| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Internetverbindung wird ständig selbstständig unterbrochenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.08.2010, 21:15
| #1 |
 |  Internetverbindung wird ständig selbstständig unterbrochen Hallo, ich habe mir vor ein paar Tagen etwas eingefangen. Seitdem wird ständig die Internetverbindung unterbrochen. Das kann manchmal nach einer Stunde geschehen, manchmal aber auch alle paar Minuten. Fast immer, wenn ich Outlook-Express starte, fliege ich erstmal raus. Aber auch beim Firefox gibt es damit Probleme. Unten das Logfile von HijackThis und Malwarebytes. Danke und viele Grüße, Rainer HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:01:51, on 30.08.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Programme\Norman\Npm\Bin\Elogsvc.exe C:\Programme\Norman\Ngs\Bin\Nnf.exe C:\Programme\Norman\Ngs\Bin\Nprosec.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Norman\Npm\Bin\Zanda.exe C:\Programme\Norman\npm\bin\nvoy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programme\Norman\Npm\Bin\ZLH.EXE C:\Programme\T-DSL SpeedManager\SpeedMgr.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programme\HP\HP Software Update\HPWuSchd2.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe C:\Programme\Corel\Corel MediaOne\CorelIOMonitor.exe C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Norman\Npm\Bin\scheduler.exe C:\Programme\Norman\Npm\Bin\Njeeves.exe C:\Programme\Norman\nse\bin\NSESVC.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programme\Norman\Nvc\Bin\nvcoas.exe C:\Programme\Norman\Nvc\Bin\Nip.exe C:\Programme\T-DSL SpeedManager\tsmsvc.exe C:\Programme\Norman\Nvc\Bin\cclaw.exe C:\Programme\Outlook Express\msimn.exe C:\Programme\Mozilla Firefox\firefox.exe C:\PROGRA~1\Crawler\CToolbar.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll R3 - URLSearchHook: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll O1 - Hosts: ÿþ127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: SparweltGutscheinAlarm.Sparwelt_Gutschein_Tool - {10945114-b19f-4614-8450-b25e444a1020} - mscoree.dll (file missing) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programme\Crawler\ctbr.dll O2 - BHO: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll O2 - BHO: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll O2 - BHO: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll O3 - Toolbar: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programme\Crawler\ctbr.dll O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programme\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Programme\Corel\Corel MediaOne\Corel PhotoDownloader.exe" -startup O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Programme\Corel\Corel MediaOne\CorelIOMonitor.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Icmblt] C:\Dokumente und Einstellungen\User\Anwendungsdaten\Adobe\Update\widvid.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Öffnen mit PDF Genie 3 - {722FE9B2-6895-42D9-9984-F4CB26616023} - C:\Programme\DATA BECKER\PDF Genie 3.0\pdfshell.dll O9 - Extra 'Tools' menuitem: Öffnen mit PDF Genie 3 - {722FE9B2-6895-42D9-9984-F4CB26616023} - C:\Programme\DATA BECKER\PDF Genie 3.0\pdfshell.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3A6AC65B-5C4A-42F4-BE0B-667259779C59}: NameServer = 217.0.43.177 217.0.43.161 O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programme\Crawler\ctbr.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programme\Norman\Npm\Bin\Elogsvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Norman Network Filtering service (NNFSVC) - Norman ASA - C:\Programme\Norman\Ngs\Bin\Nnf.exe O23 - Service: Norman NJeeves - Norman ASA - C:\Programme\Norman\Npm\Bin\Njeeves.exe O23 - Service: Norman ZANDA - Norman ASA - C:\Programme\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Programme\Norman\Ngs\Bin\Nprosec.exe O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Programme\Norman\nse\bin\NSESVC.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programme\Norman\Nvc\Bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Programme\Norman\Npm\Bin\Nvcsched.exe (file missing) O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Programme\Norman\npm\bin\nvoy.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Programme\Norman\Npm\Bin\scheduler.exe O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe O23 - Service: WPEServ - soft Xpansion - C:\Programme\Gemeinsame Dateien\WPE\wpeserv.exe -- End of file - 9854 bytes Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4509 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 30.08.2010 21:18:14 mbam-log-2010-08-30 (21-18-14).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 380373 Laufzeit: 2 Stunde(n), 11 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\helper (Trojan.Agent) -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Dokumente und Einstellungen\User\Anwendungsdaten\Adobe\Update\flacor.dat (Trojan.Agent) -> No action taken. C:\Dokumente und Einstellungen\User\Anwendungsdaten\Helper\bin\liveu.exe (Trojan.Agent) -> No action taken. Hallo, habe noch etwas vergessen, was gerade wieder aufgetreten ist. Etwa einmal am Tag bekomme ich ein kleines Warnfenster, wo drinnen steht, das System muss heruntergefahren werden, speichern sie bitte alles ab. Dann läuft eine Uhr rückwärts, von 30 Sekunden bis Null. Bei Null fährt das System runter, ohne das ich es verhindern kann. Viele Grüße, Rainer |
|
31.08.2010, 08:38
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Internetverbindung wird ständig selbstständig unterbrochen Hallo und
__________________ Zitat:
Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
31.08.2010, 17:26
| #3 |
| | Internetverbindung wird ständig selbstständig unterbrochen Hallo Arne,
__________________danke für die Hilfe! Ich bin leider das Outlook-Express gewöhnt. Bei einem anderen müsste ich mich erst einarbeiten. Unten also die zwei gewünschten Logfiles. Viele Grüße, RainerOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 31.08.2010 18:03:55 - Run 5
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Dokumente und Einstellungen\User\Eigene Dateien
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,04 Gb Total Space | 0,95 Gb Free Space | 0,64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NAME-9CF4F91750
Current User Name: User
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Betrachten mit XnView] -- "C:\Programme\XnView\xnview.exe" "%1" (XnView, XnView Software - Free graphic and photo viewer, converter, organizer)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Bayern 3D\Bayern3D.exe" = C:\Programme\Bayern 3D\Bayern3D.exe:*:Enabled:Bayern3D -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3
"{00020407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Standard
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FFBEF6F-98F3-4EEA-8103-7A85C1017D20}" = Geogrid®-Viewer
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{3C569633-C8DE-46E2-BB8F-F65198681C2F}" = Corel MediaOne
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACBBFC6-3F39-48DE-8D85-182736B2749B}" = Garmin MapSource
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5943B7F7-678B-477E-9AEE-6E4C6962322B}" = Sparwelt.de Gutschein Alarm
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5C161FB3-7E16-4771-9314-06FB37F3BBA7}" = Top50 V5 Viewer
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{641FE800-650B-4E99-A304-9D50E7235BAF}" = Topo Deutschland v2
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79546A5F-AE7C-4693-8670-A3401B43ABD2}" = HP Deskjet 5900 series
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{8234A27D-C5A4-4F84-8718-3BF34BCFC89F}" = JourneySoftwarePromo
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5222E5A-13CB-4C98-9F5C-21CF6896A25C}" = HPDeskjet5900Series
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AF600F7B-67A7-48D9-BA3B-0FF97F35F970}" = ABBYY FineReader 6.0 Professional
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BA9C8A3B-7A17-4A52-9F11-A6E823EE4305}" = Google SketchUp 7
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C3896A21-47E5-4B40-9E90-529C1D6EDDF5}" = PDF Genie 3.0
"{C7C82ED1-E5AD-48CF-8B92-38DD9B49610C}" = Garmin TOPO Deutschland 2010
"{C8B34404-2E52-4C1F-A2B7-D26E46E5974D}" = Norman Security Suite
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5484836-E51C-4423-A663-12B9DDD50DE6}" = Garmin BaseCamp
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Photo Commander 7_is1" = Ashampoo Photo Commander 7.60
"Bayern 3D" = Bayern 3D
"CCleaner" = CCleaner
"CToolbar_UNINSTALL" = Crawler Toolbar with Web Security Guard
"Defraggler" = Defraggler
"Dr. Hardware 2009_is1" = Dr. Hardware 2009 9.9.5d
"Exif-Viewer" = Exif-Viewer 2.50
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Helicon Filter_is1" = Helicon Filter 4.93.2
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Photo & Imaging" = HP Image Zone 5.0
"HP PrecisionScan LTX" = HP PrecisionScan LTX
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"HPExtendedCapabilities" = HP Extended Capabilities 5.0
"Hugin_is1" = Hugin 0.7.0 (SVN 3465)
"Hugin_release_is1" = Hugin 2009.4.0
"ie8" = Windows Internet Explorer 8
"Image Analyzer" = Image Analyzer
"ImageConverter Plus_is1" = ImageConverter Plus 8.0
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maniac Mansion Deluxe" = Maniac Mansion Deluxe
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyAshampoo Toolbar" = MyAshampoo Toolbar
"PC Wizard 2009_is1" = PC Wizard 2009.1.88
"PhotoME_is1" = PhotoME
"Picasa 3" = Picasa 3
"ShiftN_is1" = ShiftN 3.5
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Speccy" = Speccy
"Tank Blaster II" = Tank Blaster II
"TDSLSM" = T-DSL SpeedManager
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.8
"Winload Toolbar" = Winload Toolbar
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XnView_is1" = XnView 1.97.6
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Gnumeric" = Gnumeric Spreadsheet 1.9.1-win32-20080505
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 02.05.2010 15:54:15 | Computer Name = NAME-9CF4F91750 | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/05/02 21:54:14] --------------------------------------------------------
Application:
NVC On-access Scanner Node address: 217.228.96.11 --------------------------------------------------------
Warning
message: Virus missing: Virus name: 'Smalltroj.YLOT' File infected: C:/Alte Daten/Drive(F)/System
Volume Information/_restore{4EA7DCED-C474-4611-AD9D-054543A1C373}/RP992/A0478724.dll
File
quarantined: C:/Alte Daten/Drive(F)/System Volume Information/_restore{4EA7DCED-C474-4611-AD9D-054543A1C373}/RP992/A0478724.dll
Login
information: User 'SYSTEM' on host 'NAME-9CF4F91750'.
Error - 02.05.2010 15:54:15 | Computer Name = NAME-9CF4F91750 | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/05/02 21:54:14] --------------------------------------------------------
Application:
NVC On-access Scanner Node address: 217.228.96.11 --------------------------------------------------------
Warning
message: Virus missing: Virus name: 'Smalltroj.YLOT' File infected: C:/Alte Daten/Drive(F)/System
Volume Information/_restore{4EA7DCED-C474-4611-AD9D-054543A1C373}/RP992/A0478734.dll
File
quarantined: C:/Alte Daten/Drive(F)/System Volume Information/_restore{4EA7DCED-C474-4611-AD9D-054543A1C373}/RP992/A0478734.dll
Login
information: User 'SYSTEM' on host 'NAME-9CF4F91750'.
Error - 02.05.2010 16:04:05 | Computer Name = NAME-9CF4F91750 | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/05/02 22:04:05] --------------------------------------------------------
Application:
NVC On-access Scanner Node address: 217.228.96.11 --------------------------------------------------------
Warning
message: Virus missing: Virus name: 'Smalltroj.YLOT' File infected: C:/Alte Daten/Drive(F)/Windows/ie8updates/KB969897-IE8/wininet.dll
File
quarantined: C:/Alte Daten/Drive(F)/Windows/ie8updates/KB969897-IE8/wininet.dll
Login
information: User 'SYSTEM' on host 'NAME-9CF4F91750'.
Error - 02.05.2010 16:28:05 | Computer Name = NAME-9CF4F91750 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3743, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 02.05.2010 16:28:05 | Computer Name = NAME-9CF4F91750 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3743, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 02.05.2010 16:51:41 | Computer Name = NAME-9CF4F91750 | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/05/02 22:51:41] --------------------------------------------------------
Application:
NVC On-access Scanner Node address: 217.228.96.11 --------------------------------------------------------
Warning
message: Virus missing: Virus name: 'Smalltroj.YLOT' File infected: C:/System Volume
Information/_restore{3DBDB387-7509-4FD8-9380-E70EF9D34BF9}/RP260/A0052456.dll File
quarantined: C:/System Volume Information/_restore{3DBDB387-7509-4FD8-9380-E70EF9D34BF9}/RP260/A0052456.dll
Login
information: User 'SYSTEM' on host 'NAME-9CF4F91750'.
Error - 02.05.2010 16:51:41 | Computer Name = NAME-9CF4F91750 | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/05/02 22:51:41] --------------------------------------------------------
Application:
NVC On-access Scanner Node address: 217.228.96.11 --------------------------------------------------------
Warning
message: Virus missing: Virus name: 'Smalltroj.YLOT' File infected: C:/System Volume
Information/_restore{3DBDB387-7509-4FD8-9380-E70EF9D34BF9}/RP260/A0052458.dll File
quarantined: C:/System Volume Information/_restore{3DBDB387-7509-4FD8-9380-E70EF9D34BF9}/RP260/A0052458.dll
Login
information: User 'SYSTEM' on host 'NAME-9CF4F91750'.
Error - 02.05.2010 16:51:41 | Computer Name = NAME-9CF4F91750 | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/05/02 22:51:41] --------------------------------------------------------
Application:
NVC On-access Scanner Node address: 217.228.96.11 --------------------------------------------------------
Warning
message: Virus missing: Virus name: 'Smalltroj.YLOT' File infected: C:/System Volume
Information/_restore{3DBDB387-7509-4FD8-9380-E70EF9D34BF9}/RP260/A0052459.dll File
quarantined: C:/System Volume Information/_restore{3DBDB387-7509-4FD8-9380-E70EF9D34BF9}/RP260/A0052459.dll
Login
information: User 'SYSTEM' on host 'NAME-9CF4F91750'.
Error - 02.05.2010 16:51:41 | Computer Name = NAME-9CF4F91750 | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/05/02 22:51:41] --------------------------------------------------------
Application:
NVC On-access Scanner Node address: 217.228.96.11 --------------------------------------------------------
Warning
message: Virus missing: Virus name: 'Smalltroj.YLOT' File infected: C:/System Volume
Information/_restore{3DBDB387-7509-4FD8-9380-E70EF9D34BF9}/RP260/A0052457.dll File
quarantined: C:/System Volume Information/_restore{3DBDB387-7509-4FD8-9380-E70EF9D34BF9}/RP260/A0052457.dll
Login
information: User 'SYSTEM' on host 'NAME-9CF4F91750'.
Error - 02.05.2010 17:05:03 | Computer Name = NAME-9CF4F91750 | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/05/02 23:05:03] --------------------------------------------------------
Application:
NVC On-access Scanner Node address: 217.228.96.11 --------------------------------------------------------
Warning
message: Virus missing: Virus name: 'Smalltroj.YLOT' File infected: C:/WINDOWS/ie8updates/KB972260-IE8/wininet.dll
File
quarantined: C:/WINDOWS/ie8updates/KB972260-IE8/wininet.dll Login information: User
'SYSTEM' on host 'NAME-9CF4F91750'.
[ OSession Events ]
Error - 28.12.2009 04:02:15 | Computer Name = NAME-9CF4F91750 | Source = Microsoft Office 12 Sessions | ID = 7001
Description =
Error - 28.12.2009 04:03:15 | Computer Name = NAME-9CF4F91750 | Source = Microsoft Office 12 Sessions | ID = 7001
Description =
Error - 28.12.2009 04:03:31 | Computer Name = NAME-9CF4F91750 | Source = Microsoft Office 12 Sessions | ID = 7001
Description =
[ System Events ]
Error - 21.08.2010 09:30:48 | Computer Name = NAME-9CF4F91750 | Source = Print | ID = 6161
Description = Das Dokument Microsoft Word - Dokument2, im Besitz von User, konnte
nicht auf dem Drucker PDF Genie 3 gedruckt werden. Datentyp: NT EMF 1.008. Größe
der Warteschlangendatei in Bytes: 1507328. Anzahl der gedruckten Bytes: 1507328.
Gesamtanzahl der Seiten des Dokuments: 1. Anzahl der gedruckten Seiten: 0. Clientcomputer:
\\NAME-9CF4F91750. Vom Druckprozessor zurückgelieferter Win32-Fehlercode: 0 (0x0).
Error - 21.08.2010 09:31:12 | Computer Name = NAME-9CF4F91750 | Source = Print | ID = 6161
Description = Das Dokument Microsoft Word - Bäume.doc, im Besitz von User, konnte
nicht auf dem Drucker PDF Genie 3 gedruckt werden. Datentyp: NT EMF 1.008. Größe
der Warteschlangendatei in Bytes: 1507328. Anzahl der gedruckten Bytes: 1507328.
Gesamtanzahl der Seiten des Dokuments: 1. Anzahl der gedruckten Seiten: 0. Clientcomputer:
\\NAME-9CF4F91750. Vom Druckprozessor zurückgelieferter Win32-Fehlercode: 0 (0x0).
Error - 26.08.2010 14:08:26 | Computer Name = NAME-9CF4F91750 | Source = Print | ID = 6161
Description = Das Dokument Microsoft Word - Bäume.doc, im Besitz von User, konnte
nicht auf dem Drucker PDF Genie 3 gedruckt werden. Datentyp: NT EMF 1.008. Größe
der Warteschlangendatei in Bytes: 11599872. Anzahl der gedruckten Bytes: 11599872.
Gesamtanzahl der Seiten des Dokuments: 8. Anzahl der gedruckten Seiten: 0. Clientcomputer:
\\NAME-9CF4F91750. Vom Druckprozessor zurückgelieferter Win32-Fehlercode: 0 (0x0).
Error - 28.08.2010 16:05:19 | Computer Name = NAME-9CF4F91750 | Source = Print | ID = 6161
Description = Das Dokument Microsoft Word - Bäume1.doc, im Besitz von User, konnte
nicht auf dem Drucker PDF Genie 3 gedruckt werden. Datentyp: NT EMF 1.008. Größe
der Warteschlangendatei in Bytes: 4390912. Anzahl der gedruckten Bytes: 4390912.
Gesamtanzahl der Seiten des Dokuments: 1. Anzahl der gedruckten Seiten: 0. Clientcomputer:
\\NAME-9CF4F91750. Vom Druckprozessor zurückgelieferter Win32-Fehlercode: 0 (0x0).
Error - 29.08.2010 03:21:35 | Computer Name = NAME-9CF4F91750 | Source = Print | ID = 6161
Description = Das Dokument Microsoft Word - Bäume1.doc, im Besitz von User, konnte
nicht auf dem Drucker PDF Genie 3 gedruckt werden. Datentyp: NT EMF 1.008. Größe
der Warteschlangendatei in Bytes: 8716288. Anzahl der gedruckten Bytes: 8716288.
Gesamtanzahl der Seiten des Dokuments: 2. Anzahl der gedruckten Seiten: 0. Clientcomputer:
\\NAME-9CF4F91750. Vom Druckprozessor zurückgelieferter Win32-Fehlercode: 0 (0x0).
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.08.2010 18:03:55 - Run 5 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Dokumente und Einstellungen\User\Eigene Dateien Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 149,04 Gb Total Space | 0,95 Gb Free Space | 0,64% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NAME-9CF4F91750 Current User Name: User Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\User\Eigene Dateien\OTL.exe (OldTimer Tools) PRC - C:\Programme\Norman\nvc\bin\Nvcoas.exe (Norman ASA) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Norman\ngs\bin\nnf.exe (Norman ASA) PRC - C:\Programme\Norman\Nse\Bin\Nsesvc.exe (Norman ASA) PRC - C:\Programme\Crawler\CToolbar.exe (Crawler.com) PRC - C:\Programme\Norman\Npm\Bin\Zanda.exe (Norman ASA) PRC - C:\Programme\Norman\ngs\bin\nprosec.exe (Norman ASA) PRC - C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) PRC - C:\Programme\Norman\Npm\Bin\nvoy.exe (Norman ASA) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Norman\Npm\Bin\Zlh.exe (Norman ASA) PRC - C:\Programme\Norman\nvc\bin\Nip.exe (Norman ASA) PRC - C:\Programme\Norman\Npm\Bin\scheduler.exe (Norman ASA) PRC - C:\Programme\Norman\Npm\Bin\elogsvc.exe (Norman ASA) PRC - C:\Programme\Norman\nvc\bin\CClaw.exe (Norman ASA) PRC - C:\Programme\Norman\Npm\Bin\Njeeves.exe (Norman ASA) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Outlook Express\msimn.exe (Microsoft Corporation) PRC - C:\Programme\Corel\Corel MediaOne\CorelIOMonitor.exe () PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) PRC - C:\WINDOWS\system32\PSIService.exe () PRC - C:\WINDOWS\system32\HPZipm12.exe (HP) PRC - C:\Programme\T-DSL SpeedManager\SpeedMgr.exe (T-Systems Nova, Berkom) PRC - C:\Programme\T-DSL SpeedManager\TSMSvc.exe (T-Systems Nova, Berkom) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\User\Eigene Dateien\OTL.exe (OldTimer Tools) MOD - C:\Programme\Norman\nvc\bin\Niphk.dll (Norman ASA) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\WINDOWS\system32\shfolder.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (NVCScheduler) -- C:\Programme\Norman\Npm\Bin\Nvcsched.exe File not found SRV - (nvcoas) -- C:\Programme\Norman\Nvc\Bin\nvcoas.exe (Norman ASA) SRV - (NNFSVC) -- C:\Programme\Norman\Ngs\Bin\Nnf.exe (Norman ASA) SRV - (nsesvc) -- C:\Programme\Norman\nse\bin\NSESVC.EXE (Norman ASA) SRV - (Norman ZANDA) -- C:\Programme\Norman\Npm\Bin\Zanda.exe (Norman ASA) SRV - (NPROSECSVC) -- C:\Programme\Norman\Ngs\Bin\Nprosec.exe (Norman ASA) SRV - (NVOY) -- C:\Programme\Norman\npm\bin\nvoy.exe (Norman ASA) SRV - (Scheduler) -- C:\Programme\Norman\Npm\Bin\scheduler.exe (Norman ASA) SRV - (eLoggerSvc6) -- C:\Programme\Norman\Npm\Bin\Elogsvc.exe (Norman ASA) SRV - (Norman NJeeves) -- C:\Programme\Norman\Npm\Bin\Njeeves.exe (Norman ASA) SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe () SRV - (WPEServ) -- C:\Programme\Gemeinsame Dateien\WPE\wpeserv.exe (soft Xpansion) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) SRV - (TSMService) -- C:\Programme\T-DSL SpeedManager\tsmsvc.exe (T-Systems Nova, Berkom) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (cpuz131) -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\cpuz131\cpuz_x32.sys File not found DRV - (catchme) -- C:\DOKUME~1\User\LOKALE~1\Temp\catchme.sys File not found DRV - (nregsec) -- C:\Programme\Norman\ngs\bin\nregsec.sys (Norman ASA) DRV - (NPROSEC) -- C:\Programme\Norman\ngs\bin\nprosec.sys (Norman ASA) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASENUM) -- C:\Programme\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (NGS) -- c:\Programme\Norman\ngs\bin\ngs.sys (Norman ASA) DRV - (ACEDRV08) -- C:\WINDOWS\system32\drivers\ACEDRV08.sys (Protect Software GmbH) DRV - (Ndiskio) -- C:\Programme\Norman\Nse\Bin\Ndiskio.sys (Norman ASA) DRV - (NvcMFlt) -- C:\WINDOWS\system32\drivers\nvcw32mf.sys (Norman ASA) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.) DRV - (drhard) -- C:\WINDOWS\System32\drivers\drhard.sys (Licensed for Gebhard Software) DRV - (TNPacket) -- C:\Programme\T-DSL SpeedManager\TNPACKET.SYS (T-Systems Nova GmbH) DRV - (PCANDIS5) -- C:\Programme\T-DSL SpeedManager\PCANDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA)) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Winamp Search" FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "MyAshampoo Customized Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.wikipedia.org/wiki/Benutzer:Rainer_Lippert" FF - prefs.js..extensions.enabledItems: sparweltgutscheinewl@sparwelt.de:1.0 FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.6.0 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105 FF - prefs.js..extensions.enabledItems: {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2 FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:2.5.6.0 FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" FF - HKLM\software\mozilla\Firefox\extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Programme\Crawler\firefox\ [2010.06.04 18:14:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.15 16:29:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.28 22:14:34 | 000,000,000 | ---D | M] [2009.08.27 14:04:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Extensions [2010.08.30 18:51:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\extensions [2010.07.02 19:20:27 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2010.04.03 22:39:17 | 000,000,000 | ---D | M] (Winload Toolbar) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2010.05.04 19:23:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.08.21 18:16:00 | 000,000,000 | ---D | M] (MyAshampoo Toolbar) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} [2010.03.27 20:55:22 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.03.28 18:13:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\extensions\sparweltgutscheinewl@sparwelt.de [2009.11.23 21:11:46 | 000,002,172 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\searchplugins\bing.xml [2010.01.20 12:19:10 | 000,000,923 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\searchplugins\conduit.xml [2010.03.07 00:11:13 | 000,001,250 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\searchplugins\winamp-search.xml [2010.08.30 18:51:24 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.05.18 21:47:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.08.02 08:10:59 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.09.21 11:24:16 | 000,001,329 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\crawlersrch.bak [2007.07.26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\crawlersrch.xml [2010.08.02 08:10:59 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.08.02 08:10:59 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.08.02 08:10:59 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.08.02 08:10:59 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.04.29 18:08:08 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programme\Crawler\ctbr.dll (Crawler.com) O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.) O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programme\Crawler\ctbr.dll (Crawler.com) O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programme\Crawler\ctbr.dll (Crawler.com) O3 - HKCU\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Programme\Corel\Corel MediaOne\CorelIOMonitor.exe () O4 - HKLM..\Run: [Corel Photo Downloader] C:\Programme\Corel\Corel MediaOne\Corel PhotoDownloader.exe File not found O4 - HKLM..\Run: [Norman ZANDA] C:\Programme\Norman\Npm\Bin\ZLH.EXE (Norman ASA) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [T-DSL SpeedMgr] C:\Programme\T-DSL SpeedManager\SpeedMgr.exe (T-Systems Nova, Berkom) O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) O4 - HKCU..\Run: [Getdo] File not found O4 - HKCU..\Run: [Icmblt] C:\Dokumente und Einstellungen\User\Anwendungsdaten\Adobe\Update\widvid.exe () O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108847 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108847 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: Öffnen mit PDF Genie 3 - {722FE9B2-6895-42D9-9984-F4CB26616023} - C:\Programme\DATA BECKER\PDF Genie 3.0\pdfshell.dll (TODO: <Company name>) O9 - Extra 'Tools' menuitem : Öffnen mit PDF Genie 3 - {722FE9B2-6895-42D9-9984-F4CB26616023} - C:\Programme\DATA BECKER\PDF Genie 3.0\pdfshell.dll (TODO: <Company name>) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programme\Crawler\ctbr.dll (Crawler.com) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.dll - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.05 11:00:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = secfile] -- Reg Error: Key error. File not found O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2010.08.31 18:02:32 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Eigene Dateien\OTL.exe [2010.08.28 15:38:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Helper [2010.08.21 22:28:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\jpg-Illuminator [2010.08.21 19:11:50 | 012,387,832 | ---- | C] (Google Inc.) -- C:\Dokumente und Einstellungen\User\Eigene Dateien\picasa36-setup(2).exe [2010.08.21 18:55:48 | 010,831,352 | ---- | C] (Google Inc.) -- C:\Dokumente und Einstellungen\User\Eigene Dateien\picasa38_11545-setup.exe [2010.08.21 18:16:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\MyAshampoo [2010.08.21 18:16:07 | 000,000,000 | ---D | C] -- C:\Programme\MyAshampoo [2010.08.21 17:21:23 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\User\Recent [2010.08.21 17:17:41 | 003,420,304 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\User\Eigene Dateien\ccsetup234.exe [2010.08.17 22:45:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Winload [2010.08.17 22:45:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\softonic-de3 [2010.08.17 22:44:41 | 000,376,136 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\tdi_nf.sys [2010.08.17 22:44:41 | 000,067,664 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\ale_nf64.sys [2010.08.17 22:44:41 | 000,060,960 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\ale_nf.sys [2010.08.17 22:44:40 | 000,048,272 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\nnetsec.sys [2010.08.17 22:44:40 | 000,034,192 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\nnetsecl64.sys [2010.08.17 22:44:40 | 000,030,584 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\nnetsecl.sys [2010.08.15 19:00:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\XnView [2010.08.15 19:00:17 | 000,000,000 | ---D | C] -- C:\Programme\XnView [2010.08.15 18:58:45 | 003,060,520 | ---- | C] (Gougelet Pierre-e ) -- C:\Dokumente und Einstellungen\User\Eigene Dateien\XnView-win-de.exe [2010.08.14 15:55:58 | 000,000,000 | ---D | C] -- C:\Programme\Paint.NET [2010.08.14 15:55:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Paint.NET [2010.08.02 20:01:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\.fontconfig [4 C:\Dokumente und Einstellungen\User\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\User\Eigene Dateien\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.31 18:02:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Eigene Dateien\OTL.exe [2010.08.31 17:42:51 | 000,000,870 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.08.31 17:42:49 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.31 17:42:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.08.31 17:42:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.08.31 09:08:20 | 005,242,880 | ---- | M] () -- C:\Dokumente und Einstellungen\User\ntuser.dat [2010.08.31 09:08:20 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\User\ntuser.ini [2010.08.31 08:37:05 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.08.31 08:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\HPpromotions journeysoftware.job [2010.08.29 22:53:26 | 000,075,701 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\booksa.htm [2010.08.29 22:51:34 | 010,905,983 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\lernort_geologie_modul_i.pdf [2010.08.29 21:40:55 | 000,120,167 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\032.JPG [2010.08.29 09:21:42 | 000,004,096 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\00000315.LCS [2010.08.29 09:21:27 | 006,834,688 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Bäume1.doc [2010.08.28 22:14:35 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2010.08.28 15:39:03 | 000,002,181 | ---- | M] () -- C:\WINDOWS\Helicon Debug Window.ini [2010.08.27 19:41:48 | 008,523,264 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Bäume.doc [2010.08.24 19:15:04 | 000,001,616 | -H-- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\.picasa.ini [2010.08.24 19:14:01 | 001,698,562 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Schellenberger Eishöhle1.jpg [2010.08.24 19:08:40 | 000,598,723 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Schellenberger Eishöhle.jpg [2010.08.24 19:06:31 | 000,000,680 | ---- | M] () -- C:\WINDOWS\AUTOLNCH.REG [2010.08.23 18:57:24 | 000,000,848 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2010.08.23 18:54:40 | 005,779,885 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\JPG-Illuminator_v42(3).zip [2010.08.22 20:22:27 | 005,779,885 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\JPG-Illuminator_v42(2).zip [2010.08.22 10:27:04 | 005,413,962 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\JPG-Illuminator_v39.zip [2010.08.22 08:21:43 | 000,004,397 | ---- | M] () -- C:\Dokumente und Einstellungen\User\.recently-used.xbel [2010.08.21 22:26:08 | 005,779,885 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\JPG-Illuminator_v42.zip [2010.08.21 19:18:41 | 000,000,731 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Picasa 3.lnk [2010.08.21 19:16:17 | 012,387,832 | ---- | M] (Google Inc.) -- C:\Dokumente und Einstellungen\User\Eigene Dateien\picasa36-setup(2).exe [2010.08.21 19:03:14 | 010,831,352 | ---- | M] (Google Inc.) -- C:\Dokumente und Einstellungen\User\Eigene Dateien\picasa38_11545-setup.exe [2010.08.21 17:19:40 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\CCleaner.lnk [2010.08.21 17:18:51 | 003,420,304 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\User\Eigene Dateien\ccsetup234.exe [2010.08.21 16:52:12 | 000,030,720 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.17 22:45:58 | 000,008,224 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT [2010.08.16 22:52:25 | 000,674,816 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\hoehle_index.xls [2010.08.16 07:26:15 | 000,329,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.08.15 19:00:53 | 000,000,586 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\XnView.lnk [2010.08.15 18:59:47 | 003,060,520 | ---- | M] (Gougelet Pierre-e ) -- C:\Dokumente und Einstellungen\User\Eigene Dateien\XnView-win-de.exe [2010.08.14 21:08:03 | 000,039,936 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Die Schellenberger Eishöhle ist die einzige Schauhöhle in den Berchtesgadener Alpen.doc [2010.08.14 15:56:17 | 000,000,840 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Paint.NET.lnk [2010.08.12 08:23:03 | 001,025,000 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.08.12 08:23:03 | 000,459,152 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.08.12 08:23:03 | 000,441,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.08.12 08:23:03 | 000,084,524 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.08.12 08:23:03 | 000,071,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.08.11 22:18:34 | 000,033,280 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Fröhlich.doc [2010.08.08 21:53:53 | 000,176,128 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Baumberechnung.xls [2010.08.07 22:26:48 | 000,025,997 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Urlaub 2010 783-Urlaub 2010 789 -B.pto.mk [2010.08.07 22:26:48 | 000,025,283 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Urlaub 2010 783-Urlaub 2010 789.pto.mk [2010.08.07 22:26:48 | 000,016,567 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Urlaub 2010 783-Urlaub 2010 789 -B.pto [2010.08.07 22:26:48 | 000,016,566 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Urlaub 2010 783-Urlaub 2010 789.pto [2010.08.04 20:45:08 | 000,001,099 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\ShiftN.ini [4 C:\Dokumente und Einstellungen\User\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\User\Eigene Dateien\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.29 22:53:26 | 000,075,701 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\booksa.htm [2010.08.29 22:51:19 | 010,905,983 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\lernort_geologie_modul_i.pdf [2010.08.28 19:53:51 | 006,834,688 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Bäume1.doc [2010.08.28 19:42:08 | 000,120,167 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\032.JPG [2010.08.24 19:13:37 | 001,698,562 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Schellenberger Eishöhle1.jpg [2010.08.24 19:08:18 | 000,598,723 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Schellenberger Eishöhle.jpg [2010.08.23 18:52:39 | 005,779,885 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\JPG-Illuminator_v42(3).zip [2010.08.22 20:22:23 | 005,779,885 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\JPG-Illuminator_v42(2).zip [2010.08.22 10:25:23 | 005,413,962 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\JPG-Illuminator_v39.zip [2010.08.22 08:21:43 | 000,004,397 | ---- | C] () -- C:\Dokumente und Einstellungen\User\.recently-used.xbel [2010.08.21 22:24:06 | 005,779,885 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\JPG-Illuminator_v42.zip [2010.08.21 19:04:07 | 000,000,731 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Picasa 3.lnk [2010.08.21 15:31:03 | 008,523,264 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Bäume.doc [2010.08.16 22:52:13 | 000,674,816 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\hoehle_index.xls [2010.08.15 19:00:20 | 000,000,586 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\XnView.lnk [2010.08.14 21:08:02 | 000,039,936 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Die Schellenberger Eishöhle ist die einzige Schauhöhle in den Berchtesgadener Alpen.doc [2010.08.14 15:56:17 | 000,000,840 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Paint.NET.lnk [2010.08.09 22:38:28 | 000,033,280 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Fröhlich.doc [2010.08.08 21:53:53 | 000,176,128 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Baumberechnung.xls [2010.08.07 22:26:48 | 000,025,997 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Urlaub 2010 783-Urlaub 2010 789 -B.pto.mk [2010.08.07 22:26:48 | 000,025,283 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Urlaub 2010 783-Urlaub 2010 789.pto.mk [2010.08.07 22:26:48 | 000,016,567 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Urlaub 2010 783-Urlaub 2010 789 -B.pto [2010.08.07 22:26:48 | 000,016,566 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Urlaub 2010 783-Urlaub 2010 789.pto [2010.06.17 17:36:33 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2010.04.25 20:58:32 | 000,014,806 | -HS- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\W1V4gTA17lv6V [2009.11.19 12:08:19 | 000,002,181 | ---- | C] () -- C:\WINDOWS\Helicon Debug Window.ini [2009.11.12 16:17:27 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2009.11.09 20:39:54 | 000,016,070 | ---- | C] () -- C:\WINDOWS\German2.ini [2009.10.20 16:06:18 | 000,030,720 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.09.04 18:20:27 | 000,001,099 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\ShiftN.ini [2009.08.29 16:43:24 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll [2009.08.29 16:43:23 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll [2009.08.27 16:26:42 | 000,000,879 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log [2009.08.27 16:26:23 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll [2009.08.27 08:37:38 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009.08.21 18:13:22 | 000,000,090 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2009.08.21 18:07:25 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2009.06.05 11:51:16 | 000,002,480 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2009.06.05 11:48:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009.06.05 11:23:11 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2009.06.05 11:07:54 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 400 bytes -> C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\desktop.ini:bf5af20ce7a419b1178ece347eddc338 @Alternate Data Stream - 137 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A5B56640 < End of report > |
|
31.08.2010, 20:20
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internetverbindung wird ständig selbstständig unterbrochenZitat:
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKCU..\Run: [Getdo] File not found
O4 - HKCU..\Run: [Icmblt] C:\Dokumente und Einstellungen\User\Anwendungsdaten\Adobe\Update\widvid.exe ()
[2010.04.25 20:58:32 | 000,014,806 | -HS- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\W1V4gTA17lv6V
@Alternate Data Stream - 400 bytes -> C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\desktop.ini:bf5af20ce7a419b1178ece347eddc338
@Alternate Data Stream - 137 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A5B56640
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
31.08.2010, 20:55
| #5 |
| | Internetverbindung wird ständig selbstständig unterbrochen Hallo, mein Hauptproplem ist dort wohl erstmal die, dass ich Überhaupt E-Mails abrufen und verschicken kann. Das muss ja alles erstmal eingerichtet werden? Denke ich zumindest. Hier nun das gewünschte Logfile: All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Getdo deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Icmblt deleted successfully. C:\Dokumente und Einstellungen\User\Anwendungsdaten\Adobe\Update\widvid.exe moved successfully. C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\W1V4gTA17lv6V moved successfully. ADS C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\desktop.ini:bf5af20ce7a419b1178ece347eddc338 deleted successfully. ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A5B56640 deleted successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 52570384 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: User ->Temp folder emptied: 198692537 bytes ->Temporary Internet Files folder emptied: 28532042 bytes ->Java cache emptied: 967586 bytes ->FireFox cache emptied: 98981008 bytes ->Flash cache emptied: 4824 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 36720931 bytes RecycleBin emptied: 1008963 bytes Total Files Cleaned = 398,00 mb OTL by OldTimer - Version 3.2.11.0 log created on 08312010_214943 Files\Folders moved on Reboot... File move failed. C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temp\nvcbin.def.9c09ba42.tmp scheduled to be moved on reboot. Registry entries deleted on Reboot... Viele Grüße, Rainer |
|
31.08.2010, 21:01
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internetverbindung wird ständig selbstständig unterbrochenZitat:
Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> Internetverbindung wird ständig selbstständig unterbrochen |
|
31.08.2010, 21:37
| #7 |
| | Internetverbindung wird ständig selbstständig unterbrochen Hallo, ich habe jetzt Thunderbird installiert. Er hat wohl auch alle Einstellungen übernommen. Jetzt fragt er mich aber nach dem Passwort zu meiner E-Mail Adresse. Die kenne ich aber nicht. Beim ausführen von ComboFix bekam ich die Meldung, dass der Virenschutz aktiviert ist. Aber wie kann ich den abschalten? Ich habe im Virenprogramm gesucht. Wenn ich da ein Häckchen rausnehme, bekomme ich gleich den Warnhinweis, ob ich es deinstallieren will. Kann ich das alles einfach so deinstallieren? Wie wird das danach wieder aktiviert? Viele Grüße, Rainer |
|
31.08.2010, 21:53
| #8 |
| | Internetverbindung wird ständig selbstständig unterbrochen Hallo, der Scan wurde jetzt, obwohl ich nicht bestätigt habe, dennoch durchgeführt. trotz laufenden Virenscanner. Hier das Logfile. Viele Grüße, Rainer ComboFix 10-08-31.01 - User 31.08.2010 22:43:30.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2037.1210 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\User\Eigene Dateien\A\cofi.exe AV: Norman Security Suite *On-access scanning enabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1} * Im Speicher befindliches AV aktiv. . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\AUTOLNCH.REG . ((((((((((((((((((((((( Dateien erstellt von 2010-07-28 bis 2010-08-31 )))))))))))))))))))))))))))))) . 2010-08-31 20:05 . 2010-08-31 20:05 -------- d-----w- c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Thunderbird 2010-08-31 20:05 . 2010-08-31 20:05 -------- d-----w- c:\dokumente und einstellungen\User\Anwendungsdaten\Thunderbird 2010-08-31 20:05 . 2010-08-31 20:05 -------- d-----w- c:\programme\Mozilla Thunderbird 2010-08-28 13:38 . 2010-08-28 13:38 -------- d-----w- c:\dokumente und einstellungen\User\Anwendungsdaten\Helper 2010-08-21 20:28 . 2010-08-21 20:28 -------- d-----w- c:\dokumente und einstellungen\User\Anwendungsdaten\jpg-Illuminator 2010-08-21 16:16 . 2010-08-29 19:47 -------- d-----w- c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\MyAshampoo 2010-08-21 16:16 . 2010-08-21 16:16 -------- d-----w- c:\programme\MyAshampoo 2010-08-21 16:16 . 2010-01-20 10:19 52224 ----a-w- c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\FFExternalAlert.dll 2010-08-21 16:16 . 2010-01-20 10:19 101376 ----a-w- c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\RadioWMPCore.dll 2010-08-17 20:45 . 2010-08-17 20:45 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Winload 2010-08-17 20:45 . 2010-08-17 20:45 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\softonic-de3 2010-08-17 20:45 . 2010-08-17 20:45 -------- d-----r- c:\dokumente und einstellungen\NetworkService\Favoriten 2010-08-17 20:44 . 2010-05-19 07:37 67664 ----a-w- c:\windows\system32\drivers\ale_nf64.sys 2010-08-17 20:44 . 2010-05-19 07:36 60960 ----a-w- c:\windows\system32\drivers\ale_nf.sys 2010-08-17 20:44 . 2010-05-10 08:13 376136 ----a-w- c:\windows\system32\drivers\tdi_nf.sys 2010-08-17 20:44 . 2010-06-21 12:54 48272 ----a-w- c:\windows\system32\drivers\nnetsec.sys 2010-08-17 20:44 . 2010-05-28 10:40 30584 ----a-w- c:\windows\system32\drivers\nnetsecl.sys 2010-08-17 20:44 . 2010-05-25 12:28 34192 ----a-w- c:\windows\system32\drivers\nnetsecl64.sys 2010-08-15 17:00 . 2010-08-21 16:43 -------- d-----w- c:\dokumente und einstellungen\User\Anwendungsdaten\XnView 2010-08-15 17:00 . 2010-08-15 17:00 -------- d-----w- c:\programme\XnView 2010-08-14 13:55 . 2010-08-14 13:56 -------- d-----w- c:\programme\Paint.NET 2010-08-14 13:55 . 2010-08-26 17:33 -------- d-----w- c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Paint.NET 2010-08-05 21:16 . 2010-08-05 21:16 503808 ----a-w- c:\dokumente und einstellungen\User\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1946db42-n\msvcp71.dll 2010-08-05 21:16 . 2010-08-05 21:16 499712 ----a-w- c:\dokumente und einstellungen\User\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1946db42-n\jmc.dll 2010-08-05 21:16 . 2010-08-05 21:16 348160 ----a-w- c:\dokumente und einstellungen\User\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1946db42-n\msvcr71.dll 2010-08-05 21:16 . 2010-08-05 21:16 61440 ----a-w- c:\dokumente und einstellungen\User\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-167f9a64-n\decora-sse.dll 2010-08-05 21:16 . 2010-08-05 21:16 12800 ----a-w- c:\dokumente und einstellungen\User\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-167f9a64-n\decora-d3d.dll 2010-08-02 18:01 . 2010-08-02 18:01 -------- d-----w- c:\dokumente und einstellungen\User\.fontconfig . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-31 20:17 . 2010-05-05 19:36 -------- d-----w- c:\programme\Crawler 2010-08-29 19:42 . 2010-06-17 15:36 -------- d-----w- c:\dokumente und einstellungen\User\Anwendungsdaten\Corel 2010-08-26 21:10 . 2009-10-01 19:36 117760 ----a-w- c:\dokumente und einstellungen\User\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-08-23 16:57 . 2010-06-17 15:36 848 --sha-w- c:\windows\system32\KGyGaAvL.sys 2010-08-22 06:21 . 2009-10-09 14:29 -------- d-----w- c:\dokumente und einstellungen\User\Anwendungsdaten\gtk-2.0 2010-08-21 16:35 . 2010-06-30 20:20 -------- d---a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP 2010-08-21 15:20 . 2009-11-12 14:16 -------- d-----w- c:\programme\Gemeinsame Dateien\Panasonic 2010-08-21 15:20 . 2009-11-12 14:13 -------- d-----w- c:\programme\Panasonic 2010-08-21 15:20 . 2009-06-05 09:22 -------- d--h--w- c:\programme\InstallShield Installation Information 2010-08-21 15:19 . 2009-09-18 21:15 -------- d-----w- c:\programme\CCleaner 2010-08-17 20:45 . 2009-08-21 16:07 8224 ----a-w- c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2010-08-17 20:45 . 2009-08-27 08:13 -------- d-----w- c:\programme\Norman 2010-08-12 06:23 . 2009-06-05 09:51 84524 ----a-w- c:\windows\system32\perfc007.dat 2010-08-12 06:23 . 2009-06-05 09:51 459152 ----a-w- c:\windows\system32\perfh007.dat 2010-08-03 05:15 . 2009-08-26 12:18 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\NOS 2010-06-30 12:28 . 2009-06-05 09:51 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:22 . 2009-06-05 09:51 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-24 09:02 . 2009-06-05 09:51 1852032 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2009-06-05 09:51 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2009-06-05 09:51 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 14:31 . 2009-06-05 08:59 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-14 07:41 . 2009-06-05 09:51 1172480 ----a-w- c:\windows\system32\msxml3.dll 2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr . ((((((((((((((((((((((((((((( SnapShot@2010-04-29_20.21.48 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll - 2007-11-07 01:19 . 2007-11-07 01:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll + 2007-11-07 00:19 . 2007-11-07 00:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll + 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll + 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll + 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll + 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll + 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll + 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll + 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll + 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll + 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll + 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll + 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll - 2008-07-29 07:05 . 2008-07-29 07:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll + 2008-07-29 06:05 . 2008-07-29 06:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll - 2008-07-29 07:05 . 2008-07-29 07:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll + 2008-07-29 06:05 . 2008-07-29 06:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll + 2008-07-29 06:05 . 2008-07-29 06:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll - 2008-07-29 07:05 . 2008-07-29 07:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll - 2008-07-29 07:05 . 2008-07-29 07:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll + 2008-07-29 06:05 . 2008-07-29 06:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll - 2008-07-29 07:05 . 2008-07-29 07:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll + 2008-07-29 06:05 . 2008-07-29 06:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll + 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll - 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll - 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll + 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll - 2008-07-29 07:05 . 2008-07-29 07:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll + 2008-07-29 06:05 . 2008-07-29 06:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll + 2008-07-29 06:05 . 2008-07-29 06:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll - 2008-07-29 07:05 . 2008-07-29 07:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll - 2008-07-29 07:05 . 2008-07-29 07:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll + 2008-07-29 06:05 . 2008-07-29 06:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll - 2008-07-29 07:05 . 2008-07-29 07:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll + 2008-07-29 06:05 . 2008-07-29 06:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll + 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll + 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll - 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll + 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll - 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll + 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll + 2009-07-11 18:54 . 2009-07-11 18:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll + 2009-07-11 18:32 . 2009-07-11 18:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll + 2009-07-11 18:32 . 2009-07-11 18:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll + 2009-07-11 18:32 . 2009-07-11 18:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll + 2009-07-11 18:32 . 2009-07-11 18:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll + 2009-07-11 18:32 . 2009-07-11 18:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll + 2009-07-11 18:32 . 2009-07-11 18:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll + 2009-07-11 18:32 . 2009-07-11 18:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll + 2009-07-11 18:32 . 2009-07-11 18:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll + 2009-07-11 18:32 . 2009-07-11 18:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll + 2010-04-25 14:54 . 2010-04-25 14:54 56656 c:\windows\WinSxS\amd64_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_22d6ba8a\vcomp90.dll + 2009-07-11 20:14 . 2009-07-11 20:14 67072 c:\windows\WinSxS\amd64_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d7860533\mfcm90u.dll + 2009-07-11 20:14 . 2009-07-11 20:14 67072 c:\windows\WinSxS\amd64_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d7860533\mfcm90.dll + 2010-08-31 19:52 . 2010-08-31 19:52 16384 c:\windows\Temp\Perflib_Perfdata_ff0.dat + 2010-08-31 19:51 . 2010-08-31 19:51 16384 c:\windows\Temp\Perflib_Perfdata_6a8.dat + 2009-06-05 09:51 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe - 2009-06-05 09:51 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe + 2010-03-30 22:16 . 2010-03-30 22:16 99176 c:\windows\system32\PresentationHostProxy.dll - 2009-06-05 09:51 . 2010-03-30 20:44 71196 c:\windows\system32\perfc009.dat + 2009-06-05 09:51 . 2010-08-12 06:23 71196 c:\windows\system32\perfc009.dat + 2009-11-06 23:07 . 2009-11-06 23:07 49488 c:\windows\system32\netfxperf.dll + 2009-11-05 20:17 . 2009-11-05 20:17 11600 c:\windows\system32\mui\0409\mscorees.dll - 2009-03-08 02:31 . 2010-02-25 06:15 55296 c:\windows\system32\msfeedsbs.dll + 2009-03-08 02:31 . 2010-06-24 12:21 55296 c:\windows\system32\msfeedsbs.dll - 2009-06-05 09:51 . 2010-02-25 06:15 25600 c:\windows\system32\jsproxy.dll + 2009-06-05 09:51 . 2010-06-24 12:21 25600 c:\windows\system32\jsproxy.dll + 2010-07-02 16:37 . 2009-04-17 13:48 18304 c:\windows\system32\DRVSTORE\grmnusb_8E661E05CC789A6D1B8ABAA087CF60EDD72AC35D\I386\grmngen.sys - 2009-08-27 08:14 . 2009-10-08 10:59 21832 c:\windows\system32\drivers\nvcw32mf.sys + 2009-08-27 08:14 . 2009-10-09 09:22 21832 c:\windows\system32\drivers\nvcw32mf.sys - 2009-09-30 06:30 . 2010-03-29 22:46 38224 c:\windows\system32\drivers\mbamswissarmy.sys + 2009-09-30 06:30 . 2010-04-29 13:39 38224 c:\windows\system32\drivers\mbamswissarmy.sys + 2009-09-30 06:30 . 2010-04-29 13:39 20952 c:\windows\system32\drivers\mbam.sys + 2009-08-28 17:53 . 2009-04-17 18:48 18304 c:\windows\system32\drivers\grmngen.sys + 2009-08-26 12:27 . 2010-06-24 12:22 12800 c:\windows\system32\dllcache\xpshims.dll - 2009-08-26 12:27 . 2010-02-25 06:15 12800 c:\windows\system32\dllcache\xpshims.dll - 2009-08-26 12:27 . 2010-02-25 06:15 55296 c:\windows\system32\dllcache\msfeedsbs.dll + 2009-08-26 12:27 . 2010-06-24 12:21 55296 c:\windows\system32\dllcache\msfeedsbs.dll + 2009-06-05 09:51 . 2010-06-24 12:21 25600 c:\windows\system32\dllcache\jsproxy.dll - 2009-06-05 09:51 . 2010-02-25 06:15 25600 c:\windows\system32\dllcache\jsproxy.dll + 2009-06-05 09:51 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll + 2009-06-05 09:51 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll - 2008-07-29 17:16 . 2008-07-29 17:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll + 2010-04-07 21:48 . 2010-04-07 21:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll + 2010-03-23 03:31 . 2010-03-23 03:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe + 2010-04-01 09:42 . 2010-04-01 09:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll - 2008-05-27 22:49 . 2008-05-27 22:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll + 2010-03-31 12:51 . 2010-03-31 12:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll - 2008-05-27 22:49 . 2008-05-27 22:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll + 2010-03-31 12:51 . 2010-03-31 12:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll + 2010-03-31 12:51 . 2010-03-31 12:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll - 2008-05-27 22:49 . 2008-05-27 22:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll - 2008-05-27 23:30 . 2008-05-27 23:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe + 2010-03-31 13:32 . 2010-03-31 13:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe - 2003-02-20 17:19 . 2003-02-20 17:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll + 2010-03-31 13:32 . 2010-03-31 13:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll + 2009-11-06 23:07 . 2009-11-06 23:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe + 2010-06-20 10:32 . 2010-06-20 10:32 22528 c:\windows\Installer\116939f.msi + 2010-08-14 13:56 . 2010-08-14 13:56 77610 c:\windows\Installer\{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}\_853F67D554F05449430E7E.exe + 2010-06-20 10:46 . 2010-06-20 10:46 25214 c:\windows\Installer\{C2D129C0-7508-11DF-9F1B-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe + 2010-06-20 10:46 . 2010-06-20 10:46 25214 c:\windows\Installer\{C2D129C0-7508-11DF-9F1B-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe + 2010-06-20 10:46 . 2010-06-20 10:46 25214 c:\windows\Installer\{C2D129C0-7508-11DF-9F1B-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe + 2010-06-20 10:46 . 2010-06-20 10:46 25214 c:\windows\Installer\{C2D129C0-7508-11DF-9F1B-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe + 2010-06-20 10:46 . 2010-06-20 10:46 25214 c:\windows\Installer\{C2D129C0-7508-11DF-9F1B-005056806466}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe + 2010-06-20 10:46 . 2010-06-20 10:46 25214 c:\windows\Installer\{C2D129C0-7508-11DF-9F1B-005056806466}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe + 2010-06-20 10:46 . 2010-06-20 10:46 25214 c:\windows\Installer\{C2D129C0-7508-11DF-9F1B-005056806466}\ARPPRODUCTICON.exe + 2010-06-17 15:30 . 2010-06-17 16:16 22486 c:\windows\Installer\{3C569633-C8DE-46E2-BB8F-F65198681C2F}\SnapfireIcon_Corel.exe + 2010-06-17 15:30 . 2010-06-17 16:16 22486 c:\windows\Installer\{3C569633-C8DE-46E2-BB8F-F65198681C2F}\NewShortcut1.73D5A293_D496_4B44_B535_AA8F98088895.exe + 2010-06-17 15:30 . 2010-06-17 16:16 22486 c:\windows\Installer\{3C569633-C8DE-46E2-BB8F-F65198681C2F}\ARPPRODUCTICON.exe + 2010-06-17 15:31 . 2010-06-17 15:31 61440 c:\windows\Installer\{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}\NewShortcut2.exe_B0CC61734F2E4C55A2D9A01743709D0D_1.exe + 2010-06-17 15:31 . 2010-06-17 15:31 61440 c:\windows\Installer\{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}\NewShortcut1_B0CC61734F2E4C55A2D9A01743709D0D_1.exe + 2010-06-17 15:31 . 2010-06-17 15:31 61440 c:\windows\Installer\{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}\ARPPRODUCTICON.exe + 2007-08-21 09:50 . 2007-08-21 09:50 73032 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\photoupload.exe + 2007-08-21 09:50 . 2007-08-21 09:50 75624 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\iglzw15d.dll + 2007-08-21 09:50 . 2007-08-21 09:50 28488 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\email.exe + 2007-08-21 09:50 . 2007-08-21 09:50 27464 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\coresingletonmgr.dll + 2007-08-21 09:50 . 2007-08-21 09:50 66376 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\corememory.dll + 2007-08-21 09:50 . 2007-08-21 09:50 42824 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\corelanguage.dll + 2007-08-21 09:50 . 2007-08-21 09:50 29512 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\coreerrorcodes.dll + 2007-08-21 09:50 . 2007-08-21 09:50 83272 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\camwia.dll + 2007-08-21 09:50 . 2007-08-21 09:50 77824 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\am.dll + 2010-06-10 06:17 . 2010-02-25 06:15 12800 c:\windows\ie8updates\KB982381-IE8\xpshims.dll + 2010-06-10 06:17 . 2010-02-25 06:15 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll + 2010-06-10 06:17 . 2010-02-25 06:15 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll + 2010-08-12 06:20 . 2010-05-06 10:31 12800 c:\windows\ie8updates\KB2183461-IE8\xpshims.dll + 2010-08-12 06:20 . 2010-05-06 10:31 55296 c:\windows\ie8updates\KB2183461-IE8\msfeedsbs.dll + 2010-08-12 06:20 . 2010-05-06 10:31 25600 c:\windows\ie8updates\KB2183461-IE8\jsproxy.dll + 2010-06-10 21:15 . 2010-06-10 21:15 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_4de44b61\System.Drawing.Design.dll + 2010-06-10 21:14 . 2010-06-10 21:14 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_64756d22\CustomMarshalers.dll + 2010-08-14 13:56 . 2010-08-14 13:56 24576 c:\windows\assembly\NativeImages_v2.0.50727_32\WiaProxy32\b4fc4692486f393c43bd0e904337006c\WiaProxy32.ni.exe + 2010-08-12 16:06 . 2010-08-12 16:06 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5ec9dec678303ebff0ef018edb5ec595\UIAutomationProvider.ni.dll + 2010-08-12 16:14 . 2010-08-12 16:14 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll + 2010-08-12 16:14 . 2010-08-12 16:14 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\aada360296a42e0413579a19c771ec2d\System.Web.DynamicData.Design.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2b5ff2c6358c483eb1439b99badb54fd\System.ComponentModel.DataAnnotations.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\6125ff5a4fcd93d70a246cbff3005d42\System.AddIn.Contract.ni.dll + 2010-08-12 16:07 . 2010-08-12 16:07 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\de26af01222270c121788161496fcfe7\PresentationFontCache.ni.exe + 2010-08-12 06:24 . 2010-08-12 06:24 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3c5adeedb70e6e052a6556c6ab9b6918\PresentationCFFRasterizer.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 55808 c:\windows\assembly\NativeImages_v2.0.50727_32\PHOTOfunSTUDIO\3de4448bee2d27bfca983e86005df7bd\PHOTOfunSTUDIO.ni.exe + 2010-08-12 16:12 . 2010-08-12 16:12 19456 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Framework#\32bc8f9c41c3a5f28363abf6a387efdd\Panasonic.Framework.Extension.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Spec#\e25b8802ae26c7b0b7014d6e2377922f\Panasonic.Core.Spec.Plugin.StillPicture.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 97792 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Spec#\86d6f7c13679ba7e24d9bff1615e27b4\Panasonic.Core.Spec.Plugin.Utility.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 31232 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Spec#\6faad71c7322dcfb61cd61224cac7285\Panasonic.Core.Spec.PluginFactory.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 78336 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Help#\e8faafc0a52b902e89da2a75ee498061\Panasonic.Core.Helper.UAC.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 72704 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Help#\18917f2d47713228f344c966d4117d45\Panasonic.Core.Helper.AutoPlay.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 20992 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Core#\700c47344a915ee92cf58a2d0d10c0dc\Panasonic.Core.CoreException.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll + 2010-08-12 16:06 . 2010-08-12 16:06 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\272d51526813ea113970b8e890c92ee2\Microsoft.VisualC.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 36352 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7f61cf4c3892b0ff2ac1b3ea9d39144d\Microsoft.PowerShell.ConsoleHost.resources.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 18944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\757619ca9b5548f90bc6a9aadd7ba7ec\Microsoft.PowerShell.Commands.Management.resource s.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 16896 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\546bc5d4ed9d8c41e0c53321177afd8b\Microsoft.PowerShell.Security.resources.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 31232 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\26ad092d5c50f4390fb38334dca6e45a\Microsoft.PowerShell.Commands.Utility.resources.n i.dll + 2010-08-12 16:13 . 2010-08-12 16:13 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e1d4e0b1f112000ab33bbaf88bd9ed99\Microsoft.Build.Framework.ni.dll + 2010-08-12 06:24 . 2010-08-12 06:24 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4200cf5b7f247ec1b997808c6d1ba7d1\Microsoft.Build.Framework.ni.dll + 2010-08-14 13:56 . 2010-08-14 13:56 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.WIA\9635ebb159cfd1fdeada9e92dbb06347\Interop.WIA.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\50b7fc7f36c76313cbb434b10923e4e9\dfsvc.ni.exe + 2010-08-12 16:11 . 2010-08-12 16:11 86528 c:\windows\assembly\NativeImages_v2.0.50727_32\CResourceReader\bff29a46e48b95291750b06ca610a1d6\CResourceReader.ni.dll + 2010-08-12 16:11 . 2010-08-12 16:11 85504 c:\windows\assembly\NativeImages_v2.0.50727_32\CRegistryAccess\799b05c45ba93d0ebd916a7133318157\CRegistryAccess.ni.dll + 2010-08-12 16:11 . 2010-08-12 16:11 97792 c:\windows\assembly\NativeImages_v2.0.50727_32\CLicenseAgreementDlg\10a758234bb2edf0fd22da0a2a6f8a4e\CLicenseAgreementDlg.ni.dll + 2010-08-12 16:07 . 2010-08-12 16:07 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll + 2010-08-12 06:22 . 2010-08-12 06:22 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll - 2009-10-15 07:10 . 2009-10-15 07:10 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll - 2009-08-26 12:34 . 2009-08-26 12:34 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll + 2010-06-10 21:13 . 2010-06-10 21:13 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll + 2010-08-12 06:22 . 2010-08-12 06:22 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll - 2009-10-15 07:10 . 2009-10-15 07:10 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll + 2010-08-12 06:22 . 2010-08-12 06:22 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll - 2009-10-15 07:10 . 2009-10-15 07:10 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll + 2010-08-12 06:22 . 2010-08-12 06:22 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll - 2009-10-15 07:10 . 2009-10-15 07:10 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll - 2009-10-15 07:10 . 2009-10-15 07:10 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll + 2010-08-12 06:22 . 2010-08-12 06:22 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll + 2010-08-12 06:22 . 2010-08-12 06:22 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll - 2009-10-15 07:10 . 2009-10-15 07:10 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll + 2010-08-12 06:22 . 2010-08-12 06:22 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll - 2009-10-15 07:10 . 2009-10-15 07:10 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll + 2010-08-12 06:22 . 2010-08-12 06:22 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll - 2009-10-15 07:10 . 2009-10-15 07:10 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll - 2009-10-15 07:10 . 2009-10-15 07:10 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll + 2010-08-12 06:22 . 2010-08-12 06:22 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll - 2009-10-15 07:10 . 2009-10-15 07:10 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll + 2010-08-12 06:22 . 2010-08-12 06:22 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll - 2009-10-15 07:10 . 2009-10-15 07:10 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll + 2010-08-12 06:22 . 2010-08-12 06:22 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll + 2010-08-12 06:22 . 2010-08-12 06:22 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll - 2009-10-15 07:10 . 2009-10-15 07:10 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll - 2009-10-15 07:10 . 2009-10-15 07:10 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll + 2010-08-12 06:22 . 2010-08-12 06:22 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll + 2010-06-10 21:14 . 2010-06-10 21:14 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll + 2010-05-26 06:08 . 2010-01-23 08:11 46080 c:\windows\$NtUninstallKB981793$\tzchange.exe + 2010-05-26 06:08 . 2010-04-22 22:21 16896 c:\windows\$NtUninstallKB981793$\spuninst\tzchange.dll + 2010-06-10 06:15 . 2008-04-14 12:00 65024 c:\windows\$NtUninstallKB979482$\asycfilt.dll + 2010-06-10 06:17 . 2008-07-08 13:00 26488 c:\windows\$hf_mig$\KB982381-IE8\update\spcustom.dll + 2010-06-10 06:17 . 2008-07-08 13:00 18808 c:\windows\$hf_mig$\KB982381-IE8\spmsg.dll + 2010-06-10 06:10 . 2010-05-06 10:26 12800 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\xpshims.dll + 2010-06-10 06:10 . 2010-05-06 10:26 55296 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\msfeedsbs.dll + 2010-06-10 06:10 . 2010-05-06 10:26 25600 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\jsproxy.dll + 2010-06-10 21:17 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB980218\update\spcustom.dll + 2010-06-10 21:17 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB980218\spmsg.dll + 2010-06-10 06:18 . 2008-07-08 13:00 26488 c:\windows\$hf_mig$\KB980195\update\spcustom.dll + 2010-06-10 06:18 . 2008-07-08 13:00 18808 c:\windows\$hf_mig$\KB980195\spmsg.dll + 2010-06-10 06:17 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB979559\update\spcustom.dll + 2010-06-10 06:17 . 2009-05-26 09:01 18808 c:\windows\$hf_mig$\KB979559\spmsg.dll + 2010-06-10 06:15 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB979482\update\spcustom.dll + 2010-06-10 06:15 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB979482\spmsg.dll + 2010-03-05 14:50 . 2010-03-05 14:50 65536 c:\windows\$hf_mig$\KB979482\SP3QFE\asycfilt.dll + 2010-05-12 06:13 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978542\update\spcustom.dll + 2010-05-12 06:13 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB978542\spmsg.dll + 2010-06-10 06:15 . 2008-07-08 13:00 26488 c:\windows\$hf_mig$\KB975562\update\spcustom.dll + 2010-06-10 06:15 . 2008-07-08 13:00 18808 c:\windows\$hf_mig$\KB975562\spmsg.dll + 2010-07-16 11:20 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2229593\update\spcustom.dll + 2010-07-16 11:20 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB2229593\spmsg.dll + 2010-08-12 06:22 . 2010-08-12 06:22 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll - 2009-10-15 07:10 . 2009-10-15 07:10 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll + 2010-05-01 19:46 . 2001-08-18 02:54 5632 c:\windows\system32\ptpusb.dll + 2010-07-02 16:37 . 2009-04-17 13:48 9344 c:\windows\system32\DRVSTORE\grmnusb_8E661E05CC789A6D1B8ABAA087CF60EDD72AC35D\I386\grmnusb.sys + 2009-08-28 17:53 . 2009-04-17 18:48 9344 c:\windows\system32\drivers\grmnusb.sys + 2010-06-17 15:30 . 2010-06-17 16:16 8854 c:\windows\Installer\{3C569633-C8DE-46E2-BB8F-F65198681C2F}\ShortcutUninstall.exe - 2009-10-15 07:10 . 2009-10-15 07:10 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll + 2010-08-12 06:22 . 2010-08-12 06:22 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll - 2009-10-15 07:10 . 2009-10-15 07:10 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll + 2010-08-12 06:22 . 2010-08-12 06:22 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll + 2010-08-12 06:22 . 2010-08-12 06:22 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll - 2009-10-15 07:10 . 2009-10-15 07:10 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll - 2009-10-15 07:10 . 2009-10-15 07:10 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll + 2010-08-12 06:22 . 2010-08-12 06:22 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll + 2010-08-12 06:22 . 2010-08-12 06:22 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll - 2009-10-15 07:10 . 2009-10-15 07:10 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll - 2009-10-15 07:10 . 2009-10-15 07:10 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll + 2010-08-12 06:22 . 2010-08-12 06:22 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll + 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll + 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll + 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll + 2008-07-29 06:05 . 2008-07-29 06:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll - 2008-07-29 07:05 . 2008-07-29 07:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll + 2008-07-29 06:05 . 2008-07-29 06:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll - 2008-07-29 07:05 . 2008-07-29 07:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll + 2008-07-29 01:54 . 2008-07-29 01:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll - 2008-07-29 02:54 . 2008-07-29 02:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll - 2008-07-29 07:05 . 2008-07-29 07:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll + 2008-07-29 06:05 . 2008-07-29 06:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll + 2009-07-11 20:11 . 2009-07-11 20:11 624448 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcr90.dll + 2009-07-11 20:11 . 2009-07-11 20:11 853312 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcp90.dll + 2009-07-11 20:14 . 2009-07-11 20:14 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcm90.dll + 2010-04-25 14:54 . 2010-04-25 14:54 176456 c:\windows\WinSxS\amd64_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_673f7fa2\atl90.dll + 2010-04-25 14:53 . 2010-04-25 14:53 323624 c:\windows\system32\wiaaut.dll + 2009-09-28 20:05 . 2010-05-03 17:40 149752 c:\windows\system32\Restore\rstrlog.dat + 2007-04-04 15:08 . 2007-04-04 15:08 158456 c:\windows\system32\pxwma.dll + 2010-05-01 19:46 . 2008-04-14 05:52 159232 c:\windows\system32\ptpusd.dll + 2007-06-05 11:20 . 2007-06-05 11:20 177704 c:\windows\system32\PSIService.exe + 2010-03-30 22:10 . 2010-03-30 22:10 295264 c:\windows\system32\PresentationHost.exe - 2009-06-05 09:51 . 2010-03-30 20:44 441260 c:\windows\system32\perfh009.dat + 2009-06-05 09:51 . 2010-08-12 06:23 441260 c:\windows\system32\perfh009.dat - 2009-06-05 09:51 . 2010-02-25 06:15 206848 c:\windows\system32\occache.dll + 2009-06-05 09:51 . 2010-06-24 12:22 206848 c:\windows\system32\occache.dll - 2009-08-27 08:14 . 2009-10-07 12:07 214344 c:\windows\system32\nscrnsav.scr + 2009-08-27 08:14 . 2009-10-11 13:06 214344 c:\windows\system32\nscrnsav.scr + 2009-06-05 09:51 . 2010-06-24 12:22 611840 c:\windows\system32\mstime.dll - 2009-06-05 09:51 . 2010-02-25 06:15 611840 c:\windows\system32\mstime.dll + 2009-03-08 02:32 . 2010-06-24 12:21 599040 c:\windows\system32\msfeeds.dll + 2009-11-06 23:07 . 2009-11-06 23:07 297808 c:\windows\system32\mscoree.dll + 2010-08-08 05:57 . 2010-08-08 05:57 231888 c:\windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe - 2010-03-30 20:44 . 2010-03-09 02:28 153376 c:\windows\system32\javaws.exe + 2010-03-30 20:44 . 2010-04-12 15:29 153376 c:\windows\system32\javaws.exe - 2010-03-30 20:44 . 2010-03-09 02:28 145184 c:\windows\system32\javaw.exe + 2010-03-30 20:44 . 2010-04-12 15:29 145184 c:\windows\system32\javaw.exe + 2010-03-30 20:44 . 2010-04-12 15:29 145184 c:\windows\system32\java.exe - 2010-03-30 20:44 . 2010-03-09 02:28 145184 c:\windows\system32\java.exe - 2009-06-05 08:59 . 2008-04-11 19:04 691712 c:\windows\system32\inetcomm.dll + 2009-06-05 08:59 . 2010-01-29 14:59 691712 c:\windows\system32\inetcomm.dll - 2009-06-05 09:51 . 2010-02-25 06:14 184320 c:\windows\system32\iepeers.dll + 2009-06-05 09:51 . 2010-06-24 12:21 184320 c:\windows\system32\iepeers.dll + 2009-06-05 09:51 . 2010-06-24 12:21 387584 c:\windows\system32\iedkcs32.dll - 2009-06-05 09:51 . 2010-02-25 06:14 387584 c:\windows\system32\iedkcs32.dll - 2009-06-05 09:51 . 2010-02-24 09:53 173056 c:\windows\system32\ie4uinit.exe + 2009-06-05 09:51 . 2010-06-23 12:08 173056 c:\windows\system32\ie4uinit.exe + 2009-06-05 09:55 . 2010-08-16 05:26 329888 c:\windows\system32\FNTCACHE.DAT - 2009-06-05 09:51 . 2010-02-25 06:15 916480 c:\windows\system32\dllcache\wininet.dll + 2009-06-05 09:51 . 2010-06-24 12:22 916480 c:\windows\system32\dllcache\wininet.dll + 2009-06-05 09:51 . 2010-06-21 15:27 354304 c:\windows\system32\dllcache\srv.sys + 2009-06-05 09:51 . 2010-06-30 12:28 149504 c:\windows\system32\dllcache\schannel.dll + 2009-06-05 09:51 . 2010-06-24 12:22 206848 c:\windows\system32\dllcache\occache.dll - 2009-06-05 09:51 . 2010-02-25 06:15 206848 c:\windows\system32\dllcache\occache.dll + 2009-06-05 09:51 . 2010-06-24 12:22 611840 c:\windows\system32\dllcache\mstime.dll - 2009-06-05 09:51 . 2010-02-25 06:15 611840 c:\windows\system32\dllcache\mstime.dll + 2009-08-26 12:27 . 2010-06-24 12:21 599040 c:\windows\system32\dllcache\msfeeds.dll - 2009-06-05 08:59 . 2008-04-11 19:04 691712 c:\windows\system32\dllcache\inetcomm.dll + 2009-06-05 08:59 . 2010-01-29 14:59 691712 c:\windows\system32\dllcache\inetcomm.dll + 2009-08-26 12:27 . 2010-06-24 12:21 247808 c:\windows\system32\dllcache\ieproxy.dll - 2009-08-26 12:27 . 2010-02-25 06:14 247808 c:\windows\system32\dllcache\ieproxy.dll + 2009-06-05 09:51 . 2010-06-24 12:21 184320 c:\windows\system32\dllcache\iepeers.dll - 2009-06-05 09:51 . 2010-02-25 06:14 184320 c:\windows\system32\dllcache\iepeers.dll + 2010-06-10 06:10 . 2010-06-24 12:21 743424 c:\windows\system32\dllcache\iedvtool.dll + 2009-06-05 09:51 . 2010-06-24 12:21 387584 c:\windows\system32\dllcache\iedkcs32.dll - 2009-06-05 09:51 . 2010-02-25 06:14 387584 c:\windows\system32\dllcache\iedkcs32.dll - 2009-06-05 09:51 . 2010-02-24 09:53 173056 c:\windows\system32\dllcache\ie4uinit.exe + 2009-06-05 09:51 . 2010-06-23 12:08 173056 c:\windows\system32\dllcache\ie4uinit.exe + 2009-06-05 08:59 . 2010-06-14 14:31 744448 c:\windows\system32\dllcache\helpsvc.exe - 2009-06-05 08:59 . 2008-04-14 12:00 744448 c:\windows\system32\dllcache\helpsvc.exe - 2009-06-05 09:51 . 2008-04-14 12:00 285696 c:\windows\system32\dllcache\atmfd.dll + 2009-06-05 09:51 . 2010-04-20 05:29 285696 c:\windows\system32\dllcache\atmfd.dll + 2010-05-18 19:47 . 2010-04-12 15:29 411368 c:\windows\system32\deployJava1.dll - 2009-06-05 09:51 . 2008-04-14 12:00 285696 c:\windows\system32\atmfd.dll + 2009-06-05 09:51 . 2010-04-20 05:29 285696 c:\windows\system32\atmfd.dll + 2010-03-30 22:16 . 2010-03-30 22:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll + 2010-04-07 21:48 . 2010-04-07 21:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll - 2008-07-29 17:16 . 2008-07-29 17:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll + 2010-04-07 21:48 . 2010-04-07 21:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll + 2010-03-23 03:31 . 2010-03-23 03:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll + 2010-02-09 10:22 . 2010-02-09 10:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll - 2008-07-25 09:17 . 2008-07-25 09:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll + 2010-05-11 04:40 . 2010-05-11 04:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll - 2009-08-07 21:51 . 2009-08-07 21:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll + 2010-05-11 04:40 . 2010-05-11 04:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll - 2008-05-27 22:49 . 2008-05-27 22:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll + 2010-03-31 12:51 . 2010-03-31 12:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll + 2010-03-31 12:49 . 2010-03-31 12:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll - 2008-05-27 22:48 . 2008-05-27 22:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll + 2010-03-31 13:32 . 2010-03-31 13:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll - 2008-05-27 23:30 . 2008-05-27 23:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll + 2010-06-19 09:45 . 2010-06-19 09:45 219648 c:\windows\Installer\eb3bd7.msi + 2010-06-19 09:45 . 2010-06-19 09:45 424960 c:\windows\Installer\eb3bd1.msi + 2010-08-14 13:56 . 2010-08-14 13:56 490496 c:\windows\Installer\d8f0b6.msi + 2010-02-24 22:14 . 2010-02-24 22:14 543232 c:\windows\Installer\29d562.msp + 2010-06-17 15:29 . 2010-06-17 15:29 335872 c:\windows\Installer\{15803703-25FA-4C01-A062-3F4A59937E87}\ARPPRODUCTICON.exe + 2007-08-21 09:50 . 2007-08-21 09:50 427848 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\tooltext.dll + 2007-08-21 09:50 . 2007-08-21 09:50 348160 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\msvcr71.dll + 2007-08-21 09:50 . 2007-08-21 09:50 499712 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\msvcp71.dll + 2007-08-21 09:50 . 2007-08-21 09:50 574792 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\mediacataloger.exe + 2007-08-21 09:50 . 2007-08-21 09:50 542568 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\kdu_v52r.dll + 2007-08-21 09:50 . 2007-08-21 09:50 632680 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\igjpeg2k15d.dll + 2007-08-21 09:50 . 2007-08-21 09:50 570696 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\coreslideshow.dll + 2007-08-21 09:50 . 2007-08-21 09:50 517448 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\coreprojects.dll + 2007-08-21 09:50 . 2007-08-21 09:50 126280 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\corepreferences.dll + 2007-08-21 09:50 . 2007-08-21 09:50 230728 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\coremultimedia.dll + 2007-08-21 09:50 . 2007-08-21 09:50 759624 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\corefileutil.dll + 2007-08-21 09:50 . 2007-08-21 09:50 296264 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\corefileformats.dll + 2007-08-21 09:50 . 2007-08-21 09:50 255816 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\coreenums.dll + 2007-08-21 09:50 . 2007-08-21 09:50 150856 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\corecolormgr.dll + 2007-08-21 09:50 . 2007-08-21 09:50 300360 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\cmdslideshow.dll + 2007-08-21 09:50 . 2007-08-21 09:50 223048 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\cmdprojects.dll + 2007-08-21 09:50 . 2007-08-21 09:50 122696 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\cmdphotosharing.dll + 2007-08-21 09:50 . 2007-08-21 09:50 186696 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\cmdorganizer.dll + 2007-08-21 09:50 . 2007-08-21 09:50 130888 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\cmdjgl.dll + 2007-08-21 09:50 . 2007-08-21 09:50 137032 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\cmdemail.dll + 2010-06-10 06:17 . 2010-02-25 06:15 916480 c:\windows\ie8updates\KB982381-IE8\wininet.dll + 2010-06-10 06:17 . 2010-02-22 14:22 388984 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll + 2010-06-10 06:17 . 2008-07-08 13:00 234872 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe + 2010-06-10 06:17 . 2010-02-25 06:15 206848 c:\windows\ie8updates\KB982381-IE8\occache.dll + 2010-06-10 06:17 . 2010-02-25 06:15 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll + 2010-06-10 06:17 . 2010-02-25 06:15 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll + 2010-06-10 06:17 . 2010-02-25 06:14 247808 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll + 2010-06-10 06:17 . 2010-02-25 06:14 184320 c:\windows\ie8updates\KB982381-IE8\iepeers.dll + 2010-06-10 06:17 . 2009-03-08 02:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll + 2010-06-10 06:17 . 2010-02-25 06:14 387584 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll + 2010-06-10 06:17 . 2010-02-24 09:53 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe + 2010-05-02 21:22 . 2009-03-08 02:34 914944 c:\windows\ie8updates\KB972260-IE8\wininet.dll - 2009-08-26 12:36 . 2009-03-08 02:34 914944 c:\windows\ie8updates\KB972260-IE8\wininet.dll + 2010-08-12 06:20 . 2010-05-06 10:31 916480 c:\windows\ie8updates\KB2183461-IE8\wininet.dll + 2010-08-12 06:20 . 2010-02-22 14:22 388984 c:\windows\ie8updates\KB2183461-IE8\spuninst\updspapi.dll + 2010-08-12 06:20 . 2009-05-26 09:01 234872 c:\windows\ie8updates\KB2183461-IE8\spuninst\spuninst.exe + 2010-08-12 06:20 . 2010-05-06 10:31 206848 c:\windows\ie8updates\KB2183461-IE8\occache.dll + 2010-08-12 06:20 . 2010-05-06 10:31 611840 c:\windows\ie8updates\KB2183461-IE8\mstime.dll + 2010-08-12 06:20 . 2010-05-06 10:31 599040 c:\windows\ie8updates\KB2183461-IE8\msfeeds.dll + 2010-08-12 06:20 . 2010-05-06 10:31 247808 c:\windows\ie8updates\KB2183461-IE8\ieproxy.dll + 2010-08-12 06:20 . 2010-05-06 10:31 184320 c:\windows\ie8updates\KB2183461-IE8\iepeers.dll + 2010-08-12 06:20 . 2010-05-06 10:31 743424 c:\windows\ie8updates\KB2183461-IE8\iedvtool.dll + 2010-08-12 06:20 . 2010-05-06 10:31 387584 c:\windows\ie8updates\KB2183461-IE8\iedkcs32.dll + 2010-08-12 06:20 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2183461-IE8\ie4uinit.exe + 2010-06-10 21:15 . 2010-06-10 21:15 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_f4d8fa9e\System.Drawing.dll + 2010-06-10 21:15 . 2010-06-10 21:15 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_edf4fe04\System.Drawing.Design.dll + 2010-06-10 21:15 . 2010-06-10 21:15 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_59b10ce7\CustomMarshalers.dll + 2010-08-12 16:11 . 2010-08-12 16:11 159232 c:\windows\assembly\NativeImages_v2.0.50727_32\YouTubeUploaderMain\c66b216f0f80b9204322d4fd271a87e8\YouTubeUploaderMain.ni.exe + 2010-08-12 16:13 . 2010-08-12 16:13 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\a16b8bcca59515281688ec856c034698\WsatConfig.ni.exe + 2010-08-12 16:09 . 2010-08-12 16:09 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\672c4d8e3c33e309c1ed90fa4cb85aba\WindowsFormsIntegration.ni.dll + 2010-08-12 16:06 . 2010-08-12 16:06 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\cd91a32f4e36ccb2981c72c0d333e928\UIAutomationTypes.ni.dll + 2010-08-12 16:09 . 2010-08-12 16:09 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9df760fdf8071c7b0de78f39de365e6a\UIAutomationClient.ni.dll + 2010-08-12 16:14 . 2010-08-12 16:14 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a2841ee196294429f51cf\System.Xml.Linq.ni.dll + 2010-08-12 16:14 . 2010-08-12 16:14 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\5e16c279496a553c988c6199f0cee8aa\System.Web.Routing.ni.dll + 2010-08-12 16:09 . 2010-08-12 16:09 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\d0ae809162b55e2fa958739177476af8\System.Web.RegularExpressions.ni.dll + 2010-08-12 16:14 . 2010-08-12 16:14 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\720b28d81e987b889180b291ea19b821\System.Web.Extensions.Design.ni.dll + 2010-08-12 16:14 . 2010-08-12 16:14 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\da36fd678161cd3444ef547c894e3f35\System.Web.Entity.ni.dll + 2010-08-12 16:14 . 2010-08-12 16:14 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\49ae7c73fac8827123d5db1714c22599\System.Web.Entity.Design.ni.dll + 2010-08-12 16:14 . 2010-08-12 16:14 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ce3aa27d3c4c052845ac5abb1374defa\System.Web.DynamicData.ni.dll + 2010-08-12 16:14 . 2010-08-12 16:14 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\95fab896ef2af14876e3e1524379773b\System.Web.Abstractions.ni.dll + 2010-08-12 16:08 . 2010-08-12 16:08 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\26d5bf1f7e700c2c19aa9b1da5519b24\System.Transactions.ni.dll + 2010-08-12 16:09 . 2010-08-12 16:09 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll + 2010-08-12 06:24 . 2010-08-12 06:24 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\75e331a5d731d8e207be07adc06dec23\System.Security.ni.dll + 2010-08-12 16:07 . 2010-08-12 16:07 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dd7497aa089340600c8c5af8ab421ff7\System.Runtime.Serialization.Formatters.Soap.ni.d ll + 2010-08-12 16:08 . 2010-08-12 16:08 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3de39eb60b9d32af46f32f6c7a88fc7f\System.Runtime.Remoting.ni.dll + 2010-08-12 16:14 . 2010-08-12 16:14 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll + 2010-08-12 16:14 . 2010-08-12 16:14 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\97bd2a5d946aa3a824e4cfe5b6ef95aa\System.Messaging.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll + 2010-08-12 16:14 . 2010-08-12 16:14 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll + 2010-08-12 16:14 . 2010-08-12 16:14 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\1c23e58c4871c6b2c133333be2b6a5ee\System.Management.Automation.resources.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\4490976887e2e5a3b594041edbdf5064\System.IO.Log.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b9f6f6671aaaeb84c6907d467e792c\System.IdentityModel.Selectors.ni.dll + 2010-08-12 16:08 . 2010-08-12 16:08 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.Wrapper.dll + 2010-08-12 16:08 . 2010-08-12 16:08 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.ni.dll + 2010-08-12 16:09 . 2010-08-12 16:09 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\90199b4aa63b1b9c8ed0c3de16eec824\System.Drawing.Design.ni.dll + 2010-08-12 16:14 . 2010-08-12 16:14 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll + 2010-08-12 16:09 . 2010-08-12 16:09 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7a823a4f61cf8c86aad02559f8fed07b\System.DirectoryServices.Protocols.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 689664 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\34416ae70ef799fae3a42fa3bd93afa8\System.Data.SqlServerCe.ni.dll + 2010-08-12 16:14 . 2010-08-12 16:14 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll + 2010-08-12 16:14 . 2010-08-12 16:14 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll + 2010-08-12 16:14 . 2010-08-12 16:14 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\488c4017d45e861644a34fae557aa80f\System.Data.Entity.Design.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\41345e34f26854fc1878eae3e4d5d4a5\System.Data.DataSetExtensions.ni.dll + 2010-08-12 06:23 . 2010-08-12 06:23 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll + 2010-08-12 16:09 . 2010-08-12 16:09 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b48677ab9aa7a6830785f67b8478b4da\System.Configuration.Install.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\93a0958d5557e2b380647af0171ad354\System.AddIn.ni.dll + 2010-08-12 16:09 . 2010-08-12 16:09 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\a055d54c458b7557d957c714551873c3\sysglobl.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d0758f84e927e3f0a15a6cde1b96d835\SMSvcHost.ni.exe + 2010-08-12 16:13 . 2010-08-12 16:13 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8043a108e3bb2d3dcc84b547b8085e99\SMDiagnostics.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5aeb40ff7128df2881fb03c01d070b20\ServiceModelReg.ni.exe + 2010-08-12 16:09 . 2010-08-12 16:09 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e7e7321956e6822b1bf3691c35c842f6\PresentationFramework.Aero.ni.dll + 2010-08-12 16:09 . 2010-08-12 16:09 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a14488afff027f0f2985e659449097f5\PresentationFramework.Royale.ni.dll + 2010-08-12 16:09 . 2010-08-12 16:09 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\787e60c5dd562cb45887080095d2a3b7\PresentationFramework.Classic.ni.dll + 2010-08-12 16:09 . 2010-08-12 16:09 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2313ccc125dcb6a9800048ec1c51ec12\PresentationFramework.Luna.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 137728 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Framework#\93299cfa3188496d42177f77308667d5\Panasonic.Framework.View.Util.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 456704 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Framework#\312b0fd35f5e366d40d850e85222e55a\Panasonic.Framework.Model.Command.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 314880 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Upda#\21c0926f6999ab126343f91b109ed104\Panasonic.Core.Updater.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 246784 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Spec#\cbd47b1794f98760d27f7aaffbc69286\Panasonic.Core.Spec.Plugin.DCF.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Spec#\cb6638d0a44bde3e0b1f6462a51e2da6\Panasonic.Core.Spec.Plugin.Base.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 917504 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Spec#\848dc5613d77481d088a3b5f9bea2187\Panasonic.Core.Spec.ContentInformation.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 430592 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Medi#\2d912e09eb59cb68805e70be31023f95\Panasonic.Core.MediaOrchestra.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 123904 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Help#\fd8e6b3dc1b4d31de501bcd2d7c01bba\Panasonic.Core.Helper.FileSystem.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 167936 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Help#\5b95a9d400ce67cb226a7c99a427ca59\Panasonic.Core.Helper.IISHilightHelper.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 403968 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Help#\5860a5cd161557ffa76ea6a205b8d6db\Panasonic.Core.Helper.MakerPrivate.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 294400 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Help#\2e392da442548495b1ade83a69697a8c\Panasonic.Core.Helper.MakerPrivateCli.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 239104 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Face#\bda523a7c596c0e0c65f461fec4d0d28\Panasonic.Core.FaceIdentifierCli.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 150528 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Even#\19c372d34c9ea9013b65def9c3050ac3\Panasonic.Core.EventLog.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 344576 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Driv#\e886e337c574a5f5572ef90edba6adb6\Panasonic.Core.DriveControl.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 202752 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Devi#\67e66c8ea084469df85613466ed5b567\Panasonic.Core.DeviceControl.ni.dll + 2010-08-14 13:56 . 2010-08-14 13:56 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.SystemL#\c221461aeb4f27731d265142888b2425\PaintDotNet.SystemLayer.Native.x86.ni.dll + 2010-08-14 13:56 . 2010-08-14 13:56 871424 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.SystemL#\41d822643fdbb14b442202e6274034a2\PaintDotNet.SystemLayer.ni.dll + 2010-08-14 13:56 . 2010-08-14 13:56 388608 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Resourc#\e2579c7d21458574741ffc33c4db5aad\PaintDotNet.Resources.ni.dll + 2010-08-14 13:56 . 2010-08-14 13:56 796160 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Effects\855563bfeaff8d5dcca27832a2fbbe8b\PaintDotNet.Effects.ni.dll + 2010-08-14 13:56 . 2010-08-14 13:56 568832 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Data\1c042250a44efc313e31c6355dfb74c6\PaintDotNet.Data.ni.dll + 2010-08-14 13:56 . 2010-08-14 13:56 775168 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Base\faa1f5f56cf4eb3bdc833ac429736e8b\PaintDotNet.Base.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5db9c32d9f352162e6da220ca463db0d\MSBuild.ni.exe + 2010-08-12 16:13 . 2010-08-12 16:13 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fcf975f74bd134d8e0fa8f37c5bc6a8c\Microsoft.Transactions.Bridge.Dtc.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 968192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\ddf0b43a5467013f826232fb4d059880\Microsoft.PowerShell.Commands.Utility.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 433664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\c314791ced733fca0b01d97f87c1671b\Microsoft.PowerShell.Commands.Management.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 148480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\95283aeaf043cf6550f525f7c2533344\Microsoft.PowerShell.Security.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 492032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\29b677e9d1a41f78bd85463edc26891e\Microsoft.PowerShell.ConsoleHost.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 472064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\e489793fb494ff9d467cb8620ce9e2b7\Microsoft.MapPoint.Rendering3D.Utility.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 840192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\deba555b5d848944c70d4c8ae297956e\Microsoft.MapPoint.Geometry.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 411648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\cc134b6f9a83b4fb2346869ffd99f613\Microsoft.MapPoint.Network.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 766976 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\bfbb5a8378b21da0caf990708b6fc735\Microsoft.MapPoint.Data.VirtualEarthTileDataSourc e.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 340992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\9d666637bf64e132f3393db423707208\Microsoft.MapPoint.UtilityPartialTrust.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 438272 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\73c82b0697aff6093ecb5a90713b8b36\Microsoft.MapPoint.MapControl3D.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 344064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\5813d9c981877fe41945bf3df4ae1b34\Microsoft.MapPoint.Utility.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 434176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\09579af13e9e1c226fba0a4e1291d59a\Microsoft.MapPoint.Data.CompactMapFile.ni.dll + 2010-08-12 06:24 . 2010-08-12 06:24 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d6b9038136600fbfbbbd7460dc19da19\Microsoft.Build.Utilities.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\585cc7218599e7806521d0e737ba5ffb\Microsoft.Build.Utilities.v3.5.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3057ec53731286e69e389d103c32fa41\Microsoft.Build.Engine.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\914e338ac6e92714f3e32ae5d89bf03b\Microsoft.Build.Conversion.v3.5.ni.dll + 2010-08-14 13:56 . 2010-08-14 13:56 518656 c:\windows\assembly\NativeImages_v2.0.50727_32\ICSharpCode.SharpZi#\9dd371dcb7c5042221f1947d73feccef\ICSharpCode.SharpZipLib.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f3635448471fc9f7d8bfe39c67d\CustomMarshalers.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\daca3c9ad6d867d3fec70d14b4f20cf3\ComSvcConfig.ni.exe + 2010-08-12 16:11 . 2010-08-12 16:11 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\56aec0938ef1bbdeca65b07a5fe8cd39\AspNetMMCExt.ni.dll + 2010-08-12 06:22 . 2010-08-12 06:22 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll - 2009-10-15 07:10 . 2009-10-15 07:10 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll + 2010-08-12 06:22 . 2010-08-12 06:22 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll - 2009-10-15 07:10 . 2009-10-15 07:10 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll - 2009-10-15 07:10 . 2009-10-15 07:10 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll + 2010-08-12 06:22 . 2010-08-12 06:22 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll - 2009-10-15 07:10 . 2009-10-15 07:10 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll + 2010-08-12 06:22 . 2010-08-12 06:22 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll + 2010-06-10 21:13 . 2010-06-10 21:13 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll - 2009-10-15 07:10 . 2009-10-15 07:10 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2010-08-12 06:22 . 2010-08-12 06:22 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2010-08-12 06:22 . 2010-08-12 06:22 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll - 2009-10-15 07:10 . 2009-10-15 07:10 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll + 2010-08-12 06:22 . 2010-08-12 06:22 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll - 2009-10-15 07:10 . 2009-10-15 07:10 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll + 2010-08-12 06:22 . 2010-08-12 06:22 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll - 2009-10-15 07:10 . 2009-10-15 07:10 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll + 2010-06-10 21:13 . 2010-06-10 21:13 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll + 2010-08-12 06:22 . 2010-08-12 06:22 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll - 2009-10-15 07:10 . 2009-10-15 07:10 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll - 2009-10-15 07:10 . 2009-10-15 07:10 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll + 2010-08-12 06:22 . 2010-08-12 06:22 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll + 2010-08-12 06:22 . 2010-08-12 06:22 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll - 2009-10-15 07:10 . 2009-10-15 07:10 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll - 2009-10-15 07:10 . 2009-10-15 07:10 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll + 2010-08-12 06:22 . 2010-08-12 06:22 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll + 2010-08-12 06:22 . 2010-08-12 06:22 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll - 2009-10-15 07:10 . 2009-10-15 07:10 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll - 2009-10-15 07:10 . 2009-10-15 07:10 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll + 2010-08-12 06:22 . 2010-08-12 06:22 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll - 2009-10-15 07:10 . 2009-10-15 07:10 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll + 2010-08-12 06:22 . 2010-08-12 06:22 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll + 2010-06-10 21:13 . 2010-06-10 21:13 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll - 2009-08-26 12:34 . 2009-08-26 12:34 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll - 2009-10-15 07:10 . 2009-10-15 07:10 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll + 2010-08-12 06:22 . 2010-08-12 06:22 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll + 2010-08-12 06:22 . 2010-08-12 06:22 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll - 2009-10-15 07:10 . 2009-10-15 07:10 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll + 2010-08-12 06:22 . 2010-08-12 06:22 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll - 2009-10-15 07:10 . 2009-10-15 07:10 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll - 2009-10-15 07:10 . 2009-10-15 07:10 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2010-08-12 06:22 . 2010-08-12 06:22 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2010-08-12 06:22 . 2010-08-12 06:22 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll - 2009-10-15 07:10 . 2009-10-15 07:10 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll - 2009-10-15 07:10 . 2009-10-15 07:10 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll + 2010-08-12 06:22 . 2010-08-12 06:22 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll - 2009-10-15 07:10 . 2009-10-15 07:10 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll + 2010-08-12 06:22 . 2010-08-12 06:22 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll - 2009-10-15 07:10 . 2009-10-15 07:10 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll + 2010-08-12 06:22 . 2010-08-12 06:22 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll + 2010-08-12 06:22 . 2010-08-12 06:22 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll - 2009-10-15 07:10 . 2009-10-15 07:10 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll - 2009-10-15 07:10 . 2009-10-15 07:10 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll + 2010-08-12 06:22 . 2010-08-12 06:22 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2009-10-15 07:10 . 2009-10-15 07:10 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll + 2010-08-12 06:22 . 2010-08-12 06:22 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll + 2010-05-26 06:08 . 2009-05-26 09:01 388984 c:\windows\$NtUninstallKB981793$\spuninst\updspapi.dll + 2010-05-26 06:08 . 2009-05-26 09:01 234872 c:\windows\$NtUninstallKB981793$\spuninst\spuninst.exe + 2010-06-10 21:17 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB980218$\spuninst\updspapi.dll + 2010-06-10 21:17 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB980218$\spuninst\spuninst.exe + 2010-06-10 21:17 . 2008-04-14 12:00 285696 c:\windows\$NtUninstallKB980218$\atmfd.dll + 2010-06-10 06:18 . 2008-07-08 13:00 388984 c:\windows\$NtUninstallKB980195$\spuninst\updspapi.dll + 2010-06-10 06:18 . 2008-07-08 13:00 234872 c:\windows\$NtUninstallKB980195$\spuninst\spuninst.exe + 2010-06-10 06:17 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB979559$\spuninst\updspapi.dll + 2010-06-10 06:17 . 2009-05-26 09:01 234872 c:\windows\$NtUninstallKB979559$\spuninst\spuninst.exe + 2010-06-10 06:15 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB979482$\spuninst\updspapi.dll + 2010-06-10 06:15 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB979482$\spuninst\spuninst.exe + 2010-06-10 06:15 . 2007-07-27 21:11 382840 c:\windows\$NtUninstallKB978695_WM9$\spuninst\updspapi.dll + 2010-06-10 06:15 . 2007-07-27 18:46 234872 c:\windows\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe + 2010-05-12 06:13 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB978542$\spuninst\updspapi.dll + 2010-05-12 06:13 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB978542$\spuninst\spuninst.exe + 2010-05-12 06:13 . 2008-04-11 19:04 691712 c:\windows\$NtUninstallKB978542$\inetcomm.dll + 2010-06-10 06:15 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB975562$\spuninst\updspapi.dll + 2010-06-10 06:15 . 2008-07-08 13:00 234872 c:\windows\$NtUninstallKB975562$\spuninst\spuninst.exe + 2010-07-16 11:20 . 2010-02-22 17:52 388984 c:\windows\$NtUninstallKB2229593$\spuninst\updspapi.dll + 2010-07-16 11:20 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB2229593$\spuninst\spuninst.exe + 2010-07-16 11:20 . 2008-04-14 12:00 744448 c:\windows\$NtUninstallKB2229593$\helpsvc.exe + 2010-06-10 06:17 . 2010-02-22 14:22 388984 c:\windows\$hf_mig$\KB982381-IE8\update\updspapi.dll + 2010-06-10 06:17 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB982381-IE8\update\update.exe + 2010-06-10 06:17 . 2008-07-08 13:00 234872 c:\windows\$hf_mig$\KB982381-IE8\spuninst.exe + 2010-06-10 06:10 . 2010-05-06 10:26 919040 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll + 2010-06-10 06:10 . 2010-05-06 10:26 206848 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\occache.dll + 2010-06-10 06:10 . 2010-05-06 10:26 611840 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mstime.dll + 2010-06-10 06:10 . 2010-05-06 10:26 599040 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\msfeeds.dll + 2010-06-10 06:10 . 2010-05-06 10:26 247808 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\ieproxy.dll + 2010-06-10 06:10 . 2010-05-06 10:26 184320 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iepeers.dll + 2010-06-10 06:10 . 2010-05-06 10:26 743424 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iedvtool.dll + 2010-06-10 06:10 . 2010-05-06 10:26 387584 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iedkcs32.dll + 2010-06-10 06:10 . 2010-05-05 13:55 173056 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\ie4uinit.exe + 2010-06-10 21:17 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB980218\update\updspapi.dll + 2010-06-10 21:17 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB980218\update\update.exe + 2010-06-10 21:17 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB980218\spuninst.exe + 2010-04-20 05:37 . 2010-04-20 05:37 285824 c:\windows\$hf_mig$\KB980218\SP3QFE\atmfd.dll + 2010-06-10 06:18 . 2008-07-08 13:00 388984 c:\windows\$hf_mig$\KB980195\update\updspapi.dll + 2010-06-10 06:18 . 2008-07-08 13:00 765304 c:\windows\$hf_mig$\KB980195\update\update.exe + 2010-06-10 06:18 . 2008-07-08 13:00 234872 c:\windows\$hf_mig$\KB980195\spuninst.exe + 2010-06-10 06:17 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB979559\update\updspapi.dll + 2010-06-10 06:17 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB979559\update\update.exe + 2010-06-10 06:17 . 2009-05-26 09:01 234872 c:\windows\$hf_mig$\KB979559\spuninst.exe + 2010-06-10 06:15 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB979482\update\updspapi.dll + 2010-06-10 06:15 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB979482\update\update.exe + 2010-06-10 06:15 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB979482\spuninst.exe + 2010-05-12 06:13 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB978542\update\updspapi.dll + 2010-05-12 06:13 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB978542\update\update.exe + 2010-05-12 06:13 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB978542\spuninst.exe + 2010-01-29 14:53 . 2010-01-29 14:53 691712 c:\windows\$hf_mig$\KB978542\SP3QFE\inetcomm.dll + 2010-06-10 06:15 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB975562\update\updspapi.dll + 2010-06-10 06:15 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB975562\update\update.exe + 2010-06-10 06:15 . 2008-07-08 13:00 234872 c:\windows\$hf_mig$\KB975562\spuninst.exe + 2010-07-16 11:20 . 2010-02-22 17:52 388984 c:\windows\$hf_mig$\KB2229593\update\updspapi.dll + 2010-07-16 11:20 . 2010-02-22 14:21 765304 c:\windows\$hf_mig$\KB2229593\update\update.exe + 2010-07-16 11:20 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB2229593\spuninst.exe + 2010-07-16 10:20 . 2010-06-14 14:38 744448 c:\windows\$hf_mig$\KB2229593\SP3QFE\helpsvc.exe + 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll + 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll - 2008-07-29 07:05 . 2008-07-29 07:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll + 2008-07-29 06:05 . 2008-07-29 06:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll + 2008-07-29 06:05 . 2008-07-29 06:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll - 2008-07-29 07:05 . 2008-07-29 07:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll + 2009-07-11 20:11 . 2009-07-11 20:11 5102400 c:\windows\WinSxS\amd64_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d7860533\mfc90u.dll + 2009-07-11 20:11 . 2009-07-11 20:11 5083448 c:\windows\WinSxS\amd64_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d7860533\mfc90.dll + 2009-06-05 09:51 . 2010-04-06 02:52 2462720 c:\windows\system32\WMVCore.dll + 2009-06-05 09:51 . 2010-06-24 12:22 1210368 c:\windows\system32\urlmon.dll + 2009-06-05 09:51 . 2010-07-27 06:29 8503296 c:\windows\system32\shell32.dll - 2009-06-05 09:51 . 2009-11-27 17:11 1297408 c:\windows\system32\quartz.dll + 2009-06-05 09:51 . 2010-02-05 18:25 1297408 c:\windows\system32\quartz.dll + 2007-06-05 11:20 . 2007-06-05 11:20 1459752 c:\windows\system32\PSIKey.dll + 2008-04-14 07:29 . 2010-04-28 05:41 2148864 c:\windows\system32\ntoskrnl.exe - 2008-04-14 07:29 . 2010-02-16 19:04 2148864 c:\windows\system32\ntoskrnl.exe + 2008-04-14 07:30 . 2010-04-28 05:41 2027008 c:\windows\system32\ntkrnlpa.exe - 2008-04-14 07:30 . 2010-02-16 19:04 2027008 c:\windows\system32\ntkrnlpa.exe + 2009-06-05 09:51 . 2010-06-24 12:22 5951488 c:\windows\system32\mshtml.dll + 2009-10-28 03:40 . 2010-08-08 05:57 5612496 c:\windows\system32\Macromed\Flash\NPSWF32.dll + 2009-03-08 02:32 . 2010-06-24 12:21 1986560 c:\windows\system32\iertutil.dll + 2009-06-05 09:51 . 2010-04-06 02:52 2462720 c:\windows\system32\dllcache\WMVCore.dll + 2009-06-05 09:51 . 2010-06-24 09:02 1852032 c:\windows\system32\dllcache\win32k.sys + 2009-06-05 09:51 . 2010-06-24 12:22 1210368 c:\windows\system32\dllcache\urlmon.dll + 2009-06-05 09:51 . 2010-07-27 06:29 8503296 c:\windows\system32\dllcache\shell32.dll - 2009-06-05 09:51 . 2009-11-27 17:11 1297408 c:\windows\system32\dllcache\quartz.dll + 2009-06-05 09:51 . 2010-02-05 18:25 1297408 c:\windows\system32\dllcache\quartz.dll - 2009-06-05 09:21 . 2010-02-17 12:04 2192256 c:\windows\system32\dllcache\ntoskrnl.exe + 2009-06-05 09:21 . 2010-04-28 18:11 2192256 c:\windows\system32\dllcache\ntoskrnl.exe + 2009-06-05 09:21 . 2010-04-28 05:41 2027008 c:\windows\system32\dllcache\ntkrpamp.exe - 2009-06-05 09:21 . 2010-02-16 19:04 2027008 c:\windows\system32\dllcache\ntkrpamp.exe - 2009-02-10 17:03 . 2010-02-16 19:04 2069120 c:\windows\system32\dllcache\ntkrnlpa.exe + 2009-02-10 17:03 . 2010-04-28 05:41 2069120 c:\windows\system32\dllcache\ntkrnlpa.exe - 2009-06-05 09:21 . 2010-02-16 19:04 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe + 2009-06-05 09:21 . 2010-04-28 05:41 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe - 2009-06-05 09:51 . 2009-07-31 04:32 1172480 c:\windows\system32\dllcache\msxml3.dll + 2009-06-05 09:51 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll - 2009-06-05 08:59 . 2009-07-10 13:26 1315328 c:\windows\system32\dllcache\msoe.dll + 2009-06-05 08:59 . 2010-01-29 14:59 1315328 c:\windows\system32\dllcache\msoe.dll + 2009-06-05 09:51 . 2010-06-24 12:22 5951488 c:\windows\system32\dllcache\mshtml.dll + 2009-06-05 08:59 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe - 2009-06-05 08:59 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe + 2009-08-26 12:27 . 2010-06-24 12:21 1986560 c:\windows\system32\dllcache\iertutil.dll + 2009-11-06 23:06 . 2009-11-06 23:06 1130824 c:\windows\system32\dfshim.dll + 2010-04-07 21:48 . 2010-04-07 21:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll - 2008-11-25 02:59 . 2008-11-25 02:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll + 2010-03-23 03:32 . 2010-03-23 03:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll + 2010-03-23 03:32 . 2010-03-23 03:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll - 2009-08-07 21:51 . 2009-08-07 21:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll + 2010-05-11 04:40 . 2010-05-11 04:40 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll + 2010-05-11 04:40 . 2010-05-11 04:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll + 2010-04-01 09:42 . 2010-04-01 09:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll - 2008-05-27 23:35 . 2008-05-27 23:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll + 2010-04-01 09:42 . 2010-04-01 09:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll - 2008-05-27 23:35 . 2008-05-27 23:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll + 2010-03-31 12:50 . 2010-03-31 12:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll - 2008-05-27 22:48 . 2008-05-27 22:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll + 2010-03-31 12:50 . 2010-03-31 12:50 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll + 2010-04-01 09:42 . 2010-04-01 09:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll - 2008-05-27 22:43 . 2008-05-27 22:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll + 2010-07-02 19:15 . 2010-07-02 19:15 1472000 c:\windows\Installer\c50570.msi + 2010-06-20 08:01 . 2010-06-20 08:01 8040960 c:\windows\Installer\8a234b.msp + 2010-07-02 16:56 . 2010-07-02 16:56 2286080 c:\windows\Installer\346ee9.msi + 2010-07-02 16:37 . 2010-07-02 16:37 1096704 c:\windows\Installer\346ede.msi + 2009-11-08 22:25 . 2009-11-08 22:25 1935360 c:\windows\Installer\2add3c.msp + 2010-06-17 15:31 . 2010-06-17 15:31 1973248 c:\windows\Installer\1b0714.msi + 2010-06-17 15:29 . 2010-06-17 15:29 3467776 c:\windows\Installer\1b0707.msi + 2010-04-11 20:17 . 2010-04-11 20:17 2607104 c:\windows\Installer\127b3af.msp + 2010-04-11 20:17 . 2010-04-11 20:17 4210688 c:\windows\Installer\127b3ae.msp + 2010-06-20 10:46 . 2010-06-20 10:46 1219584 c:\windows\Installer\122c565.msi + 2007-08-21 09:50 . 2007-08-21 09:50 1060864 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\mfc71.dll + 2007-08-21 09:50 . 2007-08-21 09:50 2180968 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\igcore15d.dll + 2007-08-21 09:50 . 2007-08-21 09:50 1873224 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\corepython24.dll + 2007-08-21 09:50 . 2007-08-21 09:50 1086792 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\coreorganizer.dll + 2007-08-21 09:50 . 2007-08-21 09:50 1354568 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\corel_mediaonerc.dll + 2007-08-21 09:50 . 2007-08-21 09:50 2301256 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\corel_mediaone.exe + 2007-08-21 09:50 . 2007-08-21 09:50 1882952 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\coreimageformats.dll + 2007-08-21 09:50 . 2007-08-21 09:50 1594696 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\coregui.dll + 2007-08-21 09:50 . 2007-08-21 09:50 1530696 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\coregdi.dll + 2007-08-21 09:50 . 2007-08-21 09:50 1012040 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\corecontrols.dll + 2007-08-21 09:50 . 2007-08-21 09:50 2333000 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\corecmd.dll + 2007-08-21 09:50 . 2007-08-21 09:50 1705800 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\cmdbase2.dll + 2007-08-21 09:50 . 2007-08-21 09:50 1227592 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\cmdbase1.dll + 2010-06-10 06:17 . 2010-02-25 06:15 1209344 c:\windows\ie8updates\KB982381-IE8\urlmon.dll + 2010-06-10 06:17 . 2010-02-25 06:15 5944832 c:\windows\ie8updates\KB982381-IE8\mshtml.dll + 2010-06-10 06:17 . 2010-02-25 06:15 1985536 c:\windows\ie8updates\KB982381-IE8\iertutil.dll + 2010-08-12 06:20 . 2010-05-06 10:31 1209344 c:\windows\ie8updates\KB2183461-IE8\urlmon.dll + 2010-08-12 06:20 . 2010-05-06 10:31 5950976 c:\windows\ie8updates\KB2183461-IE8\mshtml.dll + 2010-08-12 06:20 . 2010-05-06 10:31 1985536 c:\windows\ie8updates\KB2183461-IE8\iertutil.dll + 2009-06-05 09:21 . 2010-04-28 18:11 2192256 c:\windows\Driver Cache\i386\ntoskrnl.exe - 2009-06-05 09:21 . 2010-02-17 12:04 2192256 c:\windows\Driver Cache\i386\ntoskrnl.exe - 2009-06-05 09:21 . 2010-02-16 19:04 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe + 2009-06-05 09:21 . 2010-04-28 05:41 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe - 2009-02-10 17:03 . 2010-02-16 19:04 2069120 c:\windows\Driver Cache\i386\ntkrnlpa.exe + 2009-02-10 17:03 . 2010-04-28 05:41 2069120 c:\windows\Driver Cache\i386\ntkrnlpa.exe - 2009-06-05 09:21 . 2010-02-16 19:04 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2009-06-05 09:21 . 2010-04-28 05:41 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2010-06-10 21:15 . 2010-06-10 21:15 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_ef768b7a\System.dll + 2010-06-10 21:14 . 2010-06-10 21:14 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_2b5be7b9\System.dll + 2010-06-10 21:15 . 2010-06-10 21:15 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_78c3623b\System.Xml.dll + 2010-06-10 21:15 . 2010-06-10 21:15 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_4f3730fc\System.Xml.dll + 2010-06-10 21:15 . 2010-06-10 21:15 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_f2844da4\System.Windows.Forms.dll + 2010-06-10 21:15 . 2010-06-10 21:15 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_b097d4ce\System.Windows.Forms.dll + 2010-06-10 21:15 . 2010-06-10 21:15 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_16db51d7\System.Drawing.dll + 2010-06-10 21:15 . 2010-06-10 21:15 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_b872c61f\System.Design.dll + 2010-06-10 21:15 . 2010-06-10 21:15 1466368 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_a146b704\System.Design.dll + 2010-06-10 21:15 . 2010-06-10 21:15 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a5a738c4\mscorlib.dll + 2010-06-10 21:15 . 2010-06-10 21:15 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_0ab99378\mscorlib.dll + 2010-08-12 16:11 . 2010-08-12 16:11 3808768 c:\windows\assembly\NativeImages_v2.0.50727_32\YTUploader\c43809231df824fbcef3809a37a26b00\YTUploader.ni.dll + 2010-08-12 06:24 . 2010-08-12 06:24 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cec7ecb8eac09dd630d180ce87d23b80\WindowsBase.ni.dll + 2010-08-12 16:09 . 2010-08-12 16:09 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b7f6e7b265f9aae807ddc4284563e550\UIAutomationClientsideProviders.ni.dll + 2010-08-12 06:23 . 2010-08-12 06:23 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll + 2010-08-12 06:23 . 2010-08-12 06:23 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll + 2010-08-12 16:14 . 2010-08-12 16:14 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\60b3c9a63b2065a6952d16256545c25d\System.WorkflowServices.ni.dll + 2010-08-12 16:14 . 2010-08-12 16:14 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5cc2a23ce8ac371c7a97b5e542ee27ed\System.Workflow.Runtime.ni.dll + 2010-08-12 16:14 . 2010-08-12 16:14 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c0aabf67e7ef98dc10c3e174c136731b\System.Workflow.ComponentModel.ni.dll + 2010-08-12 16:14 . 2010-08-12 16:14 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\66682c8a064608ba4ffd0463cf09aef9\System.Workflow.Activities.ni.dll + 2010-08-12 16:09 . 2010-08-12 16:09 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2d662564b8d9c57a34c588cc2970902b\System.Web.Services.ni.dll + 2010-08-12 16:14 . 2010-08-12 16:14 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\9b455702c9b7b02c5708406f87986751\System.Web.Mobile.ni.dll + 2010-08-12 16:14 . 2010-08-12 16:14 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\49c7a1c78ed9502ba97c11e6bd993f63\System.Web.Extensions.ni.dll + 2010-08-12 16:09 . 2010-08-12 16:09 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5eb08849d17b272ed2a393420cb0305b\System.Speech.ni.dll + 2010-08-12 16:14 . 2010-08-12 16:14 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\f5790a1b7b41e7b8d05f01b549c80f39\System.ServiceModel.Web.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8061a0f5c1c2ee0549e19224352f67fa\System.Runtime.Serialization.ni.dll + 2010-08-12 16:08 . 2010-08-12 16:08 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\99767d4df92b83fdfb06012512722ec1\System.Printing.ni.dll + 2010-08-12 16:14 . 2010-08-12 16:14 4949504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\cf2f92b2b626f7e53e80146b17bd7bed\System.Management.Automation.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\0885f31c21b796465fde6297dba20981\System.IdentityModel.ni.dll + 2010-08-12 16:06 . 2010-08-12 16:06 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll + 2010-08-12 16:08 . 2010-08-12 16:08 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d20b7e58607ddb1ded9b687627ae8c21\System.DirectoryServices.ni.dll + 2010-08-12 16:06 . 2010-08-12 16:06 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\daa33674d4250e38a24b70180d209ac8\System.Deployment.ni.dll + 2010-08-12 16:08 . 2010-08-12 16:08 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f04ef00e652a8655a717639e8aeb7b63\System.Data.ni.dll + 2010-08-12 06:24 . 2010-08-12 06:24 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f0470c2be4e6bb1dadbeed43e4e8af5c\System.Data.SqlXml.ni.dll + 2010-08-12 16:14 . 2010-08-12 16:14 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\23cf0498f2ebe4c8ffa5cc79efca2dc5\System.Data.Services.ni.dll + 2010-08-12 16:09 . 2010-08-12 16:09 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\58202ed61096113d08815c0a78313b66\System.Data.OracleClient.ni.dll + 2010-08-12 16:09 . 2010-08-12 16:09 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c18c236a09e715138daec2e25be205bb\System.Data.Linq.ni.dll + 2010-08-12 16:14 . 2010-08-12 16:14 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll + 2010-08-12 16:09 . 2010-08-12 16:09 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\faeda674832135a080bc73eda51813ff\System.Core.ni.dll + 2010-08-12 16:08 . 2010-08-12 16:08 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\3e85c3d63ce3c3f37061aa626feb2a52\ReachFramework.ni.dll + 2010-08-12 16:08 . 2010-08-12 16:08 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bf67db30179ff6e8cb1bdbaa290d122e\PresentationUI.ni.dll + 2010-08-12 06:23 . 2010-08-12 06:23 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\835786d8a0caabae09ad440f6e3abfc6\PresentationBuildTasks.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 4789760 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Framework#\eaf69b26b1cc85401a94723770031244\Panasonic.Framework.View.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 2354176 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Framework#\d055c0ae81aefe8cf712878d6198d341\Panasonic.Framework.View.Area.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 4415488 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Framework#\826ea0eb3328f6976602d717b5570e0c\Panasonic.Framework.Model.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 1663488 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Framework#\26350805daa41818b11ee70311c3ab39\Panasonic.Framework.View.Parts.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 3734016 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Framework#\20feb964e4ab4fef4d3d2ba7aaba9c01\Panasonic.Framework.View.Resource.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 1063936 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.MACS\0b1d420f21f324cd52ca94fd1a6b4cc5\Panasonic.Core.MACS.ni.dll + 2010-08-14 13:56 . 2010-08-14 13:56 3140608 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet\250df0760d03a235eb14982ca90c30b6\PaintDotNet.ni.exe + 2010-08-14 13:56 . 2010-08-14 13:56 1870848 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Core\09c84c7483acbf395f854cf414564992\PaintDotNet.Core.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\9732a7c993055f82040642966db07ccf\Microsoft.VisualBasic.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\773d7bf69a9a0c0556aa41f53e75ab05\Microsoft.Transactions.Bridge.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 2766336 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\fe7296468a17db9cb46bed85ae931b0e\Microsoft.MapPoint.Graphics3D.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 1949184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\ecf4a3607505d76357ddf05f0191bd09\Microsoft.MapPoint.Modeling.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 4094976 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\9db9b5f60b3ab9adbb155e2719fb622f\Microsoft.MapPoint.Rendering3D.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 1217024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\47857e354d635fd46499bd0d9c547b7b\Microsoft.MapPoint.Data.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 1524224 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\1eeb37443afc3f5f60df69faf20b1895\Microsoft.MapPoint.GraphicsAPI.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 1524736 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\14b6f742980ace494855bc8db32417d5\Microsoft.MapPoint.Rendering3D.WorldMemoryDataSou rce.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d0fb91b296616a1a844bf265947018ee\Microsoft.Build.Tasks.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\892e993c8df1c75081113131dc429c15\Microsoft.Build.Tasks.v3.5.ni.dll + 2010-08-12 16:13 . 2010-08-12 16:13 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d0beebd2c9045158cdcd4bd5987b717b\Microsoft.Build.Engine.ni.dll + 2010-06-24 06:17 . 2010-06-24 06:17 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll + 2010-08-12 06:22 . 2010-08-12 06:22 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll + 2010-08-12 06:22 . 2010-08-12 06:22 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll - 2009-10-15 07:10 . 2009-10-15 07:10 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll - 2009-10-15 07:10 . 2009-10-15 07:10 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll + 2010-08-12 06:22 . 2010-08-12 06:22 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll + 2010-06-10 21:13 . 2010-06-10 21:13 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll - 2009-10-15 07:10 . 2009-10-15 07:10 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll + 2010-08-12 06:22 . 2010-08-12 06:22 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll + 2010-06-24 06:17 . 2010-06-24 06:17 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll + 2010-08-12 06:22 . 2010-08-12 06:22 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll - 2009-10-15 07:10 . 2009-10-15 07:10 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll - 2009-10-15 07:10 . 2009-10-15 07:10 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll + 2010-08-12 06:22 . 2010-08-12 06:22 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll - 2009-08-26 12:34 . 2009-08-26 12:34 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll + 2010-06-24 06:17 . 2010-06-24 06:17 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll + 2010-08-12 06:22 . 2010-08-12 06:22 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll - 2009-10-15 07:07 . 2009-10-15 07:07 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll + 2010-06-10 21:14 . 2010-06-10 21:14 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll + 2010-06-10 21:14 . 2010-06-10 21:14 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll - 2009-10-15 07:07 . 2009-10-15 07:07 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll + 2010-06-10 06:17 . 2009-08-14 15:10 1850752 c:\windows\$NtUninstallKB979559$\win32k.sys + 2010-06-10 06:15 . 2009-05-20 02:56 2458112 c:\windows\$NtUninstallKB978695_WM9$\wmvcore.dll + 2010-05-12 06:13 . 2009-07-10 13:26 1315328 c:\windows\$NtUninstallKB978542$\msoe.dll + 2010-06-10 06:15 . 2009-11-27 17:11 1297408 c:\windows\$NtUninstallKB975562$\quartz.dll + 2010-06-10 06:10 . 2010-05-06 10:26 1209856 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\urlmon.dll + 2010-06-10 06:10 . 2010-05-06 10:26 5953024 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll + 2010-06-10 06:10 . 2010-05-06 10:26 1986048 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iertutil.dll + 2010-05-02 08:00 . 2010-05-02 08:00 1860480 c:\windows\$hf_mig$\KB979559\SP3QFE\win32k.sys + 2010-01-29 14:53 . 2010-01-29 14:53 1315328 c:\windows\$hf_mig$\KB978542\SP3QFE\msoe.dll + 2010-02-05 18:28 . 2010-02-05 18:28 1297408 c:\windows\$hf_mig$\KB975562\SP3QFE\quartz.dll + 2009-08-26 12:37 . 2010-08-03 18:09 35962312 c:\windows\system32\MRT.exe + 2009-03-08 02:39 . 2010-06-24 15:51 11077120 c:\windows\system32\ieframe.dll + 2009-07-19 16:41 . 2010-06-24 15:51 11077120 c:\windows\system32\dllcache\ieframe.dll + 2010-04-02 17:29 . 2010-04-02 17:29 11413504 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp + 2010-08-13 18:09 . 2010-08-13 18:09 12263936 c:\windows\Installer\7f390b.msp + 2010-06-17 16:15 . 2010-06-17 16:15 33086464 c:\windows\Installer\47efa5.msp + 2010-05-19 11:08 . 2010-05-19 11:08 11408896 c:\windows\Installer\399194.msp + 2010-03-30 23:23 . 2010-03-30 23:23 15638528 c:\windows\Installer\2add48.msp + 2010-06-17 15:30 . 2010-06-17 15:30 93624320 c:\windows\Installer\1b070e.msi + 2010-04-02 10:30 . 2010-04-02 10:30 17456640 c:\windows\Installer\127b3da.msp + 2010-04-11 20:17 . 2010-04-11 20:17 14599680 c:\windows\Installer\127b3bd.msp + 2010-06-10 06:17 . 2010-02-25 09:45 11070976 c:\windows\ie8updates\KB982381-IE8\ieframe.dll + 2010-08-12 06:20 . 2010-05-06 10:31 11076096 c:\windows\ie8updates\KB2183461-IE8\ieframe.dll + 2010-08-12 16:06 . 2010-08-12 16:06 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll + 2010-08-12 16:09 . 2010-08-12 16:09 11798016 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\411a627d6f5cb83509332253406988e5\System.Web.ni.dll + 2010-08-12 16:12 . 2010-08-12 16:12 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\f523a69e7c93ee4f245c996eac4b3a57\System.ServiceModel.ni.dll + 2010-08-12 16:09 . 2010-08-12 16:09 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\b307acf63075b997d02a97a7492d0d9c\System.Design.ni.dll + 2010-08-12 16:08 . 2010-08-12 16:08 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a632f3ef85ffd35341b383eed577cb93\PresentationFramework.ni.dll + 2010-08-12 16:05 . 2010-08-12 16:05 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f00db8db51f5707c7fe52c0683dc6136\PresentationCore.ni.dll + 2010-08-12 06:23 . 2010-08-12 06:23 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll + 2010-05-06 13:56 . 2010-05-06 13:56 11078144 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\ieframe.dll . -- Snapshot auf jetziges Datum zurückgesetzt -- . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\programme\softonic-de3\tbsof1.dll" [2010-05-15 2515552] "{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\programme\Winload\tbWin0.dll" [2010-05-15 2515552] "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\programme\MyAshampoo\tbMyAs.dll" [2009-12-31 2349080] [HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}] [HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}] [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}] 2010-05-15 17:33 2515552 ----a-w- c:\programme\Winload\tbWin0.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}] 2009-12-31 09:53 2349080 ----a-w- c:\programme\MyAshampoo\tbMyAs.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}] 2010-05-15 17:33 2515552 ----a-w- c:\programme\softonic-de3\tbsof1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\programme\softonic-de3\tbsof1.dll" [2010-05-15 2515552] "{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\programme\Winload\tbWin0.dll" [2010-05-15 2515552] "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\programme\MyAshampoo\tbMyAs.dll" [2009-12-31 2349080] [HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}] [HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}] [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{40C3CC16-7269-4B32-9531-17F2950FB06F}"= "c:\programme\Winload\tbWin0.dll" [2010-05-15 2515552] "{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\programme\softonic-de3\tbsof1.dll" [2010-05-15 2515552] "{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\programme\MyAshampoo\tbMyAs.dll" [2009-12-31 2349080] [HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}] [HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}] [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-27 2010864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656] "Norman ZANDA"="c:\programme\Norman\Npm\Bin\ZLH.EXE" [2010-01-29 189824] "T-DSL SpeedMgr"="c:\programme\T-DSL SpeedManager\SpeedMgr.exe" [2004-07-14 397312] "HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152] "RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040] "Ulead AutoDetector v2"="c:\programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe" [2007-08-02 95504] "Corel File Shell Monitor"="c:\programme\Corel\Corel MediaOne\CorelIOMonitor.exe" [2007-12-01 38400] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\ Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 13:21 548352 ----a-w- c:\programme\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Image Zone Schnellstart.lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Image Zone Schnellstart.lnk backup=c:\windows\pss\HP Image Zone Schnellstart.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-06-20 02:04 35760 ----a-w- c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\Bayern 3D\\Bayern3D.exe"= R1 NGS;Norman General Security Driver;c:\programme\Norman\ngs\bin\ngs.sys [17.08.2010 22:44 26744] R1 NPROSEC;Norman Security driver;c:\programme\Norman\ngs\bin\nprosec.sys [17.08.2010 22:44 72392] R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\SASDIFSV.SYS [15.09.2009 11:42 12872] R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [15.09.2009 11:42 66632] R2 ACEDRV08;ACEDRV08;c:\windows\system32\drivers\ACEDRV08.sys [09.11.2009 20:43 108768] R2 drhard;drhard;c:\windows\system32\drivers\drhard.sys [27.08.2009 21:07 23600] R2 Ndiskio;Ndiskio;c:\programme\Norman\Nse\Bin\Ndiskio.sys [15.10.2009 20:59 22880] R2 NNFSVC;Norman Network Filtering service;c:\programme\Norman\ngs\bin\nnf.exe [17.08.2010 22:44 219904] R2 NPROSECSVC;Norman Security service;c:\programme\Norman\ngs\bin\nprosec.exe [17.08.2010 22:44 103016] R2 nregsec;Norman Registry Security driver;c:\programme\Norman\ngs\bin\nregsec.sys [17.08.2010 22:44 40384] R2 NVOY;Norman Resource Provider;c:\programme\Norman\Npm\Bin\nvoy.exe [27.08.2009 10:14 98776] R3 nsesvc;Norman Scanner Engine Service;c:\programme\Norman\Nse\Bin\Nsesvc.exe [17.06.2010 21:07 282624] R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [27.08.2009 10:14 21832] R3 nvcoas;Norman Virus Control on-access component;c:\programme\Norman\nvc\bin\Nvcoas.exe [27.08.2009 10:14 210248] R3 SASENUM;SASENUM;c:\programme\SUPERAntiSpyware\SASENUM.SYS [15.09.2009 11:42 12872] R3 Scheduler;Norman Scheduler Service;c:\programme\Norman\Npm\Bin\scheduler.exe [27.08.2009 10:18 133272] S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [29.08.2009 17:15 133104] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [05.06.2009 11:22 1684736] S3 cpuz131;cpuz131;\??\c:\dokume~1\ADMINI~1\LOKALE~1\Temp\cpuz131\cpuz_x32.sys --> c:\dokume~1\ADMINI~1\LOKALE~1\Temp\cpuz131\cpuz_x32.sys [?] S3 NVCScheduler;Norman Virus Control Scheduler;"c:\programme\Norman\Npm\Bin\Nvcsched.exe" --> c:\programme\Norman\Npm\Bin\Nvcsched.exe [?] S3 TNPacket;T-Systems Nova Packet Capture Driver;c:\programme\T-DSL SpeedManager\TNPACKET.SYS [11.03.2004 17:44 9696] S3 WPEServ;WPEServ;c:\programme\Gemeinsame Dateien\WPE\wpeserv.exe [05.01.2010 18:37 323584] --- Andere Dienste/Treiber im Speicher --- *Deregistered* - mchInjDrv . Inhalt des "geplante Tasks" Ordners 2010-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programme\Google\Update\GoogleUpdate.exe [2009-08-29 14:25] 2010-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programme\Google\Update\GoogleUpdate.exe [2009-08-29 14:25] 2010-08-31 c:\windows\Tasks\HPpromotions journeysoftware.job - c:\programme\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 15:36] . . |
|
31.08.2010, 21:54
| #9 |
| | Internetverbindung wird ständig selbstständig unterbrochen Der Text war zu lang. Hier der Rest. ------- Zusätzlicher Suchlauf ------- . uStart Page = about:blank uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Crawler Search - tbr:iemenu IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {3A6AC65B-5C4A-42F4-BE0B-667259779C59} = 217.0.43.177 217.0.43.161 Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\programme\Crawler\ctbr.dll FF - ProfilePath - c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - MyAshampoo Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://de.wikipedia.org/wiki/Benutzer:Rainer_Lippert FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= FF - component: c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\components\FFExternalAlert.dll FF - component: c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\components\RadioWMPCore.dll FF - component: c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\FFExternalAlert.dll FF - component: c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\RadioWMPCore.dll FF - component: c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\FFExternalAlert.dll FF - component: c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCore.dll FF - component: c:\programme\Crawler\firefox\components\xcomm.dll FF - component: c:\programme\Crawler\firefox\components\xshared.dll FF - component: c:\programme\Crawler\firefox\components\xsupport.dll FF - component: c:\programme\Crawler\firefox\components\xwsg.dll FF - plugin: c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\programme\Google\Picasa3\npPicasa3.dll FF - plugin: c:\programme\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\programme\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\programme\Virtual Earth 3D\npVE3D.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- FF - user.js: browser.sessionstore.resume_from_crash - false FF - user.js: yahoo.homepage.dontask - truec:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - Entfernte verwaiste Registrierungseinträge - - - - AddRemove-_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF} - c:\programme\Corel\Corel Painter Essentials 3\MSILauncher {0C180787-F8C8-42FD-A9D3-689BA44BEAAF} ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2010-08-31 22:47 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'winlogon.exe'(580) c:\programme\SUPERAntiSpyware\SASWINLO.dll . Zeit der Fertigstellung: 2010-08-31 22:49:53 ComboFix-quarantined-files.txt 2010-08-31 20:49 ComboFix2.txt 2010-04-29 20:22 Vor Suchlauf: 74.366.976 Bytes frei Nach Suchlauf: 859.668.480 Bytes frei WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - DBA519138DFD79BBF20762829AFF805E |
|
01.09.2010, 11:52
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internetverbindung wird ständig selbstständig unterbrochenZitat:
 Es gibt da so eine Passwort vergessen Funktion bei Deinem Mailprovider. Aber eigentlich notiert man sich die wichtigsten Passwörter. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.09.2010, 19:11
| #11 |
| | Internetverbindung wird ständig selbstständig unterbrochen Hallo, Passwort habe ich gefunden  Nutze inzwischen schon Thunderbird. Danke für den Tipp. GMER ist mehrmals abgestürtzt. OSAM lässt sich nicht starten, weil eine Datei fehlt. Er sagt, eine Neuinstallation könne helfen. Ich habe es mehrmals gemacht, ohne Erfolg. Grüße, Rainer |
|
01.09.2010, 19:25
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internetverbindung wird ständig selbstständig unterbrochen Bitte entpack OSAM mit 7-ZIP oder WinRAR Und McAfee vorher deaktivieren, da es die OSAM.exe als schädlich einstuft, was aber ein Fehlalarm ist!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.09.2010, 20:59
| #13 |
| | Internetverbindung wird ständig selbstständig unterbrochen Jetzt hat es geklappt. Hier das Logfile. Viele Grüße, Rainer OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:58:10 on 01.09.2010 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.8 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "HPpromotions journeysoftware.job" - "hp" - C:\Programme\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "PCWizard.cpl" - "CPUID" - C:\WINDOWS\system32\PCWizard.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ACEDRV08" (ACEDRV08) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\ACEDRV08.sys "catchme" (catchme) - ? - C:\DOKUME~1\User\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "cpuz131" (cpuz131) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\cpuz131\cpuz_x32.sys (File not found) "drhard" (drhard) - "Licensed for Gebhard Software" - C:\WINDOWS\system32\drivers\drhard.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "Ndiskio" (Ndiskio) - "Norman ASA" - C:\Programme\Norman\Nse\Bin\NDISKIO.SYS "Norman General Security Driver" (NGS) - "Norman ASA" - c:\programme\norman\ngs\bin\ngs.sys "Norman Registry Security driver" (nregsec) - "Norman ASA" - C:\Programme\Norman\Ngs\Bin\nregsec.sys "Norman Security driver" (NPROSEC) - "Norman ASA" - C:\Programme\Norman\Ngs\Bin\nprosec.sys "NvcMFlt" (NvcMFlt) - "Norman ASA" - C:\WINDOWS\System32\DRIVERS\nvcw32mf.sys "PCANDIS5 Protocol Driver" (PCANDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\PROGRA~1\T-DSLS~1\PCANDIS5.SYS "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS "SASENUM" (SASENUM) - " SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASENUM.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.sys "T-Systems Nova Packet Capture Driver" (TNPacket) - "T-Systems Nova GmbH" - C:\Programme\T-DSL SpeedManager\TNPACKET.SYS "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {4D25FB7A-8902-4291-960E-9ADA051CFBBF} "tbr" - "Crawler.com" - C:\Programme\Crawler\ctbr.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\SUPERAntiSpyware\SASSEH.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} "IZArc DragDrop Menu" - ? - C:\Programme\IZArc\IZArcCM.dll (File found, but it contains no detailed information) {8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} "IZArc Shell Context Menu" - ? - C:\Programme\IZArc\IZArcCM.dll (File found, but it contains no detailed information) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL {806ED916-BE33-43B7-A0BF-85875E1347FC} "PDF2" - "TODO: <Company name>" - C:\Programme\DATA BECKER\PDF Genie 3.0\pdfshell.dll {5B8177CA-E44B-4A0A-960B-935A15B21B58} "PDFContextMenuExt Class" - "TODO: <Company name>" - C:\Programme\DATA BECKER\PDF Genie 3.0\pdfshell.dll {83CE324B-E2BF-4F03-97A8-2EFB84E57BAF} "PDFPropPageExt Class" - "TODO: <Company name>" - C:\Programme\DATA BECKER\PDF Genie 3.0\pdfshell.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {BD88A479-9623-4897-8546-BC62B9628F44} "SPTHandler" - ? - (File not found | COM-object registry key not found) {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Crawler Toolbar" - "Crawler.com" - C:\Programme\Crawler\ctbr.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "MyAshampoo Toolbar" - "Conduit Ltd." - C:\Programme\MyAshampoo\tbMyAs.dll <binary data> "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Programme\softonic-de3\tbsof1.dll <binary data> "Winload Toolbar" - "Conduit Ltd." - C:\Programme\Winload\tbWin0.dll <binary data> "{4A1C6093-14F9-44D7-860E-5D265CFCA9D9}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} "MyAshampoo Toolbar" - "Conduit Ltd." - C:\Programme\MyAshampoo\tbMyAs.dll {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Programme\softonic-de3\tbsof1.dll {40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" - "Conduit Ltd." - C:\Programme\Winload\tbWin0.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {722FE9B2-6895-42D9-9984-F4CB26616023} "Öffnen mit PDF Genie 3" - "TODO: <Company name>" - C:\Programme\DATA BECKER\PDF Genie 3.0\pdfshell.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "&Crawler Toolbar" - "Crawler.com" - C:\Programme\Crawler\ctbr.dll {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} "MyAshampoo Toolbar" - "Conduit Ltd." - C:\Programme\MyAshampoo\tbMyAs.dll {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Programme\softonic-de3\tbsof1.dll {40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" - "Conduit Ltd." - C:\Programme\Winload\tbWin0.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} "MyAshampoo Toolbar" - "Conduit Ltd." - C:\Programme\MyAshampoo\tbMyAs.dll {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Programme\softonic-de3\tbsof1.dll {10945114-b19f-4614-8450-b25e444a1020} "SparweltGutscheinAlarm.Sparwelt_Gutschein_Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" - "Conduit Ltd." - C:\Programme\Winload\tbWin0.dll {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} "{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}" - "Crawler.com" - C:\Programme\Crawler\ctbr.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office\OSA9.EXE (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\User\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Corel File Shell Monitor" - "Corel, Inc." - C:\Programme\Corel\Corel MediaOne\CorelIOMonitor.exe "HP Software Update" - "Hewlett-Packard Co." - C:\Programme\HP\HP Software Update\HPWuSchd2.exe "Norman ZANDA" - "Norman ASA" - "C:\Programme\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH "RemoteControl" - "Cyberlink Corp." - C:\Programme\CyberLink\PowerDVD\PDVDServ.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" "T-DSL SpeedMgr" - "T-Systems Nova, Berkom" - "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe" "Ulead AutoDetector v2" - "Ulead Systems, Inc." - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "HID Input Service" (HidServ) - ? - C:\WINDOWS\System32\hidserv.dll (File not found) "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe "Norman eLogger service 6" (eLoggerSvc6) - "Norman ASA" - C:\Programme\Norman\Npm\Bin\Elogsvc.exe "Norman Network Filtering service" (NNFSVC) - "Norman ASA" - C:\Programme\Norman\Ngs\Bin\Nnf.exe "Norman NJeeves" (Norman NJeeves) - "Norman ASA" - C:\Programme\Norman\Npm\Bin\Njeeves.exe "Norman Resource Provider" (NVOY) - "Norman ASA" - C:\Programme\Norman\npm\bin\nvoy.exe "Norman Scanner Engine Service" (nsesvc) - "Norman ASA" - C:\Programme\Norman\nse\bin\NSESVC.EXE "Norman Scheduler Service" (Scheduler) - "Norman ASA" - C:\Programme\Norman\Npm\Bin\scheduler.exe "Norman Security service" (NPROSECSVC) - "Norman ASA" - C:\Programme\Norman\Ngs\Bin\Nprosec.exe "Norman Virus Control on-access component" (nvcoas) - "Norman ASA" - C:\Programme\Norman\Nvc\Bin\nvcoas.exe "Norman Virus Control Scheduler" (NVCScheduler) - ? - "C:\Programme\Norman\Npm\Bin\Nvcsched.exe" (File not found) "Norman ZANDA" (Norman ZANDA) - "Norman ASA" - C:\Programme\Norman\Npm\Bin\Zanda.exe "Pml Driver HPZ12" (Pml Driver HPZ12) - "HP" - C:\WINDOWS\system32\HPZipm12.exe "ProtexisLicensing" (ProtexisLicensing) - ? - C:\WINDOWS\system32\PSIService.exe "TSMService" (TSMService) - "T-Systems Nova, Berkom" - C:\Programme\T-DSL SpeedManager\tsmsvc.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "WPEServ" (WPEServ) - "soft Xpansion" - C:\Programme\Gemeinsame Dateien\WPE\wpeserv.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.dll "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
01.09.2010, 21:04
| #14 |
| | Internetverbindung wird ständig selbstständig unterbrochen Hier nun alles vom bootkit. Viele Grüße, Rainer Bootkit Remover (c) 2009 eSage Lab www.esagelab.com Program version: 1.2.0.0 OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600) System volume is \\.\C: \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`007d8200 Boot sector MD5 is: 5ddc20efcc4d1dab37c348c7db7289cf Size Device Name MBR Status -------------------------------------------- 149 GB \\.\PhysicalDrive0 Unknown boot code Unknown boot code has been found on some of your physical disks. To inspect the boot code manually, dump the master boot sector: remover.exe dump <device_name> [output_file] To disinfect the master boot sector, use the following command: remover.exe fix <device_name> Done; Press any key to quit... |
|
02.09.2010, 10:09
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internetverbindung wird ständig selbstständig unterbrochen Einen Gegencheck brauch ich: Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Internetverbindung wird ständig selbstständig unterbrochen |
| adobe, becker, bho, downloader, einstellungen, excel, explorer, firefox, google, hijack, hijackthis, hkus\s-1-5-18, internet explorer, logfile, microsoft, mozilla, norman, object, pdf, plug-in, programme, security, software, superantispyware, system, virus, windows, windows xp, winload toolbar |
Linear-Darstellung
