-08-29 07:24	230400              c:\windows\system32\dllcache\ieaksie.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	153088              c:\windows\system32\dllcache\ieakeng.dll
- 2008-04-14 05:52 . 2009-08-29 07:24	153088              c:\windows\system32\dllcache\ieakeng.dll
+ 2009-10-20 16:20 . 2009-10-20 16:20	265728              c:\windows\system32\dllcache\http.sys
+ 2008-04-14 05:52 . 2010-05-04 17:14	133120              c:\windows\system32\dllcache\extmgr.dll
- 2008-04-14 05:52 . 2009-08-29 07:24	133120              c:\windows\system32\dllcache\extmgr.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	214528              c:\windows\system32\dllcache\dxtrans.dll
- 2008-04-14 05:52 . 2009-08-29 07:24	214528              c:\windows\system32\dllcache\dxtrans.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	347136              c:\windows\system32\dllcache\dxtmsft.dll
- 2008-04-14 05:52 . 2009-08-29 07:24	347136              c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-04-14 05:50 . 2010-04-20 05:29	285696              c:\windows\system32\dllcache\atmfd.dll
- 2008-04-14 05:50 . 2008-04-14 05:50	285696              c:\windows\system32\dllcache\atmfd.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	124928              c:\windows\system32\dllcache\advpack.dll
- 2008-04-14 05:52 . 2009-08-29 07:24	124928              c:\windows\system32\dllcache\advpack.dll
+ 2008-04-14 05:52 . 2009-11-21 15:54	471552              c:\windows\system32\dllcache\aclayers.dll
+ 2008-04-14 05:52 . 2010-02-12 04:33	100864              c:\windows\system32\dllcache\6to4svc.dll
+ 2010-07-08 10:35 . 2010-07-08 10:35	303104              c:\windows\system32\config\systemprofile\ntuser.dat
- 2008-04-14 05:52 . 2009-08-29 07:24	124928              c:\windows\system32\advpack.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	124928              c:\windows\system32\advpack.dll
+ 2008-04-14 05:52 . 2010-02-12 04:33	100864              c:\windows\system32\6to4svc.dll
+ 2010-03-30 22:16 . 2010-03-30 22:16	130408              c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2010-04-07 21:48 . 2010-04-07 21:48	970752              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
- 2008-07-29 18:16 . 2008-07-29 18:16	110592              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-04-07 21:48 . 2010-04-07 21:48	110592              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-03-23 03:31 . 2010-03-23 03:31	435024              c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2008-07-25 10:17 . 2008-07-25 10:17	258048              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-02-09 10:22 . 2010-02-09 10:22	258048              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2009-09-03 09:25 . 2009-09-03 09:25	627200              c:\windows\Installer\8944467.msp
+ 2010-07-08 10:42 . 2010-07-08 10:42	195584              c:\windows\Installer\89443e9.msi
+ 2010-02-24 22:14 . 2010-02-24 22:14	543232              c:\windows\Installer\89443c6.msp
+ 2009-09-03 09:25 . 2009-09-03 09:25	627200              c:\windows\Installer\52337c4.msp
+ 2010-07-09 20:05 . 2010-07-09 20:05	195584              c:\windows\Installer\5233776.msi
+ 2009-03-28 16:27 . 2010-07-09 20:10	409600              c:\windows\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-03-28 16:27 . 2009-10-17 22:23	409600              c:\windows\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-03-28 16:27 . 2010-07-09 20:10	286720              c:\windows\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-03-28 16:27 . 2009-10-17 22:23	286720              c:\windows\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-03-28 16:27 . 2010-07-09 20:10	249856              c:\windows\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-03-28 16:27 . 2009-10-17 22:23	249856              c:\windows\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-03-28 16:27 . 2010-07-09 20:10	794624              c:\windows\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-03-28 16:27 . 2009-10-17 22:23	794624              c:\windows\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-03-28 16:27 . 2010-07-09 20:10	135168              c:\windows\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-03-28 16:27 . 2009-10-17 22:23	135168              c:\windows\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-05-10 12:35 . 2007-05-10 12:35	120160              c:\windows\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.8173\MSCONV97.DLL
+ 2010-07-08 10:36 . 2009-08-29 07:24	832512              c:\windows\ie7updates\KB982381-IE7\wininet.dll
+ 2010-07-08 10:36 . 2009-08-29 07:24	233472              c:\windows\ie7updates\KB982381-IE7\webcheck.dll
+ 2010-07-08 10:36 . 2009-08-29 07:24	105984              c:\windows\ie7updates\KB982381-IE7\url.dll
+ 2010-07-08 10:36 . 2009-05-26 11:40	388984              c:\windows\ie7updates\KB982381-IE7\spuninst\updspapi.dll
+ 2010-07-08 10:36 . 2008-07-08 13:00	234872              c:\windows\ie7updates\KB982381-IE7\spuninst\spuninst.exe
+ 2010-07-08 10:36 . 2009-08-29 07:24	102912              c:\windows\ie7updates\KB982381-IE7\occache.dll
+ 2010-07-08 10:36 . 2009-08-29 07:24	671232              c:\windows\ie7updates\KB982381-IE7\mstime.dll
+ 2010-07-08 10:36 . 2009-08-29 07:24	193024              c:\windows\ie7updates\KB982381-IE7\msrating.dll
+ 2010-07-08 10:36 . 2009-08-29 07:24	477696              c:\windows\ie7updates\KB982381-IE7\mshtmled.dll
+ 2010-07-08 10:36 . 2009-08-29 07:24	459264              c:\windows\ie7updates\KB982381-IE7\msfeeds.dll
+ 2010-07-08 10:36 . 2009-08-27 05:18	634648              c:\windows\ie7updates\KB982381-IE7\iexplore.exe
+ 2010-07-08 10:36 . 2009-08-29 07:24	268288              c:\windows\ie7updates\KB982381-IE7\iertutil.dll
+ 2010-07-08 10:36 . 2007-08-13 17:54	191488              c:\windows\ie7updates\KB982381-IE7\iepeers.dll
+ 2010-07-08 10:36 . 2009-08-29 07:24	385024              c:\windows\ie7updates\KB982381-IE7\iedkcs32.dll
+ 2010-07-08 10:36 . 2009-08-29 07:24	380928              c:\windows\ie7updates\KB982381-IE7\ieapfltr.dll
+ 2010-07-08 10:36 . 2009-08-27 05:18	161792              c:\windows\ie7updates\KB982381-IE7\ieakui.dll
+ 2010-07-08 10:36 . 2009-08-29 07:24	230400              c:\windows\ie7updates\KB982381-IE7\ieaksie.dll
+ 2010-07-08 10:36 . 2009-08-29 07:24	153088              c:\windows\ie7updates\KB982381-IE7\ieakeng.dll
+ 2010-07-08 10:36 . 2009-08-29 07:24	133120              c:\windows\ie7updates\KB982381-IE7\extmgr.dll
+ 2010-07-08 10:36 . 2009-08-29 07:24	214528              c:\windows\ie7updates\KB982381-IE7\dxtrans.dll
+ 2010-07-08 10:36 . 2009-08-29 07:24	347136              c:\windows\ie7updates\KB982381-IE7\dxtmsft.dll
+ 2010-07-08 10:36 . 2009-08-29 07:24	124928              c:\windows\ie7updates\KB982381-IE7\advpack.dll
+ 2009-03-28 11:56 . 2010-02-24 13:11	455680              c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2009-10-20 16:20 . 2009-10-20 16:20	265728              c:\windows\Driver Cache\i386\http.sys
+ 2010-07-08 11:09 . 2010-07-08 11:09	321536              c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\4d07b1ccecca66f320c1a0971dd614d1\WsatConfig.ni.exe
+ 2010-07-08 10:52 . 2010-07-08 10:52	240128              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b3a9fac9aea3ad913781fafbdcbb0cae\WindowsFormsIntegration.ni.dll
+ 2010-07-08 10:44 . 2010-07-08 10:44	240128              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a7c702f75d47bf841b9587e582c2d0b2\WindowsFormsIntegration.ni.dll
+ 2010-07-08 10:52 . 2010-07-08 10:52	447488              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\4131a3627fec69291dbaed236f30dc65\UIAutomationClient.ni.dll
+ 2010-07-08 10:44 . 2010-07-08 10:44	447488              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\3a78043c85333d5af49a0d958912ae4a\UIAutomationClient.ni.dll
+ 2010-07-08 11:11 . 2010-07-08 11:11	400896              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\747e84d81d1de2041661f0f71b04734a\System.Xml.Linq.ni.dll
+ 2010-07-08 11:10 . 2010-07-08 11:10	129536              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\d51dfbd8d5431eb89181baaa24863e15\System.Web.Routing.ni.dll
+ 2010-07-08 11:11 . 2010-07-08 11:11	202240              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\436dde9611932489da3dc8a1be170843\System.Web.RegularExpressions.ni.dll
+ 2010-07-08 11:11 . 2010-07-08 11:11	859648              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\e8ef769b3e899e62b26daadee50b97ed\System.Web.Extensions.Design.ni.dll
+ 2010-07-08 11:10 . 2010-07-08 11:10	328704              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\ce3b446b7bee5c47949c994ec89b1649\System.Web.Entity.ni.dll
+ 2010-07-08 11:10 . 2010-07-08 11:10	301056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ad04fe1182e55e7c01066b62a4bee6b5\System.Web.Entity.Design.ni.dll
+ 2010-07-08 11:10 . 2010-07-08 11:10	547328              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\20ba0d4d182a1a9c1f54c00d3bc29a68\System.Web.DynamicData.ni.dll
+ 2010-07-08 11:10 . 2010-07-08 11:10	141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\c97ecf9250c2f0794262534f27f98b72\System.Web.Abstractions.ni.dll
+ 2010-07-08 11:10 . 2010-07-08 11:10	627200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9c56656c88979cf18de6cbcb6587ba8f\System.Transactions.ni.dll
+ 2010-07-08 11:10 . 2010-07-08 11:10	212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll
+ 2010-07-08 11:09 . 2010-07-08 11:09	679936              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\42b2ffb594dbd5652a576a0dce28722c\System.Security.ni.dll
+ 2010-07-08 11:10 . 2010-07-08 11:10	311296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3231473e2ec4451c8f218930fda80d19\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-07-08 11:10 . 2010-07-08 11:10	621056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\f90965b9d9a6a6604c9a66f57c37c026\System.Net.ni.dll
+ 2010-07-08 11:10 . 2010-07-08 11:10	998400              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\16670b6870746e5a8dc4a73a76a90bed\System.Management.ni.dll
+ 2010-07-08 11:10 . 2010-07-08 11:10	330752              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e6bd59fec415e273c173170c6508180a\System.Management.Instrumentation.ni.dll
+ 2010-07-08 11:08 . 2010-07-08 11:08	381440              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e3eb86170cba4c80e6e22ca33c63c218\System.IO.Log.ni.dll
+ 2010-07-08 11:09 . 2010-07-08 11:09	212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cfa48936affc9a5fb89f0bf66cc52a47\System.IdentityModel.Selectors.ni.dll
+ 2010-07-08 11:10 . 2010-07-08 11:10	280064              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.Wrapper.dll
+ 2010-07-08 11:10 . 2010-07-08 11:10	627712              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.ni.dll
+ 2010-07-08 10:43 . 2010-07-08 10:43	208384              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\aeba6820f20655dec7fe0fe05aaeb818\System.Drawing.Design.ni.dll
+ 2010-07-08 11:10 . 2010-07-08 11:10	455680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\9ef70079beca3a9982a3aa76ebc0ddd8\System.DirectoryServices.Protocols.ni.dll
+ 2010-07-08 11:10 . 2010-07-08 11:10	881152              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\277619716d9136216065bea970365c65\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-07-08 11:10 . 2010-07-08 11:10	939008              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\90b67e13866b176ae6cbdb23144f724d\System.Data.Services.Client.ni.dll
+ 2010-07-08 11:10 . 2010-07-08 11:10	354816              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\131a477d41a8669b15696128b94c2636\System.Data.Services.Design.ni.dll
+ 2010-07-08 11:10 . 2010-07-08 11:10	756736              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\d4990681ce373d81a52b231ee4c4afea\System.Data.Entity.Design.ni.dll
+ 2010-07-08 11:09 . 2010-07-08 11:09	135680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\9e9d66a3a0e16fceead505c25af569eb\System.Data.DataSetExtensions.ni.dll
+ 2010-07-08 11:09 . 2010-07-08 11:09	971264              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll
+ 2010-07-08 11:10 . 2010-07-08 11:10	141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\39e4f9a276fb12125d8a1444d8b65a84\System.Configuration.Install.ni.dll
+ 2010-07-08 11:09 . 2010-07-08 11:09	633856              c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\849916c5cb3ff7763d15a3976766c2f6\System.AddIn.ni.dll
+ 2010-07-08 11:09 . 2010-07-08 11:09	366080              c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\f38a426b90e6c526dcb2c435c7380450\SMSvcHost.ni.exe
+ 2010-07-08 11:09 . 2010-07-08 11:09	256000              c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6cabc7d1700c224e8b41ff2f96a3087c\SMDiagnostics.ni.dll
+ 2010-07-08 11:09 . 2010-07-08 11:09	320512              c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5c8f5ca36498f43980d64820d8186c8a\ServiceModelReg.ni.exe
+ 2010-07-08 10:43 . 2010-07-08 10:43	258048              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ae733e4062edba3a33bb0a632bef66bf\PresentationFramework.Royale.ni.dll
+ 2010-07-08 10:51 . 2010-07-08 10:51	368128              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a10c2c7e38291c3ada631ad13e762818\PresentationFramework.Aero.ni.dll
+ 2010-07-08 10:51 . 2010-07-08 10:51	539648              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7579c76fa81eb309d3170b62467be58d\PresentationFramework.Luna.ni.dll
+ 2010-07-08 10:43 . 2010-07-08 10:43	368128              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3ffad524016f0aba7b11a8aa33301a65\PresentationFramework.Aero.ni.dll
+ 2010-07-08 10:51 . 2010-07-08 10:51	224768              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bef0992fb684e71dbfab5c0a99316af\PresentationFramework.Classic.ni.dll
+ 2010-07-08 10:51 . 2010-07-08 10:51	258048              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2f6687d394813d760496f60acf046384\PresentationFramework.Royale.ni.dll
+ 2010-07-08 10:43 . 2010-07-08 10:43	224768              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\201968d038a23a4688310fed1eeaddaa\PresentationFramework.Classic.ni.dll
+ 2010-07-08 10:43 . 2010-07-08 10:43	539648              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ead87ca8eb84c595c77c70e3b2df88d\PresentationFramework.Luna.ni.dll
+ 2010-07-08 11:09 . 2010-07-08 11:09	133632              c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7700963610c1af364aa934c3c824b7b4\MSBuild.ni.exe
+ 2010-07-08 11:09 . 2010-07-08 11:09	386560              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\c74d4c69c49992dfb23ba512081dc3de\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-07-08 11:09 . 2010-07-08 11:09	968192              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\bbf74b459d5c14b9350e9e3e8be54b63\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2010-07-08 11:09 . 2010-07-08 11:09	492032              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\9e15eb944d3539e8218e1aea6961d504\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2010-07-08 11:09 . 2010-07-08 11:09	148480              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\74ab40b9989da14f17c08a80365c83be\Microsoft.PowerShell.Security.ni.dll
+ 2010-07-08 11:09 . 2010-07-08 11:09	433664              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\35012993fec0cae42b09d8fd2452367c\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2010-07-08 11:09 . 2010-07-08 11:09	144384              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\a6a9f24b1a8984eaafbabb1ee968e359\Microsoft.Build.Utilities.ni.dll
+ 2010-07-08 11:09 . 2010-07-08 11:09	175104              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\2fa81d363cb1496be2427d848a867409\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-07-08 11:09 . 2010-07-08 11:09	839680              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\c4c360df9c1024ebc3f0de77f5cf8b1c\Microsoft.Build.Engine.ni.dll
+ 2010-07-08 11:09 . 2010-07-08 11:09	222720              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c9386dcd89c2518a74115f3bfd861830\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-07-08 11:08 . 2010-07-08 11:08	410112              c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\abb62e3ed74c974f0282bc7ea5d3f1c1\ComSvcConfig.ni.exe
+ 2010-07-08 11:09 . 2010-07-08 11:09	842240              c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\6d34f00b6a782d15bec70d6cdb00b5e8\AspNetMMCExt.ni.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	839680              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	839680              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-07-08 10:42 . 2010-07-08 10:42	970752              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	303104              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	303104              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	372736              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	372736              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-07-08 10:42 . 2010-07-08 10:42	438272              c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	626688              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	626688              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	401408              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	401408              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	970752              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	970752              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	745472              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	745472              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	425984              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	425984              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-07-08 10:42 . 2010-07-08 10:42	110592              c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-03-28 12:11 . 2009-03-28 12:11	110592              c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	659456              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	659456              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	749568              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	749568              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	655360              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	655360              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	348160              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	348160              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	507904              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	507904              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	261632              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	261632              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	113664              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	113664              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	258048              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	258048              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	486400              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	486400              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-04-14 05:52 . 2009-11-21 15:54	471552              c:\windows\AppPatch\aclayers.dll
+ 2009-03-28 10:09 . 2009-08-06 17:23	1929952              c:\windows\system32\wuaueng.dll
+ 2008-04-14 05:53 . 2010-04-06 02:52	2462720              c:\windows\system32\WMVCore.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	1168384              c:\windows\system32\urlmon.dll
- 2008-04-14 05:52 . 2009-08-29 07:24	1168384              c:\windows\system32\urlmon.dll
+ 2008-04-14 05:52 . 2009-12-22 05:07	1509888              c:\windows\system32\shdocvw.dll
+ 2008-04-14 05:52 . 2010-02-05 18:25	1297408              c:\windows\system32\quartz.dll
+ 2008-04-14 05:29 . 2010-02-16 19:04	2148864              c:\windows\system32\ntoskrnl.exe
+ 2008-04-14 07:30 . 2010-02-16 19:04	2027008              c:\windows\system32\ntkrnlpa.exe
+ 2008-04-14 05:52 . 2009-07-31 08:02	1372672              c:\windows\system32\msxml6.dll
+ 2008-04-14 05:52 . 2009-07-31 04:32	1172480              c:\windows\system32\msxml3.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	3600384              c:\windows\system32\mshtml.dll
- 2007-08-13 17:54 . 2009-08-29 07:24	6067200              c:\windows\system32\ieframe.dll
+ 2007-08-13 17:54 . 2010-05-04 17:14	6067200              c:\windows\system32\ieframe.dll
+ 2009-03-28 10:09 . 2009-08-06 17:23	1929952              c:\windows\system32\dllcache\wuaueng.dll
+ 2008-04-14 05:53 . 2010-04-06 02:52	2462720              c:\windows\system32\dllcache\WMVCore.dll
+ 2008-04-14 05:23 . 2010-05-02 08:05	1851392              c:\windows\system32\dllcache\win32k.sys
+ 2008-04-14 05:52 . 2010-05-04 17:14	1168384              c:\windows\system32\dllcache\urlmon.dll
- 2008-04-14 05:52 . 2009-08-29 07:24	1168384              c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-14 05:52 . 2010-02-05 18:25	1297408              c:\windows\system32\dllcache\quartz.dll
+ 2009-03-28 11:56 . 2010-02-17 12:04	2192256              c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-03-28 11:56 . 2010-02-16 19:04	2027008              c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-03-28 11:56 . 2010-02-16 19:04	2069120              c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-03-28 11:56 . 2010-02-16 19:04	2148864              c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-04-14 05:52 . 2009-07-31 08:02	1372672              c:\windows\system32\dllcache\msxml6.dll
+ 2008-04-14 05:52 . 2009-07-31 04:32	1172480              c:\windows\system32\dllcache\msxml3.dll
+ 2009-03-28 10:09 . 2010-01-29 14:59	1315328              c:\windows\system32\dllcache\msoe.dll
- 2009-03-28 10:09 . 2009-07-10 13:26	1315328              c:\windows\system32\dllcache\msoe.dll
+ 2008-04-14 05:52 . 2010-05-04 17:14	3600384              c:\windows\system32\dllcache\mshtml.dll
+ 2009-03-28 10:09 . 2009-10-23 15:28	3558912              c:\windows\system32\dllcache\moviemk.exe
- 2009-03-28 10:09 . 2008-04-14 05:52	3558912              c:\windows\system32\dllcache\moviemk.exe
+ 2009-03-28 12:23 . 2010-05-04 17:14	6067200              c:\windows\system32\dllcache\ieframe.dll
- 2009-03-28 12:23 . 2009-08-29 07:24	6067200              c:\windows\system32\dllcache\ieframe.dll
+ 2009-11-06 23:06 . 2009-11-06 23:06	1130824              c:\windows\system32\dfshim.dll
+ 2010-04-07 21:48 . 2010-04-07 21:48	5967872              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2010-03-23 03:32 . 2010-03-23 03:32	5242880              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2008-11-25 03:59 . 2008-11-25 03:59	5242880              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 03:32 . 2010-03-23 03:32	3182592              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2009-10-16 16:07 . 2009-10-16 16:07	6115328              c:\windows\Installer\89444a0.msp
+ 2010-05-03 14:27 . 2010-05-03 14:27	6825472              c:\windows\Installer\894447a.msp
+ 2010-05-04 20:25 . 2010-05-04 20:25	7681024              c:\windows\Installer\894444c.msp
+ 2010-05-10 15:17 . 2010-05-10 15:17	5520896              c:\windows\Installer\8944439.msp
+ 2009-11-08 22:25 . 2009-11-08 22:25	1935360              c:\windows\Installer\8944419.msp
+ 2009-12-16 20:58 . 2009-12-16 20:58	5382144              c:\windows\Installer\89443fe.msp
+ 2010-04-11 20:17 . 2010-04-11 20:17	2607104              c:\windows\Installer\89443d3.msp
+ 2010-04-11 20:17 . 2010-04-11 20:17	4210688              c:\windows\Installer\89443d2.msp
+ 2010-05-03 14:06 . 2010-05-03 14:06	5053952              c:\windows\Installer\89443b9.msp
+ 2009-10-16 16:07 . 2009-10-16 16:07	6115328              c:\windows\Installer\52337fa.msp
+ 2010-05-03 14:27 . 2010-05-03 14:27	6825472              c:\windows\Installer\52337d6.msp
+ 2010-05-04 20:25 . 2010-05-04 20:25	7681024              c:\windows\Installer\52337ab.msp
+ 2010-05-10 15:17 . 2010-05-10 15:17	5520896              c:\windows\Installer\5233799.msp
+ 2009-12-16 20:58 . 2009-12-16 20:58	5382144              c:\windows\Installer\5233787.msp
+ 2010-05-03 14:06 . 2010-05-03 14:06	5053952              c:\windows\Installer\523376f.msp
+ 2007-04-19 11:49 . 2007-04-19 11:49	1661280              c:\windows\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.8173\PPTVIEW.EXE
+ 2010-07-08 10:36 . 2009-08-29 07:24	1168384              c:\windows\ie7updates\KB982381-IE7\urlmon.dll
+ 2010-07-08 10:36 . 2009-08-29 07:24	3598336              c:\windows\ie7updates\KB982381-IE7\mshtml.dll
+ 2010-07-08 10:36 . 2009-08-29 07:24	6067200              c:\windows\ie7updates\KB982381-IE7\ieframe.dll
+ 2009-03-28 11:56 . 2010-02-17 12:04	2192256              c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-03-28 11:56 . 2010-02-16 19:04	2027008              c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-03-28 11:56 . 2010-02-16 19:04	2069120              c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-03-28 11:56 . 2010-02-16 19:04	2148864              c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-07-08 10:42 . 2010-07-08 10:42	3313664              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\f231461883859922a040002dddfb7b12\WindowsBase.ni.dll
+ 2010-07-08 10:51 . 2010-07-08 10:51	3325440              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d63164ac4ed5adabc6a1b0fdf07eee05\WindowsBase.ni.dll
+ 2010-07-08 10:52 . 2010-07-08 10:52	1049600              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\d8549ce90b26cdc3071224ab6f020189\UIAutomationClientsideProviders.ni.dll
+ 2010-07-08 10:44 . 2010-07-08 10:44	1049600              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\48b66876f72f472db62de48ae4369406\UIAutomationClientsideProviders.ni.dll
+ 2010-07-08 10:42 . 2010-07-08 10:42	7949824              c:\windows\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
+ 2010-07-08 10:44 . 2010-07-08 10:44	5450752              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
+ 2010-07-08 11:11 . 2010-07-08 11:11	1356288              c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\016b75f60a18535c8d6b3e5d861ab559\System.WorkflowServices.ni.dll
+ 2010-07-08 11:11 . 2010-07-08 11:11	1908224              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6dacae37d337004345518976fb57099e\System.Workflow.Runtime.ni.dll
+ 2010-07-08 11:11 . 2010-07-08 11:11	4514304              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c7b832bbc5bb11c6c7f128c801ce90d7\System.Workflow.ComponentModel.ni.dll
+ 2010-07-08 11:11 . 2010-07-08 11:11	2992640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\b9ea6ea910293cd6f13f765775867ebd\System.Workflow.Activities.ni.dll
+ 2010-07-08 11:11 . 2010-07-08 11:11	1840640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8ef8d556899a4a10b7f288a80925489f\System.Web.Services.ni.dll
+ 2010-07-08 11:11 . 2010-07-08 11:11	2209280              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\5dfda43f1991ee6ba345d62b2be4801c\System.Web.Mobile.ni.dll
+ 2010-07-08 11:10 . 2010-07-08 11:10	2403328              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f08b3b8cdf548e3dfe61f342536175eb\System.Web.Extensions.ni.dll
+ 2010-07-08 10:43 . 2010-07-08 10:43	1917952              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2d6a5dbee4506bf643b853e41668afa3\System.Speech.ni.dll
+ 2010-07-08 11:10 . 2010-07-08 11:10	1706496              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\169fe0ad9d59982a2a6b89779c09885b\System.ServiceModel.Web.ni.dll
+ 2010-07-08 11:08 . 2010-07-08 11:08	2345472              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8b2710a63ecd363315ef16b257588b95\System.Runtime.Serialization.ni.dll
+ 2010-07-08 10:52 . 2010-07-08 10:52	1035264              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\af217ef58e5558991f331d482c2bdba6\System.Printing.ni.dll
+ 2010-07-08 10:43 . 2010-07-08 10:43	1035264              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\161b423dc4e86e569af019e838d39de5\System.Printing.ni.dll
+ 2010-07-08 11:10 . 2010-07-08 11:10	4949504              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\f78055e92b5643fcae09779fabcbde34\System.Management.Automation.ni.dll
+ 2010-07-08 11:08 . 2010-07-08 11:08	1070080              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\ad4fb86064d7a1ebcb9ee997e7208ac1\System.IdentityModel.ni.dll
+ 2010-07-08 10:43 . 2010-07-08 10:43	1587200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll
+ 2010-07-08 11:10 . 2010-07-08 11:10	1116672              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7deab2494d53763cd83c567e71e0d8e0\System.DirectoryServices.ni.dll
+ 2010-07-08 11:10 . 2010-07-08 11:10	1801216              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\b81efadfee7702624b713c6d86f7e369\System.Deployment.ni.dll
+ 2010-07-08 10:43 . 2010-07-08 10:43	6616576              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\50130ef751b98a4a11bd4ab73af7cab5\System.Data.ni.dll
+ 2010-07-08 11:09 . 2010-07-08 11:09	2510336              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f71abf392c5ca05a4e46a5d1c4c72856\System.Data.SqlXml.ni.dll
+ 2010-07-08 11:10 . 2010-07-08 11:10	1328128              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\5e6311aff5ada83d0f854922fa62faf6\System.Data.Services.ni.dll
+ 2010-07-08 10:43 . 2010-07-08 10:43	2516480              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3ba3367d03779ad6e76c5d4cdfe572a\System.Data.Linq.ni.dll
+ 2010-07-08 11:10 . 2010-07-08 11:10	9924096              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6abf820d8ec57a0561c3367727d274df\System.Data.Entity.ni.dll
+ 2010-07-08 10:43 . 2010-07-08 10:43	2295296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e98726349766935ec0e9b980f19a046a\System.Core.ni.dll
+ 2010-07-08 10:43 . 2010-07-08 10:43	2128896              c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\fc373f0a8dbd173c63b6b95551b1c673\ReachFramework.ni.dll
+ 2010-07-08 10:52 . 2010-07-08 10:52	2128896              c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\57abb757c1f38586390dcc63bf056322\ReachFramework.ni.dll
+ 2010-07-08 10:43 . 2010-07-08 10:43	1657856              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\ead93b6a4f0101cb99d09f3e3fc6491c\PresentationUI.ni.dll
+ 2010-07-08 10:51 . 2010-07-08 10:51	1657856              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\0095ba60255d4addaf5b8ebee697a027\PresentationUI.ni.dll
+ 2010-07-08 10:42 . 2010-07-08 10:42	1451008              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\20ef773b20f6ce721ae60e5c2c2e8f80\PresentationBuildTasks.ni.dll
+ 2010-07-08 11:09 . 2010-07-08 11:09	1712128              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\935b855860088a86bb65d37a19f059cc\Microsoft.VisualBasic.ni.dll
+ 2010-07-08 11:09 . 2010-07-08 11:09	1093120              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7a266de493d30eed21cb60ebe300be53\Microsoft.Transactions.Bridge.ni.dll
+ 2010-07-08 11:10 . 2010-07-08 11:10	2332160              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\9db8f9f7fe63ca4451bb5316a3ebb009\Microsoft.JScript.ni.dll
+ 2010-07-08 11:09 . 2010-07-08 11:09	1966080              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\c96be82d6cb00367db4e3553272165ef\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-07-08 11:09 . 2010-07-08 11:09	1620992              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3815de5b052187b5d9375681a6784255\Microsoft.Build.Tasks.ni.dll
+ 2010-07-08 11:09 . 2010-07-08 11:09	1888768              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\43fc6723d08e9ce88701c29653efd224\Microsoft.Build.Engine.ni.dll
+ 2010-07-08 10:50 . 2010-07-08 10:50	1249280              c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	3182592              c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	2048000              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	2048000              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	5025792              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	5025792              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-07-08 10:42 . 2010-07-08 10:42	5967872              c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	5062656              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	5062656              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-07-08 10:50 . 2010-07-08 10:50	5279744              c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	5242880              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	5242880              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	2933248              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	2933248              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-03-28 12:11 . 2009-03-28 12:11	4210688              c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-07-08 10:50 . 2010-07-08 10:50	4210688              c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-07-08 10:49 . 2010-07-08 10:49	4546560              c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-10-17 22:25 . 2009-10-17 22:25	4546560              c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-03-28 12:06 . 2010-05-28 10:37	32472008              c:\windows\system32\MRT.exe
+ 2010-05-11 09:30 . 2010-05-11 09:30	11194880              c:\windows\Installer\894448d.msp
+ 2010-07-08 10:52 . 2010-07-08 10:52	15710720              c:\windows\Installer\8944455.msp
+ 2010-03-30 23:23 . 2010-03-30 23:23	15638528              c:\windows\Installer\8944426.msp
+ 2010-04-11 20:17 . 2010-04-11 20:17	14599680              c:\windows\Installer\89443e2.msp
+ 2010-07-09 22:00 . 2010-07-09 22:00	20242432              c:\windows\Installer\58d4adb.msp
+ 2010-05-11 09:30 . 2010-05-11 09:30	11194880              c:\windows\Installer\52337e8.msp
+ 2010-07-09 20:06 . 2010-07-09 20:06	15710720              c:\windows\Installer\52337b3.msp
+ 2010-07-08 10:44 . 2010-07-08 10:44	12430848              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll
+ 2010-07-08 11:10 . 2010-07-08 11:10	11797504              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll
+ 2010-07-08 11:08 . 2010-07-08 11:08	17403904              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8b74f2fe3f3632f95ff4ddb8c4839a1e\System.ServiceModel.ni.dll
+ 2010-07-08 10:43 . 2010-07-08 10:43	10683392              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f352c5cb50bee105e4c873ca050f9f46\System.Design.ni.dll
+ 2010-07-08 10:43 . 2010-07-08 10:43	14327808              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ca898d942e4d85af4c3d5f14a77c359a\PresentationFramework.ni.dll
+ 2010-07-08 10:51 . 2010-07-08 10:51	14328320              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\560662ada034afb6ec78a152bd9a47b5\PresentationFramework.ni.dll
+ 2010-07-08 10:42 . 2010-07-08 10:42	12216320              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ba8f917fd89d7afa8885c2a326379f03\PresentationCore.ni.dll
+ 2010-07-08 10:51 . 2010-07-08 10:51	12215808              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9f5dff344ac6ac923b5ade8ba1ab9382\PresentationCore.ni.dll
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 142360]
"LtMoh"="c:\programme\ltmoh\Ltmoh.exe" [2005-12-16 188416]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-02 17530368]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-03-28 148888]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1343488]
"AVP"="c:\programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-30 208616]
"DataCardMonitor"="c:\programme\Huawei Modems\DataCardMonitor.exe" [2009-03-28 249856]
"THotkey"="c:\programme\Toshiba\Toshiba Applet\thotkey.exe" [2008-05-27 360448]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-06-15 141624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Aktualisierungsagent.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Aktualisierungsagent.lnk
backup=c:\windows\pss\Aktualisierungsagent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 14:33	141624	----a-w-	c:\programme\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 20:16	421888	----a-w-	c:\programme\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
2008-05-27 07:23	360448	----a-w-	c:\programme\TOSHIBA\TOSHIBA Applet\THotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\system32\\pol32evt.exe"=
"c:\\PROGRA~1\\MICROS~3\\OFFICE11\\OUTLOOK.EXE"=
"c:\\Programme\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:Public ShareFolder - DCOM Access
"137:UDP"= 137:UDP:@xpsp2res.dll,-22001

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29.01.2008 18:29 33808]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [06.07.2010 18:56 218592]
R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [15.06.2009 21:03 20992]
R1 cdrport;cdrport;c:\windows\system32\drivers\cdrport.sys [15.06.2009 21:03 4608]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programme\Spyware Doctor\BDT\BDTUpdateService.exe [06.07.2010 19:00 198608]
R2 gtdetectsc;GtDetectSc Service;c:\windows\system32\Gtdetectsc.exe [28.03.2009 18:54 122880]
R2 GtFlashSwitch;GtFlashSwitch;c:\programme\Gemeinsame Dateien\GtFlashSwitch\GtFlashSwitch.exe [09.02.2007 15:48 176128]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [30.03.2009 10:20 5888]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13.03.2008 19:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30.04.2008 18:06 24592]
R3 mdvdrv;Connectivity Driver;c:\windows\system32\drivers\mdvdrv.sys [28.03.2009 22:38 115200]
S2 gupdate1c9b0b0eef0a210;Google Update Service (gupdate1c9b0b0eef0a210);c:\programme\Google\Update\GoogleUpdate.exe [29.03.2009 22:57 133104]
S2 SUNLITE;SIUDI OUT;c:\windows\system32\drivers\siudi.sys [19.11.2009 15:45 17680]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28.03.2009 12:53 1684736]
S3 AX88172;Conceptronic USB 2.0 10/100 Ethernet Adapter;c:\windows\system32\drivers\ax88172.sys [28.03.2009 13:27 11264]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programme\Spyware Doctor\pctsAuxs.exe [06.07.2010 18:56 366840]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
evclbg
.
Inhalt des "geplante Tasks" Ordners

2010-06-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-03-29 20:57]

2010-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-03-29 20:57]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll
TCP: {77D92AEE-3AAE-4402-B7E6-C6BA2062A83C} = 192.168.0.2
FF - ProfilePath - c:\dokumente und einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\zry0kxrw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://de.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - component: c:\programme\Spyware Doctor\BDT\FireFox\platform\WINNT_x86-msvc\components\libheuristic.dll
FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************
Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DataCardMonitor = c:\programme\Huawei Modems\DataCardMonitor.exe?R ??? ???????OKUME~1\Andreas\LOKALE~1\Temp\DataCardPM32.tmp?nd Einstellungen\Andr?? ?????????????????????????????????????????rogramme\Huawei Modems\DataCardMonitor.exe?x????????????rogramme\Huawei Modems\?Disk 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~ *]
"7040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(2008)
c:\programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(668)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2010-07-11  17:50:13
ComboFix-quarantined-files.txt  2010-07-11 15:50
ComboFix2.txt  2010-07-06 18:24

Vor Suchlauf: 9 Verzeichnis(se), 36.229.517.312 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 36.309.438.464 Bytes frei

- - End Of File - - 6842F9D515466017AC09C94C00C1DAD9
         
--- --- ---

Alt 12.07.2010, 10:32   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Interpretierung Bericht Combofix - Standard

Interpretierung Bericht Combofix



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.07.2010, 10:40   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Interpretierung Bericht Combofix - Standard

Interpretierung Bericht Combofix



Edit: doppelt -.-
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.07.2010, 10:58   #10
McJoy
 
Interpretierung Bericht Combofix - Standard

Interpretierung Bericht Combofix



HAllo Arne,

das habe ich nicht verstanden.
Soll ich das Combofix-Log mit GMER erstellen und dann posten???
Muss ich mit GMER einen erneuten Scan durchführen???
Arbeitet Combofix mit GMER zusammen oder haben die nichts miteinander zu tun?

Lg
Andreas

Alt 12.07.2010, 11:30   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Interpretierung Bericht Combofix - Standard

Interpretierung Bericht Combofix



Lies doch einfach mal die Anleitungen zu GMER und OSAM durch, da steht doch alles
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Interpretierung Bericht Combofix
0 bytes, ?????, avp, avp.exe, browser, combofix, components, controlset002, defender, desktop, einstellungen, entfernen, excel, firefox, google earth, gupdate, homepage, internet, jusched.exe, kaspersky, logfile auswerten, malware, mozilla, nicht sichtbar, programm, scan, security, software, spyware, svchost.exe, system, tcp, udp, usb 2.0, versteckte dateien, windows, windows recovery, windows xp



Ähnliche Themen: Interpretierung Bericht Combofix


  1. Malwarebytes Bericht
    Plagegeister aller Art und deren Bekämpfung - 18.12.2012 (2)
  2. Malwarebytes bericht
    Plagegeister aller Art und deren Bekämpfung - 14.12.2012 (8)
  3. Bericht: USA verdächtigen Iran der Cyberangriffe
    Nachrichten - 13.10.2012 (0)
  4. verschlüsselungstrojaner bericht, wie daten wiederherstellen?
    Log-Analyse und Auswertung - 14.06.2012 (1)
  5. HiJackThis bericht
    Log-Analyse und Auswertung - 10.08.2011 (1)
  6. Malwarebytes-Bericht
    Antiviren-, Firewall- und andere Schutzprogramme - 14.10.2010 (4)
  7. Auswertung von Malwarebytes Bericht
    Plagegeister aller Art und deren Bekämpfung - 15.08.2010 (1)
  8. Malwarebytes Bericht
    Plagegeister aller Art und deren Bekämpfung - 03.05.2010 (1)
  9. Swizzor A im Bericht zu finden?
    Log-Analyse und Auswertung - 30.01.2010 (1)
  10. hijJckThis bericht
    Log-Analyse und Auswertung - 27.02.2009 (5)
  11. Malwarebytes Bericht
    Mülltonne - 15.01.2009 (0)
  12. Scareware. Bericht aus der Sueddeutschen
    Diskussionsforum - 27.12.2008 (5)
  13. SUPERAntiSpyware Bericht
    Mülltonne - 23.11.2008 (0)
  14. combofix bericht wegen vundo trojaner bitte um hilfe
    Plagegeister aller Art und deren Bekämpfung - 21.05.2008 (2)
  15. eScan - Bericht -> corrupted exe ?
    Log-Analyse und Auswertung - 26.05.2007 (2)
  16. BDS/AgentAY HiJack-Bericht
    Log-Analyse und Auswertung - 24.06.2005 (6)
  17. SpyBot-Bericht
    Plagegeister aller Art und deren Bekämpfung - 13.08.2004 (3)

Zum Thema Interpretierung Bericht Combofix - Liebe Fachlleute, meine versteckten Datein waren trotz Aktivierung von "alle Datein und Ordner anzeigen" in den Ordneroptionen unter Ansicht nicht sichtbar (Windows XP). Ich habe nun auf Anraten eines Freundes - Interpretierung Bericht Combofix...
Archiv
Du betrachtest: Interpretierung Bericht Combofix auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.