Zurück   Trojaner-Board > Malware entfernen > Antiviren-, Firewall- und andere Schutzprogramme

Antiviren-, Firewall- und andere Schutzprogramme: Avira macht Probleme

Windows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen.

Antwort
Alt 25.02.2011, 00:01   #1
lurchi09
 
Avira macht Probleme - Standard

Avira macht Probleme



Habe seit heute das Problem das Avira nicht mehr richtig funktioniert.
AV Guard ist deaktiviert und Updates gehen auch nicht mehr.
Alles deinstalliert dann neu installiert und das gleiche Problem.
Mit Avira Registry Cleaner probiert mit Fehlermeldung
" Could not find file C /Dokumente und Einstellungen/Besitzer/ Lokale Einstellungen/temp/en-us/Reg.Cleaner.dll"
Malware hat 3 Objekte gefunden und gelöscht Avira geht trotzdem nicht.
Was kann man da noch machen?
mbam log ist angehängt.
Grüße lurchi
Angehängte Dateien
Dateityp: txt mbam-log-2011-02-24 (23-39-22).txt (1,5 KB, 234x aufgerufen)

Alt 25.02.2011, 09:39   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira macht Probleme - Standard

Avira macht Probleme



Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 25.02.2011, 17:49   #3
lurchi09
 
Avira macht Probleme - Standard

Avira macht Probleme



So hier die OTL Logfiles.
__________________
Angehängte Dateien
Dateityp: txt OTL.Txt (63,6 KB, 289x aufgerufen)
Dateityp: txt Extras.Txt (40,6 KB, 278x aufgerufen)

Alt 26.02.2011, 19:39   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira macht Probleme - Standard

Avira macht Probleme



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [Kbdvd] C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Advkb\modcom.exe ()
[2011.02.14 01:38:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Advkb
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.02.2011, 20:38   #5
lurchi09
 
Avira macht Probleme - Standard

Avira macht Probleme



Der neue otl-File

Zitat:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Kbdvd deleted successfully.
C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Advkb\modcom.exe moved successfully.
C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Advkb folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Besitzer
->Temp folder emptied: 551765 bytes
->Temporary Internet Files folder emptied: 235682 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 8631258 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Pit
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 9,00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 02262011_203036

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Alt 26.02.2011, 21:02   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira macht Probleme - Standard

Avira macht Probleme



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
--> Avira macht Probleme

Alt 26.02.2011, 21:27   #7
lurchi09
 
Avira macht Probleme - Standard

Avira macht Probleme



Hier die Combofix datei.
Outlook war dummerweise offen.
Macht das was?

Combofix Logfile:
Code:
ATTFilter
ComboFix 11-02-25.02 - Besitzer 26.02.2011  21:14:06.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1023.658 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Besitzer\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\1.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\a.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\b.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\c.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\d.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\e.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\f.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\g.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\h.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\i.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\J.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\k.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\l.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\m.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\mru.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\n.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\o.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\p.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\q.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\r.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\s.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\t.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\u.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\v.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\w.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\x.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\y.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\z.xml
c:\programme\Java
c:\programme\Java\jre6\lib\ext\QTJava.zip

.
(((((((((((((((((((((((   Dateien erstellt von 2011-01-26 bis 2011-02-26  ))))))))))))))))))))))))))))))
.

2011-02-26 19:21 . 2011-02-26 19:21	--------	dc----w-	c:\dokumente und einstellungen\Pit\Anwendungsdaten\Avira
2011-02-26 16:15 . 2011-02-26 16:15	--------	dc----w-	c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Uniblue
2011-02-26 16:15 . 2011-02-26 16:15	--------	d-----w-	c:\programme\Uniblue
2011-02-26 16:15 . 2011-02-26 16:15	--------	dc----w-	c:\dokumente und einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\PackageAware
2011-02-26 12:04 . 2011-02-26 12:04	--------	dc----w-	c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Avira
2011-02-26 12:03 . 2011-02-26 12:03	--------	d-----w-	c:\dokumente und einstellungen\Default User\Lokale Einstellungen\Anwendungsdaten\Microsoft Help
2011-02-26 12:03 . 2011-02-26 12:03	--------	dc----w-	c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Canneverbe Limited
2011-02-26 12:03 . 2011-02-26 12:03	--------	dc----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
2011-02-26 12:03 . 2011-02-26 12:03	--------	dc----w-	c:\dokumente und einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\OpenCandy
2011-02-26 12:03 . 2011-02-26 12:03	--------	dc----w-	c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\OpenCandy
2011-02-26 12:02 . 2011-02-26 12:02	--------	d-----w-	c:\programme\Gemeinsame Dateien\Ahead
2011-02-26 12:02 . 2011-02-26 12:03	--------	dc----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2011-02-26 12:02 . 2011-02-26 12:02	--------	dc----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\INFECTED
2011-02-26 11:35 . 2011-01-10 13:23	135096	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-02-26 11:35 . 2010-06-17 13:27	22360	----a-w-	c:\windows\system32\drivers\avgntmgr.sys
2011-02-26 11:35 . 2011-01-10 13:23	61960	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-02-26 11:35 . 2010-06-17 13:27	45416	----a-w-	c:\windows\system32\drivers\avgntdd.sys
2011-02-26 11:35 . 2011-02-26 12:04	--------	dc----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2011-02-26 11:35 . 2011-02-26 12:04	--------	d-----w-	c:\programme\Avira
2011-02-25 00:05 . 2011-02-25 00:05	--------	dc----w-	c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Reviversoft
2011-02-25 00:05 . 2010-12-13 12:24	11264	----a-w-	c:\windows\system32\roboot.exe
2011-02-25 00:04 . 2009-11-12 12:48	7168	----a-w-	c:\windows\system32\drivers\StarOpen.sys
2011-02-25 00:04 . 2011-02-26 12:03	--------	d-----w-	c:\programme\CDBurnerXP
2011-02-24 23:58 . 2011-02-24 23:58	--------	dc----w-	c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Nero
2011-02-24 23:58 . 2011-02-26 12:03	--------	dc----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Nero
2011-02-24 23:53 . 2011-02-26 12:02	--------	d-----w-	c:\programme\Microsoft Silverlight
2011-02-24 20:40 . 2011-02-25 08:26	--------	dc----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\REPORTS
2011-02-24 20:40 . 2011-02-25 06:51	--------	dc----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\LOGFILES

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2003-04-02 12:00	440832	----a-w-	c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2003-04-02 12:00	290048	----a-w-	c:\windows\system32\atmfd.dll
2010-12-31 14:03 . 2003-04-02 12:00	1855104	----a-w-	c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2003-04-02 12:00	301568	----a-w-	c:\windows\system32\kerberos.dll
2010-12-20 23:06 . 2003-04-02 12:00	832512	----a-w-	c:\windows\system32\wininet.dll
2010-12-20 23:06 . 2009-03-29 14:46	78336	----a-w-	c:\windows\system32\ieencode.dll
2010-12-20 23:06 . 2003-04-02 12:00	1830912	------w-	c:\windows\system32\inetcpl.cpl
2010-12-20 23:06 . 2003-04-02 12:00	17408	----a-w-	c:\windows\system32\corpol.dll
2010-12-20 17:25 . 2003-04-02 12:00	737792	----a-w-	c:\windows\system32\lsasrv.dll
2010-12-20 17:09 . 2010-07-15 22:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-07-15 22:18	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-12-20 12:55 . 2004-08-04 07:42	389120	----a-w-	c:\windows\system32\html.iec
2010-12-09 15:15 . 2003-04-02 12:00	743936	----a-w-	c:\windows\system32\ntdll.dll
2010-12-09 15:13 . 2003-04-02 12:00	2195072	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-12-09 15:13 . 2002-08-29 03:41	2071680	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-12-09 14:29 . 2003-04-02 12:00	33280	----a-w-	c:\windows\system32\csrsrv.dll
.

(((((((((((((((((((((((((((((   SnapShot@2010-11-27_21.30.29   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 19:54 . 2009-07-11 19:54	65536              c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2008-10-24 20:15 . 2008-10-24 20:15	49152              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
- 2006-12-01 23:08 . 2006-12-01 23:08	49152              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2008-10-24 20:15 . 2008-10-24 20:15	49152              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
- 2006-12-01 23:08 . 2006-12-01 23:08	49152              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
- 2006-12-01 23:08 . 2006-12-01 23:08	61440              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2008-10-24 20:15 . 2008-10-24 20:15	61440              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2008-10-24 20:15 . 2008-10-24 20:15	61440              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
- 2006-12-01 23:08 . 2006-12-01 23:08	61440              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
- 2006-12-01 23:08 . 2006-12-01 23:08	61440              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2008-10-24 20:15 . 2008-10-24 20:15	61440              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
- 2006-12-01 23:08 . 2006-12-01 23:08	57344              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2008-10-24 20:15 . 2008-10-24 20:15	57344              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2008-10-24 20:15 . 2008-10-24 20:15	65536              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
- 2006-12-01 23:08 . 2006-12-01 23:08	65536              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
- 2006-12-01 23:08 . 2006-12-01 23:08	45056              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2008-10-24 20:15 . 2008-10-24 20:15	45056              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2008-10-24 20:15 . 2008-10-24 20:15	40960              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
- 2006-12-01 23:08 . 2006-12-01 23:08	40960              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2009-07-11 19:32 . 2009-07-11 19:32	49152              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-11 19:32 . 2009-07-11 19:32	49152              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-11 19:32 . 2009-07-11 19:32	61440              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-11 19:32 . 2009-07-11 19:32	61440              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-11 19:32 . 2009-07-11 19:32	61440              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-11 19:32 . 2009-07-11 19:32	57344              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-11 19:32 . 2009-07-11 19:32	65536              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-11 19:32 . 2009-07-11 19:32	45056              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-11 19:32 . 2009-07-11 19:32	40960              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
- 2006-12-01 23:26 . 2006-12-01 23:26	57856              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2008-10-24 20:15 . 2008-10-24 20:15	57856              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2008-10-24 20:15 . 2008-10-24 20:15	69632              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
- 2006-12-01 23:25 . 2006-12-01 23:25	69632              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2009-07-12 00:07 . 2009-07-12 00:07	57856              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 00:19 . 2009-07-12 00:19	69632              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2007-01-29 08:58 . 2010-11-03 13:12	46080              c:\windows\system32\tzchange.exe
- 2007-01-29 08:58 . 2010-06-21 14:46	46080              c:\windows\system32\tzchange.exe
+ 2010-04-23 18:42 . 2008-11-10 10:41	67472              c:\windows\system32\spool\drivers\w32x86\msonpui.dll
+ 2010-04-23 18:42 . 2008-11-10 10:41	67472              c:\windows\system32\spool\drivers\w32x86\3\msonpui.dll
+ 2010-12-03 17:03 . 2001-11-09 03:01	24064              c:\windows\system32\ReinstallBackups\0002\DriverFiles\ativcoxx.dll
+ 2010-12-03 17:03 . 2003-12-12 03:56	17408              c:\windows\system32\ReinstallBackups\0002\DriverFiles\atitvo32.dll
+ 2010-12-03 17:03 . 2003-12-12 04:40	81920              c:\windows\system32\ReinstallBackups\0002\DriverFiles\ATIDDC.DLL
+ 2010-12-03 17:03 . 2001-09-04 08:24	28672              c:\windows\system32\ReinstallBackups\0002\DriverFiles\Ati2mdxx.exe
+ 2010-12-03 17:03 . 2003-12-12 04:42	86016              c:\windows\system32\ReinstallBackups\0002\DriverFiles\ati2evxx.dll
+ 2010-12-03 17:03 . 2003-12-12 04:42	30208              c:\windows\system32\ReinstallBackups\0002\DriverFiles\ati2edxx.dll
+ 2010-12-03 17:02 . 2001-11-09 03:01	24064              c:\windows\system32\ReinstallBackups\0001\DriverFiles\ativcoxx.dll
+ 2010-12-03 17:02 . 2003-12-12 03:56	17408              c:\windows\system32\ReinstallBackups\0001\DriverFiles\atitvo32.dll
+ 2010-12-03 17:02 . 2003-12-12 04:40	81920              c:\windows\system32\ReinstallBackups\0001\DriverFiles\ATIDDC.DLL
+ 2010-12-03 17:02 . 2001-09-04 08:24	28672              c:\windows\system32\ReinstallBackups\0001\DriverFiles\Ati2mdxx.exe
+ 2010-12-03 17:02 . 2003-12-12 04:42	86016              c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2evxx.dll
+ 2010-12-03 17:02 . 2003-12-12 04:42	30208              c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2edxx.dll
+ 2003-04-02 12:00 . 2010-12-20 23:06	44544              c:\windows\system32\pngfilt.dll
- 2003-04-02 12:00 . 2010-09-09 13:32	44544              c:\windows\system32\pngfilt.dll
- 2004-04-28 20:46 . 2001-06-26 05:15	38912              c:\windows\system32\picn20.dll
+ 2004-04-28 20:46 . 2001-06-26 06:15	38912              c:\windows\system32\picn20.dll
+ 2010-04-23 18:42 . 2008-11-10 10:41	32656              c:\windows\system32\msonpmon.dll
+ 2003-04-02 12:00 . 2008-05-19 05:33	18944              c:\windows\system32\msisip.dll
+ 2003-04-02 12:00 . 2008-05-19 00:57	95744              c:\windows\system32\msiexec.exe
- 2007-08-13 16:54 . 2010-09-09 13:32	52224              c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 16:54 . 2010-12-20 23:06	52224              c:\windows\system32\msfeedsbs.dll
+ 2003-04-02 12:00 . 2010-12-20 23:06	27648              c:\windows\system32\jsproxy.dll
- 2003-04-02 12:00 . 2010-09-09 13:32	27648              c:\windows\system32\jsproxy.dll
+ 2009-08-08 11:51 . 2010-11-18 18:12	86016              c:\windows\system32\isign32.dll
- 2009-08-08 11:51 . 2008-04-14 05:52	86016              c:\windows\system32\isign32.dll
+ 2007-08-13 17:39 . 2010-12-20 12:54	13824              c:\windows\system32\ieudinit.exe
- 2007-08-13 17:39 . 2010-09-08 15:57	13824              c:\windows\system32\ieudinit.exe
- 2003-04-02 12:00 . 2010-09-09 13:32	44544              c:\windows\system32\iernonce.dll
+ 2003-04-02 12:00 . 2010-12-20 23:06	44544              c:\windows\system32\iernonce.dll
- 2003-04-02 12:00 . 2010-09-08 15:57	70656              c:\windows\system32\ie4uinit.exe
+ 2003-04-02 12:00 . 2010-12-20 12:54	70656              c:\windows\system32\ie4uinit.exe
+ 2007-08-13 16:36 . 2010-12-20 23:06	63488              c:\windows\system32\icardie.dll
- 2007-08-13 16:36 . 2010-09-09 13:32	63488              c:\windows\system32\icardie.dll
+ 2011-02-26 11:35 . 2010-06-17 13:27	28520              c:\windows\system32\drivers\ssmdrv.sys
- 2009-03-21 10:12 . 2009-05-11 08:12	28520              c:\windows\system32\drivers\ssmdrv.sys
+ 2003-04-02 12:00 . 2010-11-02 15:17	40960              c:\windows\system32\drivers\ndproxy.sys
+ 2010-12-17 18:12 . 2010-10-11 14:59	45568              c:\windows\system32\dllcache\wab.exe
+ 2007-08-13 16:36 . 2010-12-20 23:06	44544              c:\windows\system32\dllcache\pngfilt.dll
- 2007-08-13 16:36 . 2010-09-09 13:32	44544              c:\windows\system32\dllcache\pngfilt.dll
+ 2010-12-17 18:12 . 2010-11-02 15:17	40960              c:\windows\system32\dllcache\ndproxy.sys
+ 2008-05-19 05:33 . 2008-05-19 05:33	18944              c:\windows\system32\dllcache\msisip.dll
+ 2008-05-19 00:57 . 2008-05-19 00:57	95744              c:\windows\system32\dllcache\msiexec.exe
+ 2009-10-15 09:12 . 2010-12-20 23:06	52224              c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-10-15 09:12 . 2010-09-09 13:32	52224              c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-08-13 16:54 . 2010-12-20 23:06	27648              c:\windows\system32\dllcache\jsproxy.dll
- 2007-08-13 16:54 . 2010-09-09 13:32	27648              c:\windows\system32\dllcache\jsproxy.dll
+ 2010-11-18 18:12 . 2010-11-18 18:12	86016              c:\windows\system32\dllcache\isign32.dll
- 2009-10-15 09:12 . 2010-09-08 15:57	13824              c:\windows\system32\dllcache\ieudinit.exe
+ 2009-10-15 09:12 . 2010-12-20 12:54	13824              c:\windows\system32\dllcache\ieudinit.exe
+ 2007-08-13 16:39 . 2010-12-20 23:06	44544              c:\windows\system32\dllcache\iernonce.dll
- 2007-08-13 16:39 . 2010-09-09 13:32	44544              c:\windows\system32\dllcache\iernonce.dll
+ 2009-08-10 09:10 . 2010-12-20 23:06	78336              c:\windows\system32\dllcache\ieencode.dll
- 2009-08-10 09:10 . 2010-09-09 13:32	78336              c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-13 16:39 . 2010-12-20 12:54	70656              c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-13 16:39 . 2010-09-08 15:57	70656              c:\windows\system32\dllcache\ie4uinit.exe
- 2009-10-15 09:12 . 2010-09-09 13:32	63488              c:\windows\system32\dllcache\icardie.dll
+ 2009-10-15 09:12 . 2010-12-20 23:06	63488              c:\windows\system32\dllcache\icardie.dll
- 2009-12-14 07:08 . 2009-12-14 07:08	33280              c:\windows\system32\dllcache\csrsrv.dll
+ 2009-12-14 07:08 . 2010-12-09 14:29	33280              c:\windows\system32\dllcache\csrsrv.dll
- 2007-08-13 16:42 . 2010-09-09 13:32	17408              c:\windows\system32\dllcache\corpol.dll
+ 2007-08-13 16:42 . 2010-12-20 23:06	17408              c:\windows\system32\dllcache\corpol.dll
+ 1999-12-20 12:16 . 1999-12-20 12:16	15360              c:\windows\system32\asfsipc.dll
+ 2011-02-24 23:52 . 2011-02-24 23:52	38400              c:\windows\Installer\3d13f1.msi
+ 2010-11-27 23:02 . 2010-11-27 23:02	25214              c:\windows\Installer\{AC76BA86-7AD7-5464-3428-7050000000A7}\ARPPRODUCTICON.exe
- 2010-04-23 19:01 . 2010-06-07 08:34	35088              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-04-23 19:01 . 2011-02-26 17:25	35088              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-04-23 19:01 . 2010-06-07 08:34	18704              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-04-23 19:01 . 2011-02-26 17:25	18704              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-04-23 19:01 . 2011-02-26 17:25	20240              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-04-23 19:01 . 2010-06-07 08:34	20240              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-02-24 23:53 . 2011-02-24 23:53	49152              c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 1998-12-24 10:23 . 1998-12-24 10:23	40960              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\VBAME.DLL
+ 2009-03-04 16:24 . 2009-03-04 16:24	54088              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SCANOST.EXE
+ 2009-03-04 16:24 . 2009-03-04 16:24	75608              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\RM.DLL
+ 2009-03-04 16:24 . 2009-03-04 16:24	38240              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\RECALL.DLL
+ 2009-01-06 20:31 . 2009-01-06 20:31	48512              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PUBTRAP.DLL
+ 2009-03-04 16:24 . 2009-03-04 16:24	52072              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OUTLVBA.DLL
+ 2008-10-25 07:18 . 2008-10-25 07:18	72568              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONFILTER.DLL
+ 2008-10-25 07:18 . 2008-10-25 07:18	98696              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONENOTEM.EXE
+ 2006-07-24 08:50 . 2006-07-24 08:50	92976              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSADDNDR.DLL
+ 2009-03-04 16:24 . 2009-03-04 16:24	34192              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\DUMPSTER.DLL
+ 2009-03-04 16:24 . 2009-03-04 16:24	87392              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\DLGSETP.DLL
+ 2006-10-26 19:17 . 2006-10-26 19:17	11072              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XLCALL32.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13	72472              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNVP.DLL
+ 2006-10-27 13:11 . 2006-10-27 13:11	21264              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
+ 2010-04-23 18:59 . 2010-04-23 18:59	12096              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WORDPOL.DLL
+ 2006-10-26 20:58 . 2006-10-26 20:58	33080              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VPREVIEW.EXE
+ 2010-04-23 18:59 . 2010-04-23 18:59	12080              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VBIDEPOL.DLL
+ 2010-04-23 18:58 . 2010-04-23 18:58	64288              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VBIDEPIA.DLL
+ 2006-10-26 12:04 . 2006-10-26 12:04	76624              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWSTRUCT.DLL
+ 2006-10-26 12:04 . 2006-10-26 12:04	19784              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWRECS.DLL
+ 2006-10-26 12:04 . 2006-10-26 12:04	51008              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWRECE.DLL
+ 2006-10-26 12:04 . 2006-10-26 12:04	27456              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWORIENT.DLL
+ 2006-10-26 12:04 . 2006-10-26 12:04	58168              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWLAY32.DLL
+ 2006-10-26 12:05 . 2006-10-26 12:05	86840              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWCUTLIN.DLL
+ 2006-10-26 12:04 . 2006-10-26 12:04	29976              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\THOCRAPI.DLL
+ 2006-10-26 17:59 . 2006-10-26 17:59	15672              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SMARTTAGINSTALL.EXE
+ 2006-10-26 17:49 . 2006-10-26 17:49	34104              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SETLANG.EXE
+ 2006-10-26 18:55 . 2006-10-26 18:55	55056              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCANOST.EXE
+ 2006-10-26 18:55 . 2006-10-26 18:55	76576              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RM.DLL
+ 2006-10-26 12:04 . 2006-10-26 12:04	19784              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REVERSE.DLL
+ 2006-10-26 18:12 . 2006-10-26 18:12	40424              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REFIEBAR.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13	38168              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REFEDIT.DLL
+ 2006-10-26 18:55 . 2006-10-26 18:55	39208              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RECALL.DLL
+ 2006-10-26 18:09 . 2006-10-26 18:09	48448              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PUBTRAP.DLL
+ 2006-10-26 12:05 . 2006-10-26 12:05	77144              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PSOM.DLL
+ 2010-04-23 18:59 . 2010-04-23 18:59	12112              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTPOL.DLL
+ 2006-10-26 18:55 . 2006-10-26 18:55	53048              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLVBA.DLL
+ 2006-10-27 13:16 . 2006-10-27 13:16	46864              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
+ 2006-10-27 13:16 . 2006-10-27 13:16	31000              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLACCT.DLL
+ 2006-10-26 17:59 . 2006-10-26 17:59	46936              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OSETUPPS.DLL
+ 2006-10-26 17:59 . 2006-10-26 17:59	18760              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OPHPROXY.DLL
+ 2006-10-26 18:24 . 2006-10-26 18:24	72504              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONFILTER.DLL
+ 2006-10-26 18:24 . 2006-10-26 18:24	98632              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONENOTEM.EXE
+ 2006-10-26 17:59 . 2006-10-26 17:59	16728              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMUOPTINPS.DLL
+ 2006-10-26 18:00 . 2006-10-26 18:00	23392              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISCTRL.DLL
+ 2006-10-27 13:11 . 2006-10-27 13:11	54680              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFRHD.DLL
+ 2010-04-23 18:59 . 2010-04-23 18:59	11544              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFICEPL.DLL
+ 2006-10-26 18:12 . 2006-10-26 18:12	16192              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\NPOFF12.DLL
+ 2006-10-26 18:12 . 2006-10-26 18:12	65824              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\NAME.DLL
+ 2010-04-23 18:59 . 2010-04-23 18:59	12104              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTAGPOL.DLL
+ 2010-04-23 18:58 . 2010-04-23 18:58	20280              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTAGPIA.DLL
+ 2006-10-26 17:59 . 2006-10-26 17:59	43832              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSSH.DLL
+ 2006-10-27 13:26 . 2006-10-27 13:26	35152              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOSTYLE.DLL
+ 2006-10-26 17:56 . 2006-10-26 17:56	67408              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSONPUI.DLL
+ 2006-10-26 17:56 . 2006-10-26 17:56	33104              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSONPPPR.DLL
+ 2006-10-26 17:56 . 2006-10-26 17:56	32592              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSONPMON.DLL
+ 2006-10-26 17:52 . 2006-10-26 17:52	66368              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOMSE.DLL
+ 2006-10-26 18:12 . 2006-10-26 18:12	67896              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOHTMED.EXE
+ 2006-10-27 13:01 . 2006-10-27 13:01	76088              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOHEV.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13	26936              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOEURO.DLL
+ 2006-10-26 17:48 . 2006-10-26 17:48	14664              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOCFU.DLL
+ 2006-10-26 17:59 . 2006-10-26 17:59	19768              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSMH.DLL
+ 2006-10-26 17:52 . 2006-10-26 17:52	48424              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSE7.EXE
+ 2006-10-26 19:18 . 2006-10-26 19:18	66880              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSAEXP30.DLL
+ 2006-10-26 18:55 . 2006-10-26 18:55	21312              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MLSHEXT.DLL
+ 2006-10-26 18:12 . 2006-10-26 18:12	89400              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\METCONV.DLL
+ 2006-10-26 19:41 . 2006-10-26 19:41	66368              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\INLAUNCH.DLL
+ 2006-10-27 13:37 . 2006-10-27 13:37	35112              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESYSTEMMODE.DLL
+ 2006-10-26 22:47 . 2006-10-26 22:47	16688              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESTDURLLAUNCHER.EXE
+ 2006-10-26 22:47 . 2006-10-26 22:47	22808              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVENEW.DLL
+ 2006-10-26 22:47 . 2006-10-26 22:47	31016              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMONITOR.EXE
+ 2006-10-26 22:47 . 2006-10-26 22:47	33568              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECLEAN.EXE
+ 2006-10-27 13:37 . 2006-10-27 13:37	34088              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEAUTOPROXY.DLL
+ 2006-10-26 22:47 . 2006-10-26 22:47	65824              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEAUDITSERVICE.EXE
+ 2010-04-23 18:59 . 2010-04-23 18:59	12096              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GRAPHPOL.DLL
+ 2006-10-26 12:04 . 2006-10-26 12:04	75576              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FORM.DLL
+ 2010-04-23 18:58 . 2010-04-23 18:58	12096              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCELPOL.DLL
+ 2006-10-26 18:55 . 2006-10-26 18:55	35160              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DUMPSTER.DLL
+ 2006-10-26 18:55 . 2006-10-26 18:55	87344              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DLGSETP.DLL
+ 2006-10-26 19:30 . 2006-10-26 19:30	65312              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\COLLIMP.DLL
+ 2006-10-26 18:12 . 2006-10-26 18:12	53576              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\AUTHZAX.DLL
+ 2006-10-26 18:13 . 2006-10-26 18:13	56120              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACERCLR.DLL
+ 2006-10-26 18:13 . 2006-10-26 18:13	15160              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
+ 2006-10-26 18:13 . 2006-10-26 18:13	15160              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
+ 2006-10-26 18:13 . 2006-10-26 18:13	15160              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
+ 2006-10-26 18:13 . 2006-10-26 18:13	15160              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
+ 2006-10-27 13:00 . 2006-10-27 13:00	47976              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEERR.DLL
+ 2006-10-26 19:18 . 2006-10-26 19:18	94016              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACCOLK.DLL
+ 2011-02-10 22:52 . 2010-11-06 00:27	44544              c:\windows\ie7updates\KB2482017-IE7\pngfilt.dll
+ 2011-02-10 22:52 . 2010-11-06 00:27	52224              c:\windows\ie7updates\KB2482017-IE7\msfeedsbs.dll
+ 2011-02-10 22:52 . 2010-11-06 00:27	27648              c:\windows\ie7updates\KB2482017-IE7\jsproxy.dll
+ 2011-02-10 22:52 . 2010-11-03 12:24	13824              c:\windows\ie7updates\KB2482017-IE7\ieudinit.exe
+ 2011-02-10 22:52 . 2010-11-06 00:27	44544              c:\windows\ie7updates\KB2482017-IE7\iernonce.dll
+ 2011-02-10 22:52 . 2010-11-06 00:27	78336              c:\windows\ie7updates\KB2482017-IE7\ieencode.dll
+ 2011-02-10 22:52 . 2010-11-03 12:24	70656              c:\windows\ie7updates\KB2482017-IE7\ie4uinit.exe
+ 2011-02-10 22:52 . 2010-11-06 00:27	63488              c:\windows\ie7updates\KB2482017-IE7\icardie.dll
+ 2011-02-10 22:52 . 2010-11-06 00:27	17408              c:\windows\ie7updates\KB2482017-IE7\corpol.dll
+ 2010-12-17 18:57 . 2010-09-09 13:32	44544              c:\windows\ie7updates\KB2416400-IE7\pngfilt.dll
+ 2010-12-17 18:57 . 2010-09-09 13:32	52224              c:\windows\ie7updates\KB2416400-IE7\msfeedsbs.dll
+ 2010-12-17 18:57 . 2010-09-09 13:32	27648              c:\windows\ie7updates\KB2416400-IE7\jsproxy.dll
+ 2010-12-17 18:57 . 2010-09-08 15:57	13824              c:\windows\ie7updates\KB2416400-IE7\ieudinit.exe
+ 2010-12-17 18:57 . 2010-09-09 13:32	44544              c:\windows\ie7updates\KB2416400-IE7\iernonce.dll
+ 2010-12-17 18:57 . 2010-09-09 13:32	78336              c:\windows\ie7updates\KB2416400-IE7\ieencode.dll
+ 2010-12-17 18:57 . 2010-09-08 15:57	70656              c:\windows\ie7updates\KB2416400-IE7\ie4uinit.exe
+ 2010-12-17 18:57 . 2010-09-09 13:32	63488              c:\windows\ie7updates\KB2416400-IE7\icardie.dll
+ 2010-12-17 18:57 . 2010-09-09 13:32	17408              c:\windows\ie7updates\KB2416400-IE7\corpol.dll
+ 2011-02-25 23:15 . 2011-02-25 23:15	10576              c:\windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2011-02-25 23:15 . 2011-02-25 23:15	11112              c:\windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2011-02-25 23:16 . 2011-02-25 23:16	11128              c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2011-02-25 23:15 . 2011-02-25 23:15	11136              c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
+ 2011-02-25 23:16 . 2011-02-25 23:16	11152              c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
+ 2011-02-25 23:15 . 2011-02-25 23:15	11128              c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
+ 2011-02-25 23:15 . 2011-02-25 23:15	11144              c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
+ 2011-02-25 23:15 . 2011-02-25 23:15	63336              c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2011-02-25 23:15 . 2011-02-25 23:15	19320              c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2010-12-17 18:58 . 2010-06-21 14:46	46080              c:\windows\$NtUninstallKB2443685$\tzchange.exe
+ 2010-12-17 18:58 . 2010-11-05 05:55	16896              c:\windows\$NtUninstallKB2443685$\spuninst\tzchange.dll
+ 2010-12-17 18:58 . 2008-04-14 05:52	86016              c:\windows\$NtUninstallKB2443105$\isign32.dll
+ 2010-12-17 18:58 . 2008-04-13 22:27	40576              c:\windows\$NtUninstallKB2440591$\ndproxy.sys
+ 2010-12-17 18:53 . 2008-04-14 05:53	46080              c:\windows\$NtUninstallKB2423089$\wab.exe
+ 2010-12-17 18:58 . 2010-02-22 14:22	26488              c:\windows\$hf_mig$\KB2467659\update\spcustom.dll
+ 2010-12-17 18:58 . 2010-02-22 14:22	18808              c:\windows\$hf_mig$\KB2467659\spmsg.dll
+ 2010-12-17 18:58 . 2010-02-22 14:22	26488              c:\windows\$hf_mig$\KB2443105\update\spcustom.dll
+ 2010-12-17 18:58 . 2010-02-22 14:22	18808              c:\windows\$hf_mig$\KB2443105\spmsg.dll
+ 2010-11-18 18:11 . 2010-11-18 18:11	86016              c:\windows\$hf_mig$\KB2443105\SP3QFE\isign32.dll
+ 2010-12-17 18:58 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB2440591\update\spcustom.dll
+ 2010-12-17 18:58 . 2009-05-26 11:40	18808              c:\windows\$hf_mig$\KB2440591\spmsg.dll
+ 2010-12-17 18:12 . 2010-11-03 05:55	40960              c:\windows\$hf_mig$\KB2440591\SP3QFE\ndproxy.sys
+ 2010-12-17 18:58 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB2436673\update\spcustom.dll
+ 2010-12-17 18:58 . 2009-05-26 11:40	18808              c:\windows\$hf_mig$\KB2436673\spmsg.dll
+ 2010-12-17 18:53 . 2010-02-22 14:22	26488              c:\windows\$hf_mig$\KB2423089\update\spcustom.dll
+ 2010-12-17 18:53 . 2010-02-22 14:22	18808              c:\windows\$hf_mig$\KB2423089\spmsg.dll
+ 2010-12-17 18:12 . 2010-10-11 14:55	45568              c:\windows\$hf_mig$\KB2423089\SP3QFE\wab.exe
+ 2011-01-11 18:19 . 2010-02-22 14:22	26488              c:\windows\$hf_mig$\KB2419632\update\spcustom.dll
+ 2011-01-11 18:19 . 2010-02-22 14:22	18808              c:\windows\$hf_mig$\KB2419632\spmsg.dll
+ 2010-12-17 18:57 . 2010-02-22 14:22	26488              c:\windows\$hf_mig$\KB2416400-IE7\update\spcustom.dll
+ 2010-12-17 18:57 . 2010-02-22 14:22	18808              c:\windows\$hf_mig$\KB2416400-IE7\spmsg.dll
+ 2010-11-06 00:27 . 2010-11-06 00:27	44544              c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\pngfilt.dll
+ 2010-11-06 00:27 . 2010-11-06 00:27	52224              c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\msfeedsbs.dll
+ 2010-11-06 00:27 . 2010-11-06 00:27	27648              c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\jsproxy.dll
+ 2010-11-03 11:59 . 2010-11-03 11:59	13824              c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\ieudinit.exe
+ 2010-11-06 00:27 . 2010-11-06 00:27	44544              c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\iernonce.dll
+ 2010-11-06 00:27 . 2010-11-06 00:27	78336              c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\ieencode.dll
+ 2010-11-03 11:59 . 2010-11-03 11:59	70656              c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\ie4uinit.exe
+ 2010-11-06 00:27 . 2010-11-06 00:27	63488              c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\icardie.dll
+ 2010-11-06 00:27 . 2010-11-06 00:27	17408              c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\corpol.dll
+ 2010-12-17 18:58 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB2296199\update\spcustom.dll
+ 2010-12-17 18:58 . 2009-05-26 11:40	18808              c:\windows\$hf_mig$\KB2296199\spmsg.dll
+ 2003-04-02 12:00 . 2008-04-17 00:43	2560              c:\windows\system32\msimsg.dll
+ 2008-04-17 00:43 . 2008-04-17 00:43	2560              c:\windows\system32\dllcache\msimsg.dll
+ 2010-12-03 17:05 . 2010-12-03 17:05	9158              c:\windows\Installer\{D73722C8-3F65-C75B-A631-5D36894DAB92}\NewShortcut11_EAB9635D261D49BE88DDE71A7C809B2D.exe
+ 2003-04-02 12:00 . 2010-12-20 23:06	233472              c:\windows\system32\webcheck.dll
- 2003-04-02 12:00 . 2010-09-09 13:32	233472              c:\windows\system32\webcheck.dll
+ 2003-04-02 12:00 . 2010-12-20 23:06	105984              c:\windows\system32\url.dll
- 2003-04-02 12:00 . 2010-09-09 13:32	105984              c:\windows\system32\url.dll
+ 2004-04-28 20:46 . 2000-06-26 09:45	106496              c:\windows\system32\TwnLib20.dll
- 2004-04-28 20:46 . 2000-06-26 08:45	106496              c:\windows\system32\TwnLib20.dll
+ 2010-04-23 18:42 . 2008-11-10 10:41	864144              c:\windows\system32\spool\drivers\w32x86\msonpdrv.dll
+ 2010-04-23 18:42 . 2008-11-10 10:41	864144              c:\windows\system32\spool\drivers\w32x86\3\msonpdrv.dll
+ 2003-04-02 12:00 . 2009-07-27 23:16	135680              c:\windows\system32\shsvcs.dll
+ 2010-12-03 17:03 . 2003-12-12 04:42	102400              c:\windows\system32\ReinstallBackups\0002\DriverFiles\Oemdspif.dll
+ 2010-12-03 17:03 . 2003-12-12 04:08	540704              c:\windows\system32\ReinstallBackups\0002\DriverFiles\ativvaxx.dll
+ 2010-12-03 17:03 . 2003-12-12 04:42	110592              c:\windows\system32\ReinstallBackups\0002\DriverFiles\atipdlxx.dll
+ 2010-12-03 17:03 . 2003-12-12 06:35	290816              c:\windows\system32\ReinstallBackups\0002\DriverFiles\atiiiexx.dll
+ 2010-12-03 17:03 . 2003-12-12 04:35	845856              c:\windows\system32\ReinstallBackups\0002\DriverFiles\ati3duag.dll
+ 2010-12-03 17:03 . 2003-12-12 04:14	866016              c:\windows\system32\ReinstallBackups\0002\DriverFiles\ati3d1ag.dll
+ 2010-12-03 17:03 . 2003-12-12 04:50	647680              c:\windows\system32\ReinstallBackups\0002\DriverFiles\ati2mtag.sys
+ 2010-12-03 17:03 . 2003-12-12 04:40	397312              c:\windows\system32\ReinstallBackups\0002\DriverFiles\ati2evxx.exe
+ 2010-12-03 17:03 . 2003-12-12 04:50	384512              c:\windows\system32\ReinstallBackups\0002\DriverFiles\ati2dvag.dll
+ 2010-12-03 17:02 . 2003-12-12 04:42	102400              c:\windows\system32\ReinstallBackups\0001\DriverFiles\Oemdspif.dll
+ 2010-12-03 17:02 . 2003-12-12 04:08	540704              c:\windows\system32\ReinstallBackups\0001\DriverFiles\ativvaxx.dll
+ 2010-12-03 17:02 . 2003-12-12 04:42	110592              c:\windows\system32\ReinstallBackups\0001\DriverFiles\atipdlxx.dll
+ 2010-12-03 17:02 . 2003-12-12 06:35	290816              c:\windows\system32\ReinstallBackups\0001\DriverFiles\atiiiexx.dll
+ 2010-12-03 17:02 . 2003-12-12 04:35	845856              c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati3duag.dll
+ 2010-12-03 17:02 . 2003-12-12 04:14	866016              c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati3d1ag.dll
+ 2010-12-03 17:02 . 2003-12-12 04:50	647680              c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2mtag.sys
+ 2010-12-03 17:02 . 2003-12-12 04:40	397312              c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2evxx.exe
+ 2010-12-03 17:02 . 2003-12-12 04:50	384512              c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2dvag.dll
- 2003-04-02 12:00 . 2008-04-14 05:52	249856              c:\windows\system32\odbc32.dll
+ 2003-04-02 12:00 . 2010-11-09 14:51	249856              c:\windows\system32\odbc32.dll
- 2003-04-02 12:00 . 2010-09-09 13:32	102912              c:\windows\system32\occache.dll
+ 2003-04-02 12:00 . 2010-12-20 23:06	102912              c:\windows\system32\occache.dll
+ 2008-10-16 13:07 . 2009-08-06 18:23	215920              c:\windows\system32\muweb.dll
+ 2008-12-20 12:00 . 2009-08-06 18:23	274288              c:\windows\system32\mucltui.dll
+ 2003-04-02 12:00 . 2010-12-20 23:06	671232              c:\windows\system32\mstime.dll
- 2003-04-02 12:00 . 2010-09-09 13:32	671232              c:\windows\system32\mstime.dll
+ 2003-04-02 12:00 . 2010-12-20 23:06	193024              c:\windows\system32\msrating.dll
- 2003-04-02 12:00 . 2010-09-09 13:32	193024              c:\windows\system32\msrating.dll
+ 2003-04-02 12:00 . 2008-05-19 05:33	332800              c:\windows\system32\msihnd.dll
+ 2003-04-02 12:00 . 2010-12-20 23:06	478208              c:\windows\system32\mshtmled.dll
- 2003-04-02 12:00 . 2010-09-09 13:32	478208              c:\windows\system32\mshtmled.dll
+ 2007-08-13 16:54 . 2010-12-20 23:06	468480              c:\windows\system32\msfeeds.dll
- 2007-08-13 16:54 . 2010-09-09 13:32	468480              c:\windows\system32\msfeeds.dll
+ 2010-12-24 01:05 . 2010-12-24 01:05	233936              c:\windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe
+ 2004-04-28 20:46 . 2001-07-06 16:24	283920              c:\windows\system32\ImagXpr5.dll
- 2004-04-28 20:46 . 2001-07-06 15:24	283920              c:\windows\system32\ImagXpr5.dll
+ 2004-04-28 20:46 . 2001-07-06 10:44	544768              c:\windows\system32\imagx5.dll
- 2004-04-28 20:46 . 2001-07-06 09:44	544768              c:\windows\system32\imagx5.dll
- 2004-04-28 20:46 . 2001-07-06 11:41	569344              c:\windows\system32\imagr5.dll
+ 2004-04-28 20:46 . 2001-07-06 12:41	569344              c:\windows\system32\imagr5.dll
- 2007-08-13 16:34 . 2010-09-09 13:32	268288              c:\windows\system32\iertutil.dll
+ 2007-08-13 16:34 . 2010-12-20 23:06	268288              c:\windows\system32\iertutil.dll
+ 2003-04-02 12:00 . 2010-12-20 23:06	192512              c:\windows\system32\iepeers.dll
- 2003-04-02 12:00 . 2010-09-09 13:32	192512              c:\windows\system32\iepeers.dll
+ 2003-04-02 12:00 . 2010-12-20 23:06	384512              c:\windows\system32\iedkcs32.dll
- 2003-04-02 12:00 . 2010-09-09 13:32	384512              c:\windows\system32\iedkcs32.dll
+ 2007-07-11 10:27 . 2010-12-20 23:06	380928              c:\windows\system32\ieapfltr.dll
- 2007-07-11 10:27 . 2010-09-09 13:32	380928              c:\windows\system32\ieapfltr.dll
+ 2003-04-02 12:00 . 2010-12-20 11:23	161792              c:\windows\system32\ieakui.dll
- 2003-04-02 12:00 . 2010-08-25 11:29	161792              c:\windows\system32\ieakui.dll
- 2003-04-02 12:00 . 2010-09-09 13:32	230400              c:\windows\system32\ieaksie.dll
+ 2003-04-02 12:00 . 2010-12-20 23:06	230400              c:\windows\system32\ieaksie.dll
- 2003-04-02 12:00 . 2010-09-09 13:32	153088              c:\windows\system32\ieakeng.dll
+ 2003-04-02 12:00 . 2010-12-20 23:06	153088              c:\windows\system32\ieakeng.dll
+ 2004-04-15 10:08 . 2011-02-26 11:26	345016              c:\windows\system32\FNTCACHE.DAT
+ 2004-08-04 07:57 . 2010-12-20 23:06	133120              c:\windows\system32\extmgr.dll
- 2004-08-04 07:57 . 2010-09-09 13:32	133120              c:\windows\system32\extmgr.dll
- 2003-04-02 12:00 . 2010-09-09 13:32	214528              c:\windows\system32\dxtrans.dll
+ 2003-04-02 12:00 . 2010-12-20 23:06	214528              c:\windows\system32\dxtrans.dll
+ 2003-04-02 12:00 . 2010-12-20 23:06	347136              c:\windows\system32\dxtmsft.dll
- 2003-04-02 12:00 . 2010-09-09 13:32	347136              c:\windows\system32\dxtmsft.dll
+ 2003-12-12 04:50 . 2008-04-14 06:21	701952              c:\windows\system32\drivers\ati2mtag.sys
- 2009-08-10 09:10 . 2010-09-09 13:32	832512              c:\windows\system32\dllcache\wininet.dll
+ 2009-08-10 09:10 . 2010-12-20 23:06	832512              c:\windows\system32\dllcache\wininet.dll
- 2007-08-13 16:54 . 2010-09-09 13:32	233472              c:\windows\system32\dllcache\webcheck.dll
+ 2007-08-13 16:54 . 2010-12-20 23:06	233472              c:\windows\system32\dllcache\webcheck.dll
- 2007-08-13 16:44 . 2010-09-09 13:32	105984              c:\windows\system32\dllcache\url.dll
+ 2007-08-13 16:44 . 2010-12-20 23:06	105984              c:\windows\system32\dllcache\url.dll
+ 2009-07-27 23:16 . 2009-07-27 23:16	135680              c:\windows\system32\dllcache\shsvcs.dll
+ 2011-01-21 14:44 . 2011-01-21 14:44	440832              c:\windows\system32\dllcache\shimgvw.dll
+ 2010-11-09 14:51 . 2010-11-09 14:51	249856              c:\windows\system32\dllcache\odbc32.dll
- 2007-08-13 16:44 . 2010-09-09 13:32	102912              c:\windows\system32\dllcache\occache.dll
+ 2007-08-13 16:44 . 2010-12-20 23:06	102912              c:\windows\system32\dllcache\occache.dll
+ 2009-08-10 09:12 . 2010-12-09 15:15	743936              c:\windows\system32\dllcache\ntdll.dll
- 2007-08-13 16:54 . 2010-09-09 13:32	671232              c:\windows\system32\dllcache\mstime.dll
+ 2007-08-13 16:54 . 2010-12-20 23:06	671232              c:\windows\system32\dllcache\mstime.dll
+ 2007-08-13 16:44 . 2010-12-20 23:06	193024              c:\windows\system32\dllcache\msrating.dll
- 2007-08-13 16:44 . 2010-09-09 13:32	193024              c:\windows\system32\dllcache\msrating.dll
+ 2010-11-09 14:51 . 2010-11-09 14:51	102400              c:\windows\system32\dllcache\msjro.dll
+ 2008-05-19 05:33 . 2008-05-19 05:33	332800              c:\windows\system32\dllcache\msihnd.dll
+ 2007-08-13 16:54 . 2010-12-20 23:06	478208              c:\windows\system32\dllcache\mshtmled.dll
- 2007-08-13 16:54 . 2010-09-09 13:32	478208              c:\windows\system32\dllcache\mshtmled.dll
- 2009-10-15 09:12 . 2010-09-09 13:32	468480              c:\windows\system32\dllcache\msfeeds.dll
+ 2009-10-15 09:12 . 2010-12-20 23:06	468480              c:\windows\system32\dllcache\msfeeds.dll
+ 2010-11-09 14:51 . 2010-11-09 14:51	200704              c:\windows\system32\dllcache\msadox.dll
+ 2010-11-09 14:51 . 2010-11-09 14:51	180224              c:\windows\system32\dllcache\msadomd.dll
+ 2010-11-09 14:51 . 2010-11-09 14:51	536576              c:\windows\system32\dllcache\msado15.dll
+ 2010-11-09 14:51 . 2010-11-09 14:51	143360              c:\windows\system32\dllcache\msadco.dll
+ 2009-08-10 09:12 . 2010-12-20 17:25	737792              c:\windows\system32\dllcache\lsasrv.dll
- 2009-08-10 09:12 . 2009-06-25 08:25	737792              c:\windows\system32\dllcache\lsasrv.dll
- 2009-06-25 08:25 . 2009-06-25 08:25	301568              c:\windows\system32\dllcache\kerberos.dll
+ 2009-06-25 08:25 . 2010-12-22 12:34	301568              c:\windows\system32\dllcache\kerberos.dll
+ 2007-08-13 16:43 . 2010-12-20 11:25	634648              c:\windows\system32\dllcache\iexplore.exe
- 2007-08-13 16:43 . 2010-08-25 11:30	634648              c:\windows\system32\dllcache\iexplore.exe
- 2009-10-15 09:12 . 2010-09-09 13:32	268288              c:\windows\system32\dllcache\iertutil.dll
+ 2009-10-15 09:12 . 2010-12-20 23:06	268288              c:\windows\system32\dllcache\iertutil.dll
+ 2007-08-13 16:54 . 2010-12-20 23:06	192512              c:\windows\system32\dllcache\iepeers.dll
- 2007-08-13 16:54 . 2010-09-09 13:32	192512              c:\windows\system32\dllcache\iepeers.dll
- 2007-08-13 16:39 . 2010-09-09 13:32	384512              c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-13 16:39 . 2010-12-20 23:06	384512              c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-10-15 09:12 . 2010-12-20 23:06	380928              c:\windows\system32\dllcache\ieapfltr.dll
- 2009-10-15 09:12 . 2010-09-09 13:32	380928              c:\windows\system32\dllcache\ieapfltr.dll
- 2003-04-02 12:00 . 2010-08-25 11:29	161792              c:\windows\system32\dllcache\ieakui.dll
+ 2003-04-02 12:00 . 2010-12-20 11:23	161792              c:\windows\system32\dllcache\ieakui.dll
+ 2007-08-13 16:39 . 2010-12-20 23:06	230400              c:\windows\system32\dllcache\ieaksie.dll
- 2007-08-13 16:39 . 2010-09-09 13:32	230400              c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-13 16:39 . 2010-12-20 23:06	153088              c:\windows\system32\dllcache\ieakeng.dll
- 2007-08-13 16:39 . 2010-09-09 13:32	153088              c:\windows\system32\dllcache\ieakeng.dll
+ 2007-08-13 16:54 . 2010-12-20 23:06	133120              c:\windows\system32\dllcache\extmgr.dll
- 2007-08-13 16:54 . 2010-09-09 13:32	133120              c:\windows\system32\dllcache\extmgr.dll
+ 2007-08-13 16:35 . 2010-12-20 23:06	214528              c:\windows\system32\dllcache\dxtrans.dll
- 2007-08-13 16:35 . 2010-09-09 13:32	214528              c:\windows\system32\dllcache\dxtrans.dll
- 2007-08-13 16:35 . 2010-09-09 13:32	347136              c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-08-13 16:35 . 2010-12-20 23:06	347136              c:\windows\system32\dllcache\dxtmsft.dll
+ 2010-04-20 05:29 . 2011-01-07 14:09	290048              c:\windows\system32\dllcache\atmfd.dll
+ 2003-12-12 04:08 . 2008-04-14 06:52	516768              c:\windows\system32\dllcache\ativvaxx.dll
+ 2003-12-12 04:14 . 2008-04-14 06:52	870784              c:\windows\system32\dllcache\ati3d1ag.dll
+ 2003-12-12 04:50 . 2008-04-14 06:21	701952              c:\windows\system32\dllcache\ati2mtag.sys
+ 2003-12-12 04:50 . 2008-04-14 06:52	201728              c:\windows\system32\dllcache\ati2dvag.dll
- 2007-08-13 16:39 . 2010-09-09 13:32	124928              c:\windows\system32\dllcache\advpack.dll
+ 2007-08-13 16:39 . 2010-12-20 23:06	124928              c:\windows\system32\dllcache\advpack.dll
+ 2003-12-12 04:08 . 2008-04-14 06:52	516768              c:\windows\system32\ativvaxx.dll
+ 2003-12-12 04:14 . 2008-04-14 06:52	870784              c:\windows\system32\ati3d1ag.dll
+ 2003-12-12 04:50 . 2008-04-14 06:52	201728              c:\windows\system32\ati2dvag.dll
- 2003-04-02 12:00 . 2010-09-09 13:32	124928              c:\windows\system32\advpack.dll
+ 2003-04-02 12:00 . 2010-12-20 23:06	124928              c:\windows\system32\advpack.dll
+ 2010-11-27 23:02 . 2010-11-27 23:02	388096              c:\windows\Installer\a74845.msi
+ 2011-02-24 23:49 . 2011-02-24 23:49	424960              c:\windows\Installer\392e31.msi
+ 2010-08-04 14:13 . 2010-08-04 14:13	686080              c:\windows\Installer\25cdeb.msp
+ 2009-05-26 17:53 . 2009-05-26 17:53	579072              c:\windows\Installer\25ccb9.msp
+ 2010-07-23 00:03 . 2010-07-23 00:03	338432              c:\windows\Installer\25cc84.msp
- 2010-06-07 08:02 . 2010-06-07 08:02	217864              c:\windows\Installer\{90120000-006E-0407-0000-0000000FF1CE}\misc.exe
+ 2011-02-25 23:11 . 2011-02-25 23:11	217864              c:\windows\Installer\{90120000-006E-0407-0000-0000000FF1CE}\misc.exe
- 2010-04-23 19:01 . 2010-06-07 08:34	888080              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-04-23 19:01 . 2011-02-26 17:25	888080              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-04-23 19:01 . 2011-02-26 17:25	272648              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2010-04-23 19:01 . 2010-06-07 08:34	272648              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-04-23 19:01 . 2011-02-26 17:25	922384              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2010-04-23 19:01 . 2010-06-07 08:34	922384              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2010-04-23 19:01 . 2010-06-07 08:34	845584              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-04-23 19:01 . 2011-02-26 17:25	845584              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-04-23 19:01 . 2011-02-26 17:25	217864              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2010-04-23 19:01 . 2010-06-07 08:34	217864              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2010-04-23 19:01 . 2010-06-07 08:34	184080              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-04-23 19:01 . 2011-02-26 17:25	184080              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-04-23 19:01 . 2011-02-26 17:25	159504              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2010-04-23 19:01 . 2010-06-07 08:34	159504              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-04-03 17:11 . 2009-04-03 17:11	408424              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\WINWORD.EXE
+ 2009-03-06 01:37 . 2009-03-06 01:37	501640              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SOA.DLL
+ 2009-03-04 16:24 . 2009-03-04 16:24	282032              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SCNPST64.DLL
+ 2009-03-04 16:24 . 2009-03-04 16:24	273320              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SCNPST32.DLL
+ 2009-03-06 01:06 . 2009-03-06 01:06	407904              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\RTFHTML.DLL
+ 2009-03-06 03:26 . 2009-03-06 03:26	770464              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\REGFORM.EXE
+ 2009-03-06 02:41 . 2009-03-06 02:41	589704              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PUBCONV.DLL
+ 2009-01-08 09:59 . 2009-01-08 09:59	624520              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PTXT9.DLL
+ 2009-03-04 16:24 . 2009-03-04 16:24	420696              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PSTPRX32.DLL
+ 2008-10-25 05:21 . 2008-10-25 05:21	136072              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PRTF9.DLL
+ 2011-02-25 23:16 . 2011-02-25 23:16	350064              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PPTPIA.DLL
+ 2009-04-03 17:04 . 2009-04-03 17:04	521064              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\POWERPNT.EXE
+ 2008-11-20 23:49 . 2008-11-20 23:49	169360              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OUTLPH.DLL
+ 2009-03-06 01:05 . 2009-03-06 01:05	593288              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OUTLMIME.DLL
+ 2008-10-30 20:24 . 2008-10-30 20:24	137552              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OUTLCTL.DLL
+ 2008-10-25 06:52 . 2008-10-25 06:52	664968              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONBTTNOL.DLL
+ 2008-10-25 06:52 . 2008-10-25 06:52	604056              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONBTTNIE.DLL
+ 2009-03-06 03:55 . 2009-03-06 03:55	194448              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OMSXP32.DLL
+ 2009-03-06 03:55 . 2009-03-06 03:55	661888              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OMSMAIN.DLL
+ 2009-03-04 16:24 . 2009-03-04 16:24	253808              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OLKFSTUB.DLL
+ 2008-11-04 03:13 . 2008-11-04 03:13	118128              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSCONV97.DLL
+ 2009-03-04 16:24 . 2009-03-04 16:24	340304              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MIMEDIR.DLL
+ 2011-02-25 23:16 . 2011-02-25 23:16	118176              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IPOMINT.DLL
+ 2008-10-25 08:27 . 2008-10-25 08:27	177040              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IPOLK.DLL
+ 2009-03-04 16:24 . 2009-03-04 16:24	138072              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IMPMAIL.DLL
+ 2008-11-20 23:48 . 2008-11-20 23:48	116600              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\EMABLT32.DLL
+ 2009-03-06 01:05 . 2009-03-06 01:05	127336              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\CONTAB32.DLL
+ 2008-10-26 05:26 . 2008-10-26 05:26	162680              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACCWIZ.DLL
+ 2006-10-26 12:05 . 2006-10-26 12:05	530760              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XPAGE3C.DLL
+ 2006-10-26 18:49 . 2006-10-26 18:49	509200              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12CVR.DLL
+ 2010-04-23 18:58 . 2010-04-23 18:58	781104              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WORDPIA.DLL
+ 2006-10-27 13:23 . 2006-10-27 13:23	347432              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2006-10-26 12:05 . 2006-10-26 12:05	126784              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWCUTCHR.DLL
+ 2006-07-28 13:21 . 2006-07-28 13:21	277320              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SSGEN.DLL
+ 2006-10-26 19:18 . 2006-10-26 19:18	502608              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SOA.DLL
+ 2006-10-26 18:06 . 2006-10-26 18:06	439600              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SETUP.EXE
+ 2006-10-26 18:13 . 2006-10-26 18:13	503624              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SELFCERT.EXE
+ 2006-10-26 18:55 . 2006-10-26 18:55	272744              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST64.DLL
+ 2006-10-26 18:55 . 2006-10-26 18:55	263520              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST32.DLL
+ 2006-10-27 13:16 . 2006-10-27 13:16	408880              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RTFHTML.DLL
+ 2006-10-26 19:42 . 2006-10-26 19:42	744808              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REGFORM.EXE
+ 2006-10-26 18:09 . 2006-10-26 18:09	590144              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PUBCONV.DLL
+ 2006-10-27 13:04 . 2006-10-27 13:04	624456              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PTXT9.DLL
+ 2006-10-26 18:55 . 2006-10-26 18:55	413472              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PSTPRX32.DLL
+ 2006-10-26 18:09 . 2006-10-26 18:09	136008              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PRTF9.DLL
+ 2010-04-23 18:58 . 2010-04-23 18:58	248632              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTPIA.DLL
+ 2006-10-26 19:07 . 2006-10-26 19:07	368968              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPSLAX.DLL
+ 2006-10-27 13:04 . 2006-10-27 13:04	465200              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\POWERPNT.EXE
+ 2006-10-26 19:30 . 2006-10-26 19:30	482088              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PORTCONN.DLL
+ 2006-10-27 13:16 . 2006-10-27 13:16	176976              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLPH.DLL
+ 2006-10-27 13:16 . 2006-10-27 13:16	594256              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLMIME.DLL
+ 2006-07-26 16:53 . 2006-07-26 16:53	459080              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
+ 2006-10-27 13:16 . 2006-10-27 13:16	138512              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLCTL.DLL
+ 2006-10-26 18:23 . 2006-10-26 18:23	782720              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONSYNCPC.DLL
+ 2006-10-27 13:39 . 2006-10-27 13:39	687432              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONBTTNOL.DLL
+ 2006-10-26 18:32 . 2006-10-26 18:32	604000              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONBTTNIE.DLL
+ 2006-10-26 18:34 . 2006-10-26 18:34	192848              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSXP32.DLL
+ 2006-10-26 18:34 . 2006-10-26 18:34	660792              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSMAIN.DLL
+ 2006-10-26 18:55 . 2006-10-26 18:55	254776              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OLKFSTUB.DLL
+ 2006-10-26 18:00 . 2006-10-26 18:00	285008              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
+ 2006-10-26 18:00 . 2006-10-26 18:00	998208              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISAPP.DLL
+ 2006-10-26 18:00 . 2006-10-26 18:00	274744              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OIS.EXE
+ 2006-10-20 06:37 . 2006-10-20 06:37	637744              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OGALEGIT.DLL
+ 2010-04-23 18:58 . 2010-04-23 18:58	416544              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFICE.DLL
+ 2006-10-26 18:06 . 2006-10-26 18:06	232816              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
+ 2006-10-26 17:55 . 2006-10-26 17:55	538904              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORES.DLL
+ 2006-10-26 17:55 . 2006-10-26 17:55	145688              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORE.EXE
+ 2006-10-26 17:55 . 2006-10-26 17:55	832800              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORDB.EXE
+ 2006-07-24 09:50 . 2006-07-24 09:50	125744              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSSTDFMT.DLL
+ 2006-10-26 11:56 . 2006-10-26 11:56	505136              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
+ 2006-10-26 17:50 . 2006-10-26 17:50	672024              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSQRY32.EXE
+ 2006-10-26 12:47 . 2006-10-26 12:47	727840              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPROOF6.DLL
+ 2006-10-26 11:56 . 2006-10-26 11:56	436520              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSORUN.DLL
+ 2006-10-26 17:56 . 2006-10-26 17:56	864080              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSONPDRV.DLL
+ 2006-10-26 18:12 . 2006-10-26 18:12	428816              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSODCW.DLL
+ 2006-10-27 12:59 . 2006-10-27 12:59	161080              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOCF.DLL
+ 2006-10-26 11:58 . 2006-10-26 11:58	117552              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSCONV97.DLL
+ 2006-10-26 11:58 . 2006-10-26 11:58	290576              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSCDM.DLL
+ 2006-10-27 13:04 . 2006-10-27 13:04	497504              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MORPH9.DLL
+ 2006-10-26 17:52 . 2006-10-26 17:52	460616              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MODHELP.DLL
+ 2006-10-26 18:55 . 2006-10-26 18:55	340248              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MIMEDIR.DLL
+ 2006-10-26 17:55 . 2006-10-26 17:55	828704              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MEDCAT.DLL
+ 2010-04-23 18:59 . 2010-04-23 18:59	118112              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOMINT.DLL
+ 2010-04-23 18:59 . 2010-04-23 18:59	609104              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOMHOST.DLL
+ 2006-10-26 19:42 . 2006-10-26 19:42	176976              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOLK.DLL
+ 2006-10-26 18:55 . 2006-10-26 18:55	138024              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
+ 2006-10-26 18:00 . 2006-10-26 18:00	178488              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IETAG.DLL
+ 2006-10-26 18:12 . 2006-10-26 18:12	173328              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
+ 2006-10-27 13:37 . 2006-10-27 13:37	631080              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEWEBSERVICES.DLL
+ 2006-10-26 22:48 . 2006-10-26 22:48	572216              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEWEBPLATFORMSERVICES.DLL
+ 2006-10-27 13:37 . 2006-10-27 13:37	268080              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEWEBBROWSERTOOL2.DLL
+ 2006-10-26 22:48 . 2006-10-26 22:48	955680              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEUTIL.DLL
+ 2006-10-26 22:48 . 2006-10-26 22:48	222512              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESYSTEMSERVICES.DLL
+ 2006-10-26 22:48 . 2006-10-26 22:48	363304              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESKETCHTOOL.DLL
+ 2006-10-26 22:48 . 2006-10-26 22:48	224048              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEPROJECTTOOLSET.DLL
+ 2006-10-26 22:48 . 2006-10-26 22:48	317736              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMIGRATOR.EXE
+ 2006-10-26 22:48 . 2006-10-26 22:48	197920              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEGAMES.DLL
+ 2006-10-27 13:37 . 2006-10-27 13:37	284976              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEFETCHSERVICES.DLL
+ 2006-10-26 22:48 . 2006-10-26 22:48	377136              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEDATAVIEWERTOOL.DLL
+ 2006-10-27 13:37 . 2006-10-27 13:37	768304              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMPONENTMGR.DLL
+ 2006-10-27 13:37 . 2006-10-27 13:37	117584              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMMUNICATIONSSTATUSANDCONTROL.DLL
+ 2006-10-27 13:37 . 2006-10-27 13:37	300336              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECALENDARTOOL.DLL
+ 2006-10-27 13:37 . 2006-10-27 13:37	284448              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEAUDIO.DLL
+ 2006-10-27 13:37 . 2006-10-27 13:37	338216              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVE.EXE
+ 2010-04-23 18:58 . 2010-04-23 18:58	150320              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GRAPHPIA.DLL
+ 2006-10-27 13:09 . 2006-10-27 13:09	983376              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FPWEC.DLL
+ 2006-10-26 18:55 . 2006-10-26 18:55	154960              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ENVELOPE.DLL
+ 2006-10-26 18:55 . 2006-10-26 18:55	116544              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EMABLT32.DLL
+ 2006-10-26 17:48 . 2006-10-26 17:48	434528              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
+ 2006-10-26 17:48 . 2006-10-26 17:48	439568              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DWDCW20.DLL
+ 2006-10-26 18:12 . 2006-10-26 18:12	106824              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DSSM.EXE
+ 2006-10-26 22:48 . 2006-10-26 22:48	234784              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DRAT.EXE
+ 2006-10-26 18:12 . 2006-10-26 18:12	189760              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL
+ 2006-10-27 13:16 . 2006-10-27 13:16	133936              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTAB32.DLL
+ 2006-10-26 17:59 . 2006-10-26 17:59	205616              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CLVIEW.EXE
+ 2006-10-27 13:41 . 2006-10-27 13:41	399640              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CDLMSO.DLL
+ 2006-10-26 18:13 . 2006-10-26 18:13	371568              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEXBE.DLL
+ 2006-10-27 13:40 . 2006-10-27 13:40	208760              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEWSS.DLL
+ 2006-10-26 18:13 . 2006-10-26 18:13	826232              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEWDAT.DLL
+ 2006-10-26 18:13 . 2006-10-26 18:13	224104              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACETXT.DLL
+ 2006-10-26 18:13 . 2006-10-26 18:13	551800              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEREP.DLL
+ 2006-10-26 18:13 . 2006-10-26 18:13	289648              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACER3X.DLL
+ 2006-10-26 18:13 . 2006-10-26 18:13	260976              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACER2X.DLL
+ 2006-10-26 18:13 . 2006-10-26 18:13	392048              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEPDE.DLL
+ 2006-10-27 13:00 . 2006-10-27 13:00	387960              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
+ 2006-10-26 18:13 . 2006-10-26 18:13	279352              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODBC.DLL
+ 2006-10-26 18:13 . 2006-10-26 18:13	207736              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACELTS.DLL
+ 2006-10-26 18:13 . 2006-10-26 18:13	629616              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
+ 2006-10-26 18:13 . 2006-10-26 18:13	338800              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
+ 2006-10-27 13:00 . 2006-10-27 13:00	191360              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEES.DLL
+ 2006-10-27 13:00 . 2006-10-27 13:00	576376              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEDAO.DLL
+ 2006-10-26 19:18 . 2006-10-26 19:18	162616              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACCWIZ.DLL
+ 2006-10-27 13:00 . 2006-10-27 13:00	576376              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACACEDAO.DLL
+ 2006-10-26 17:49 . 2006-10-26 17:49	970528              c:\windows\Installer\$PatchCache$\Managed\00002109010070400000000000F01FEC\12.0.4518\MSONSEXT.DLL
+ 2004-11-17 16:33 . 2004-11-17 16:33	450669              c:\windows\Installer\$PatchCache$\Managed\00002109010070400000000000F01FEC\12.0.4518\FP4AWEC.DLL
+ 2004-11-17 16:33 . 2004-11-17 16:33	589880              c:\windows\Installer\$PatchCache$\Managed\00002109010070400000000000F01FEC\12.0.4518\FP4AUTL.DLL
+ 2011-02-10 22:52 . 2010-11-06 00:27	832512              c:\windows\ie7updates\KB2482017-IE7\wininet.dll
+ 2011-02-10 22:52 . 2010-11-06 00:27	233472              c:\windows\ie7updates\KB2482017-IE7\webcheck.dll
+ 2011-02-10 22:52 . 2010-11-06 00:27	105984              c:\windows\ie7updates\KB2482017-IE7\url.dll
+ 2011-02-10 22:52 . 2010-07-05 13:14	388984              c:\windows\ie7updates\KB2482017-IE7\spuninst\updspapi.dll
+ 2011-02-10 22:52 . 2010-07-05 13:14	234872              c:\windows\ie7updates\KB2482017-IE7\spuninst\spuninst.exe
+ 2011-02-10 22:52 . 2010-11-06 00:27	102912              c:\windows\ie7updates\KB2482017-IE7\occache.dll
+ 2011-02-10 22:52 . 2010-11-06 00:27	671232              c:\windows\ie7updates\KB2482017-IE7\mstime.dll
+ 2011-02-10 22:52 . 2010-11-06 00:27	193024              c:\windows\ie7updates\KB2482017-IE7\msrating.dll
+ 2011-02-10 22:52 . 2010-11-06 00:27	478208              c:\windows\ie7updates\KB2482017-IE7\mshtmled.dll
+ 2011-02-10 22:52 . 2010-11-06 00:27	468480              c:\windows\ie7updates\KB2482017-IE7\msfeeds.dll
+ 2011-02-10 22:52 . 2010-10-18 11:07	634648              c:\windows\ie7updates\KB2482017-IE7\iexplore.exe
+ 2011-02-10 22:52 . 2010-11-06 00:27	268288              c:\windows\ie7updates\KB2482017-IE7\iertutil.dll
+ 2011-02-10 22:52 . 2010-11-06 00:27	192512              c:\windows\ie7updates\KB2482017-IE7\iepeers.dll
+ 2011-02-10 22:52 . 2010-11-06 00:27	384512              c:\windows\ie7updates\KB2482017-IE7\iedkcs32.dll
+ 2011-02-10 22:52 . 2010-11-06 00:27	380928              c:\windows\ie7updates\KB2482017-IE7\ieapfltr.dll
+ 2011-02-10 22:52 . 2010-10-18 11:06	161792              c:\windows\ie7updates\KB2482017-IE7\ieakui.dll
+ 2011-02-10 22:52 . 2010-11-06 00:27	230400              c:\windows\ie7updates\KB2482017-IE7\ieaksie.dll
+ 2011-02-10 22:52 . 2010-11-06 00:27	153088              c:\windows\ie7updates\KB2482017-IE7\ieakeng.dll
+ 2011-02-10 22:52 . 2010-11-06 00:27	133120              c:\windows\ie7updates\KB2482017-IE7\extmgr.dll
+ 2011-02-10 22:52 . 2010-11-06 00:27	214528              c:\windows\ie7updates\KB2482017-IE7\dxtrans.dll
+ 2011-02-10 22:52 . 2010-11-06 00:27	347136              c:\windows\ie7updates\KB2482017-IE7\dxtmsft.dll
+ 2011-02-10 22:52 . 2010-11-06 00:27	124928              c:\windows\ie7updates\KB2482017-IE7\advpack.dll
+ 2010-12-17 18:57 . 2010-09-09 13:32	832512              c:\windows\ie7updates\KB2416400-IE7\wininet.dll
+ 2010-12-17 18:57 . 2010-09-09 13:32	233472              c:\windows\ie7updates\KB2416400-IE7\webcheck.dll
+ 2010-12-17 18:57 . 2010-09-09 13:32	105984              c:\windows\ie7updates\KB2416400-IE7\url.dll
+ 2010-12-17 18:57 . 2010-02-22 14:22	388984              c:\windows\ie7updates\KB2416400-IE7\spuninst\updspapi.dll
+ 2010-12-17 18:57 . 2010-02-22 14:22	234872              c:\windows\ie7updates\KB2416400-IE7\spuninst\spuninst.exe
+ 2010-12-17 18:57 . 2010-09-09 13:32	102912              c:\windows\ie7updates\KB2416400-IE7\occache.dll
+ 2010-12-17 18:57 . 2010-09-09 13:32	671232              c:\windows\ie7updates\KB2416400-IE7\mstime.dll
+ 2010-12-17 18:57 . 2010-09-09 13:32	193024              c:\windows\ie7updates\KB2416400-IE7\msrating.dll
+ 2010-12-17 18:57 . 2010-09-09 13:32	478208              c:\windows\ie7updates\KB2416400-IE7\mshtmled.dll
+ 2010-12-17 18:57 . 2010-09-09 13:32	468480              c:\windows\ie7updates\KB2416400-IE7\msfeeds.dll
+ 2010-12-17 18:57 . 2010-08-25 11:30	634648              c:\windows\ie7updates\KB2416400-IE7\iexplore.exe
+ 2010-12-17 18:57 . 2010-09-09 13:32	268288              c:\windows\ie7updates\KB2416400-IE7\iertutil.dll
+ 2010-12-17 18:57 . 2010-09-09 13:32	192512              c:\windows\ie7updates\KB2416400-IE7\iepeers.dll
+ 2010-12-17 18:57 . 2010-09-09 13:32	384512              c:\windows\ie7updates\KB2416400-IE7\iedkcs32.dll
+ 2010-12-17 18:57 . 2010-09-09 13:32	380928              c:\windows\ie7updates\KB2416400-IE7\ieapfltr.dll
+ 2010-12-17 18:57 . 2010-08-25 11:29	161792              c:\windows\ie7updates\KB2416400-IE7\ieakui.dll
+ 2010-12-17 18:57 . 2010-09-09 13:32	230400              c:\windows\ie7updates\KB2416400-IE7\ieaksie.dll
+ 2010-12-17 18:57 . 2010-09-09 13:32	153088              c:\windows\ie7updates\KB2416400-IE7\ieakeng.dll
+ 2010-12-17 18:57 . 2010-09-09 13:32	133120              c:\windows\ie7updates\KB2416400-IE7\extmgr.dll
+ 2010-12-17 18:57 . 2010-09-09 13:32	214528              c:\windows\ie7updates\KB2416400-IE7\dxtrans.dll
+ 2010-12-17 18:57 . 2010-09-09 13:32	347136              c:\windows\ie7updates\KB2416400-IE7\dxtmsft.dll
+ 2010-12-17 18:57 . 2010-09-09 13:32	124928              c:\windows\ie7updates\KB2416400-IE7\advpack.dll
+ 2011-02-25 23:16 . 2011-02-25 23:16	609160              c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
+ 2011-02-26 17:13 . 2011-02-26 17:13	117144              c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
+ 2011-02-25 23:15 . 2011-02-25 23:15	423784              c:\windows\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2011-02-25 23:15 . 2011-02-25 23:15	870256              c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2011-02-26 17:10 . 2011-02-26 17:10	350064              c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2011-02-25 23:15 . 2011-02-25 23:15	149352              c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2010-12-03 17:05 . 2010-12-03 17:05	143360              c:\windows\assembly\GAC\ICSharpCode.SharpZipLib\0.84.0.0__1b03e6acf1164f73\ICSharpCode.SharpZipLib.DLL
+ 2010-12-17 18:58 . 2010-02-22 14:22	388984              c:\windows\$NtUninstallKB2467659$\spuninst\updspapi.dll
+ 2010-12-17 18:58 . 2010-02-22 14:22	234872              c:\windows\$NtUninstallKB2467659$\spuninst\spuninst.exe
+ 2010-12-17 18:58 . 2009-05-26 11:40	388984              c:\windows\$NtUninstallKB2443685$\spuninst\updspapi.dll
+ 2010-12-17 18:58 . 2009-05-26 11:40	234872              c:\windows\$NtUninstallKB2443685$\spuninst\spuninst.exe
+ 2010-12-17 18:58 . 2010-02-22 14:22	388984              c:\windows\$NtUninstallKB2443105$\spuninst\updspapi.dll
+ 2010-12-17 18:58 . 2010-02-22 14:22	234872              c:\windows\$NtUninstallKB2443105$\spuninst\spuninst.exe
+ 2010-12-17 18:58 . 2009-05-26 11:40	388984              c:\windows\$NtUninstallKB2440591$\spuninst\updspapi.dll
+ 2010-12-17 18:58 . 2009-05-26 11:40	234872              c:\windows\$NtUninstallKB2440591$\spuninst\spuninst.exe
+ 2010-12-17 18:58 . 2009-05-26 11:40	388984              c:\windows\$NtUninstallKB2436673$\spuninst\updspapi.dll
+ 2010-12-17 18:58 . 2009-05-26 11:40	234872              c:\windows\$NtUninstallKB2436673$\spuninst\spuninst.exe
+ 2010-12-17 18:53 . 2010-02-22 14:22	388984              c:\windows\$NtUninstallKB2423089$\spuninst\updspapi.dll
+ 2010-12-17 18:53 . 2010-02-22 14:22	234872              c:\windows\$NtUninstallKB2423089$\spuninst\spuninst.exe
+ 2011-01-11 18:19 . 2010-02-22 14:22	388984              c:\windows\$NtUninstallKB2419632$\spuninst\updspapi.dll
+ 2011-01-11 18:19 . 2010-02-22 14:22	234872              c:\windows\$NtUninstallKB2419632$\spuninst\spuninst.exe
+ 2011-01-11 18:19 . 2008-04-14 05:52	249856              c:\windows\$NtUninstallKB2419632$\odbc32.dll
+ 2011-01-11 18:19 . 2008-04-14 05:52	102400              c:\windows\$NtUninstallKB2419632$\msjro.dll
+ 2011-01-11 18:19 . 2008-04-14 05:52	200704              c:\windows\$NtUninstallKB2419632$\msadox.dll
+ 2011-01-11 18:19 . 2008-04-14 05:52	180224              c:\windows\$NtUninstallKB2419632$\msadomd.dll
+ 2011-01-11 18:19 . 2008-04-14 05:52	536576              c:\windows\$NtUninstallKB2419632$\msado15.dll
+ 2011-01-11 18:19 . 2008-04-14 05:52	143360              c:\windows\$NtUninstallKB2419632$\msadco.dll
+ 2010-12-17 18:58 . 2009-05-26 11:40	388984              c:\windows\$NtUninstallKB2296199$\spuninst\updspapi.dll
+ 2010-12-17 18:58 . 2009-05-26 11:40	234872              c:\windows\$NtUninstallKB2296199$\spuninst\spuninst.exe
+ 2010-12-17 18:58 . 2010-09-01 11:50	285824              c:\windows\$NtUninstallKB2296199$\atmfd.dll
+ 2010-12-17 18:58 . 2010-02-22 14:22	388984              c:\windows\$hf_mig$\KB2467659\update\updspapi.dll
+ 2010-12-17 18:58 . 2010-02-22 14:21	765304              c:\windows\$hf_mig$\KB2467659\update\update.exe
+ 2010-12-17 18:58 . 2010-02-22 14:22	234872              c:\windows\$hf_mig$\KB2467659\spuninst.exe
+ 2010-12-17 18:58 . 2010-02-22 14:22	388984              c:\windows\$hf_mig$\KB2443105\update\updspapi.dll
+ 2010-12-17 18:58 . 2010-02-22 14:22	765304              c:\windows\$hf_mig$\KB2443105\update\update.exe
+ 2010-12-17 18:58 . 2010-02-22 14:22	234872              c:\windows\$hf_mig$\KB2443105\spuninst.exe
+ 2010-12-17 18:58 . 2009-05-26 11:40	388984              c:\windows\$hf_mig$\KB2440591\update\updspapi.dll
+ 2010-12-17 18:58 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB2440591\update\update.exe
+ 2010-12-17 18:58 . 2009-05-26 11:40	234872              c:\windows\$hf_mig$\KB2440591\spuninst.exe
+ 2010-12-17 18:58 . 2009-05-26 11:40	388984              c:\windows\$hf_mig$\KB2436673\update\updspapi.dll
+ 2010-12-17 18:58 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB2436673\update\update.exe
+ 2010-12-17 18:58 . 2009-05-26 11:40	234872              c:\windows\$hf_mig$\KB2436673\spuninst.exe
+ 2010-12-17 18:53 . 2010-02-22 14:22	388984              c:\windows\$hf_mig$\KB2423089\update\updspapi.dll
+ 2010-12-17 18:53 . 2010-02-22 14:21	765304              c:\windows\$hf_mig$\KB2423089\update\update.exe
+ 2010-12-17 18:53 . 2010-02-22 14:22	234872              c:\windows\$hf_mig$\KB2423089\spuninst.exe
+ 2011-01-11 18:19 . 2010-02-22 14:22	388984              c:\windows\$hf_mig$\KB2419632\update\updspapi.dll
+ 2011-01-11 18:19 . 2010-02-22 14:22	765304              c:\windows\$hf_mig$\KB2419632\update\update.exe
+ 2011-01-11 18:19 . 2010-02-22 14:22	234872              c:\windows\$hf_mig$\KB2419632\spuninst.exe
+ 2010-11-09 14:50 . 2010-11-09 14:50	253952              c:\windows\$hf_mig$\KB2419632\SP3QFE\odbc32.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50	102400              c:\windows\$hf_mig$\KB2419632\SP3QFE\msjro.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50	200704              c:\windows\$hf_mig$\KB2419632\SP3QFE\msadox.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50	180224              c:\windows\$hf_mig$\KB2419632\SP3QFE\msadomd.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50	565248              c:\windows\$hf_mig$\KB2419632\SP3QFE\msado15.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50	143360              c:\windows\$hf_mig$\KB2419632\SP3QFE\msadco.dll
+ 2010-12-17 18:57 . 2010-02-22 14:22	388984              c:\windows\$hf_mig$\KB2416400-IE7\update\updspapi.dll
+ 2010-12-17 18:57 . 2010-02-22 14:22	765304              c:\windows\$hf_mig$\KB2416400-IE7\update\update.exe
+ 2010-12-17 18:57 . 2010-02-22 14:22	234872              c:\windows\$hf_mig$\KB2416400-IE7\spuninst.exe
+ 2010-11-06 00:27 . 2010-11-06 00:27	841216              c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\wininet.dll
+ 2010-11-06 00:27 . 2010-11-06 00:27	233472              c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\webcheck.dll
+ 2010-11-06 00:27 . 2010-11-06 00:27	105984              c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\url.dll
+ 2010-11-06 00:27 . 2010-11-06 00:27	102912              c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\occache.dll
+ 2010-11-06 00:27 . 2010-11-06 00:27	671232              c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\mstime.dll
+ 2010-11-06 00:27 . 2010-11-06 00:27	193024              c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\msrating.dll
+ 2010-11-06 00:27 . 2010-11-06 00:27	478208              c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\mshtmled.dll
+ 2010-11-06 00:27 . 2010-11-06 00:27	468480              c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\msfeeds.dll
+ 2010-10-18 10:36 . 2010-10-18 10:36	634648              c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\iexplore.exe
+ 2010-11-06 00:27 . 2010-11-06 00:27	268288              c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\iertutil.dll
+ 2010-11-06 00:27 . 2010-11-06 00:27	193024              c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\iepeers.dll
+ 2010-11-06 00:27 . 2010-11-06 00:27	388608              c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\iedkcs32.dll
+ 2010-11-06 00:27 . 2010-11-06 00:27	380928              c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\ieapfltr.dll
+ 2010-10-18 10:34 . 2010-10-18 10:34	161792              c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\ieakui.dll
+ 2010-11-06 00:27 . 2010-11-06 00:27	230400              c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\ieaksie.dll
+ 2010-11-06 00:27 . 2010-11-06 00:27	153088              c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\ieakeng.dll
+ 2010-11-06 00:27 . 2010-11-06 00:27	132608              c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\extmgr.dll
+ 2010-11-06 00:27 . 2010-11-06 00:27	214528              c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\dxtrans.dll
+ 2010-11-06 00:27 . 2010-11-06 00:27	347136              c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\dxtmsft.dll
+ 2010-11-06 00:27 . 2010-11-06 00:27	124928              c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\advpack.dll
+ 2010-12-17 18:58 . 2009-05-26 11:40	388984              c:\windows\$hf_mig$\KB2296199\update\updspapi.dll
+ 2010-12-17 18:58 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB2296199\update\update.exe
+ 2010-12-17 18:58 . 2009-05-26 11:40	234872              c:\windows\$hf_mig$\KB2296199\spuninst.exe
+ 2010-10-28 13:08 . 2010-10-28 13:08	290048              c:\windows\$hf_mig$\KB2296199\SP3QFE\atmfd.dll
- 2006-12-01 23:25 . 2006-12-01 23:25	1093120              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2008-10-24 20:15 . 2008-10-24 20:15	1093120              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
- 2006-12-01 23:25 . 2006-12-01 23:25	1101824              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2008-10-24 20:15 . 2008-10-24 20:15	1101824              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2009-07-11 19:46 . 2009-07-11 19:46	1093120              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-11 19:46 . 2009-07-11 19:46	1105920              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2003-04-02 12:00 . 2010-12-20 23:06	1168384              c:\windows\system32\urlmon.dll
- 2003-04-02 12:00 . 2010-09-09 13:32	1168384              c:\windows\system32\urlmon.dll
+ 2003-04-02 12:00 . 2011-01-21 14:44	8503296              c:\windows\system32\shell32.dll
- 2003-04-02 12:00 . 2010-07-27 06:29	8503296              c:\windows\system32\shell32.dll
+ 2011-02-26 11:59 . 2011-02-26 12:05	4698148              c:\windows\system32\Restore\rstrlog.dat
+ 2010-12-03 17:03 . 2003-12-12 05:19	5505024              c:\windows\system32\ReinstallBackups\0002\DriverFiles\atioglxx.dll
+ 2010-12-03 17:03 . 2003-12-12 04:25	1052608              c:\windows\system32\ReinstallBackups\0002\DriverFiles\ati3d2ag.dll
+ 2010-12-03 17:02 . 2003-12-12 05:19	5505024              c:\windows\system32\ReinstallBackups\0001\DriverFiles\atioglxx.dll
+ 2010-12-03 17:02 . 2003-12-12 04:25	1052608              c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati3d2ag.dll
+ 2003-04-02 12:00 . 2008-05-19 05:33	4445184              c:\windows\system32\msi.dll
+ 2003-04-02 12:00 . 2010-12-20 23:06	3606528              c:\windows\system32\mshtml.dll
+ 2010-12-24 01:05 . 2010-12-24 01:05	5971408              c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2007-08-13 16:54 . 2010-09-09 13:32	6075904              c:\windows\system32\ieframe.dll
+ 2007-08-13 16:54 . 2010-12-20 23:06	6075904              c:\windows\system32\ieframe.dll
+ 2009-08-17 22:33 . 2009-08-17 22:33	1193832              c:\windows\system32\FM20.DLL
+ 2009-04-19 19:46 . 2010-12-31 14:03	1855104              c:\windows\system32\dllcache\win32k.sys
- 2009-08-10 09:10 . 2010-09-09 13:32	1168384              c:\windows\system32\dllcache\urlmon.dll
+ 2009-08-10 09:10 . 2010-12-20 23:06	1168384              c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:00 . 2011-01-21 14:44	8503296              c:\windows\system32\dllcache\shell32.dll
- 2008-06-17 19:00 . 2010-07-27 06:29	8503296              c:\windows\system32\dllcache\shell32.dll
+ 2009-08-10 09:12 . 2010-12-09 15:13	2195072              c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-08-10 09:12 . 2010-12-09 15:13	2029568              c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-10 17:03 . 2010-12-09 15:13	2071680              c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-08-10 09:12 . 2010-12-09 15:13	2151424              c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-05-19 05:33 . 2008-05-19 05:33	4445184              c:\windows\system32\dllcache\msi.dll
+ 2009-08-10 09:10 . 2010-12-20 23:06	3606528              c:\windows\system32\dllcache\mshtml.dll
- 2009-10-15 09:12 . 2010-09-09 13:32	6075904              c:\windows\system32\dllcache\ieframe.dll
+ 2009-10-15 09:12 . 2010-12-20 23:06	6075904              c:\windows\system32\dllcache\ieframe.dll
+ 2003-12-12 04:35 . 2008-04-14 06:52	1888992              c:\windows\system32\dllcache\ati3duag.dll
+ 2003-12-12 04:35 . 2008-04-14 06:52	1888992              c:\windows\system32\ati3duag.dll
+ 2009-02-25 18:08 . 2009-02-25 18:08	8311808              c:\windows\Installer\3872cc6.msp
+ 2009-04-04 16:10 . 2009-04-04 16:10	3262464              c:\windows\Installer\3872cac.msp
+ 2009-04-04 16:10 . 2009-04-04 16:10	1282560              c:\windows\Installer\3872c9e.msp
+ 2009-04-04 16:10 . 2009-04-04 16:10	9926144              c:\windows\Installer\3872c92.msp
+ 2011-01-11 16:52 . 2011-01-11 16:52	3360768              c:\windows\Installer\3872a8c.msp
+ 2010-09-17 05:04 . 2010-09-17 05:04	9401856              c:\windows\Installer\25ce97.msp
+ 2010-10-21 17:10 . 2010-10-21 17:10	3995136              c:\windows\Installer\25ce7c.msp
+ 2010-02-21 00:03 . 2010-02-21 00:03	4472832              c:\windows\Installer\25ce5d.msp
+ 2010-08-13 17:01 . 2010-08-13 17:01	8993280              c:\windows\Installer\25ce3c.msp
+ 2010-08-13 16:59 . 2010-08-13 16:59	8182272              c:\windows\Installer\25ce21.msp
+ 2010-08-13 17:02 . 2010-08-13 17:02	2545664              c:\windows\Installer\25ce06.msp
+ 2010-10-07 17:43 . 2010-10-07 17:43	1980416              c:\windows\Installer\25cdd0.msp
+ 2010-08-13 17:00 . 2010-08-13 17:00	9404928              c:\windows\Installer\25cdb5.msp
+ 2009-08-05 06:49 . 2009-08-05 06:49	3457024              c:\windows\Installer\25cd98.msp
+ 2010-03-24 17:54 . 2010-03-24 17:54	3126272              c:\windows\Installer\25cd7a.msp
+ 2010-03-24 17:54 . 2010-03-24 17:54	2516992              c:\windows\Installer\25cd79.msp
+ 2009-07-27 03:31 . 2009-07-27 03:31	3738624              c:\windows\Installer\25cd59.msp
+ 2010-04-24 16:07 . 2010-04-24 16:07	4667392              c:\windows\Installer\25cd3e.msp
+ 2010-05-20 18:57 . 2010-05-20 18:57	4989952              c:\windows\Installer\25ccf9.msp
+ 2010-05-20 18:57 . 2010-05-20 18:57	5907456              c:\windows\Installer\25ccf8.msp
+ 2009-10-16 06:08 . 2009-10-16 06:08	2237952              c:\windows\Installer\25ccd4.msp
+ 2009-08-18 12:08 . 2009-08-18 12:08	1373696              c:\windows\Installer\25cc9f.msp
+ 2010-04-23 19:01 . 2011-02-26 17:25	1172240              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-04-23 19:01 . 2010-06-07 08:34	1172240              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-04-23 19:01 . 2011-02-26 17:25	1165584              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2010-04-23 19:01 . 2010-06-07 08:34	1165584              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-04-03 16:57 . 2009-04-03 16:57	4671320              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\WRD12CNV.DLL
+ 2008-11-21 02:12 . 2008-11-21 02:12	3750256              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\VVIEWER.DLL
+ 2008-10-25 08:35 . 2008-10-25 08:35	1847160              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\VVIEWDWG.DLL
+ 2008-08-25 21:50 . 2008-08-25 21:50	2585592              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\VBE6.DLL
+ 2008-11-10 01:41 . 2008-11-10 01:41	2014584              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PPTVIEW.EXE
+ 2009-04-03 17:04 . 2009-04-03 17:04	8468840              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PPCORE.DLL
+ 2009-03-06 03:00 . 2009-03-06 03:00	6596472              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONMAIN.DLL
+ 2008-11-10 09:49 . 2008-11-10 09:49	1165680              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONLIBS.DLL
+ 2008-11-24 21:16 . 2008-11-24 21:16	1020776              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONENOTE.EXE
+ 2009-03-06 01:05 . 2009-03-06 01:05	2964336              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OLMAPI32.DLL
+ 2009-02-05 10:36 . 2009-02-05 10:36	1640800              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OGL.DLL
+ 2009-03-06 02:41 . 2009-03-06 02:41	9589096              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSPUB.EXE
+ 2009-03-06 03:26 . 2009-03-06 03:26	5291376              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IPEDITOR.DLL
+ 2009-03-06 03:26 . 2009-03-06 03:26	5466488              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IPDESIGN.DLL
+ 2008-11-03 23:40 . 2008-11-03 23:40	1442160              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\INFOPATH.EXE
+ 2008-11-20 22:06 . 2008-11-20 22:06	1194848              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\FM20.DLL
+ 2006-10-26 12:05 . 2006-10-26 12:05	1181520              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XIMAGE3B.DLL
+ 2006-10-27 13:11 . 2006-10-27 13:11	4235560              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
+ 2006-10-26 20:58 . 2006-10-26 20:58	3732792              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VVIEWER.DLL
+ 2006-10-26 21:00 . 2006-10-26 21:00	1841984              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VVIEWDWG.DLL
+ 2006-09-29 22:42 . 2006-09-29 22:42	2583344              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VBE6.DLL
+ 2006-10-27 12:57 . 2006-10-27 12:57	2330968              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\STSLIST.DLL
+ 2006-10-26 17:52 . 2006-10-26 17:52	2012480              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTVIEW.EXE
+ 2006-10-27 13:04 . 2006-10-27 13:04	7980848              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPCORE.DLL
+ 2006-09-15 14:25 . 2006-09-15 14:25	3611416              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
+ 2006-10-26 18:07 . 2006-10-26 18:07	6536992              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OSETUP.DLL
+ 2006-10-27 13:03 . 2006-10-27 13:03	6579512              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONMAIN.DLL
+ 2006-10-26 18:24 . 2006-10-26 18:24	1165112              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONLIBS.DLL
+ 2006-10-27 13:03 . 2006-10-27 13:03	1018664              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONENOTE.EXE
+ 2006-10-27 13:16 . 2006-10-27 13:16	2939704              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OLMAPI32.DLL
+ 2006-10-27 13:18 . 2006-10-27 13:18	1658152              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OGL.DLL
+ 2006-10-26 18:14 . 2006-10-26 18:14	7033152              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFOWC.DLL
+ 2006-10-26 18:42 . 2006-10-26 18:42	8423224              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OARTCONV.DLL
+ 2006-10-26 12:47 . 2006-10-26 12:47	1512304              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\NLSD0000.DLL
+ 2006-10-27 13:04 . 2006-10-27 13:04	9581360              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPUB.EXE
+ 2006-10-26 18:00 . 2006-10-26 18:00	6635320              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSORES.DLL
+ 2006-10-27 13:10 . 2006-10-27 13:10	5281592              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPEDITOR.DLL
+ 2006-10-27 13:10 . 2006-10-27 13:10	5456704              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPDESIGN.DLL
+ 2006-10-27 13:10 . 2006-10-27 13:10	1439032              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\INFOPATH.EXE
+ 2006-10-27 13:37 . 2006-10-27 13:37	1396008              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEUIFRAMEWORK.DLL
+ 2006-10-27 13:38 . 2006-10-27 13:38	4746536              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVETRANSCEIVER.DLL
+ 2006-10-27 13:37 . 2006-10-27 13:37	1163048              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVETEXTTOOLS.DLL
+ 2006-10-27 13:37 . 2006-10-27 13:37	2738472              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESTORAGEMGR.DLL
+ 2006-10-26 22:48 . 2006-10-26 22:48	2210608              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESHELLEXTENSIONS.DLL
+ 2006-10-27 13:38 . 2006-10-27 13:38	7053096              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVERESOURCE.DLL
+ 2006-10-26 22:48 . 2006-10-26 22:48	1555232              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMISC.DLL
+ 2006-10-27 13:37 . 2006-10-27 13:37	3071288              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEDOCUMENTSHARETOOL.DLL
+ 2006-10-27 13:37 . 2006-10-27 13:37	1359648              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECRYPTO.DLL
+ 2006-10-27 13:38 . 2006-10-27 13:38	3508544              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMMUNICATIONSSERVICES.DLL
+ 2006-10-27 13:37 . 2006-10-27 13:37	2689336              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMMONCOMPONENTS.DLL
+ 2006-10-27 13:38 . 2006-10-27 13:38	6191400              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEACCOUNTMGR.DLL
+ 2006-10-26 18:02 . 2006-10-26 18:02	2526520              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GRAPH.EXE
+ 2006-10-26 17:21 . 2006-10-26 17:21	1682232              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
+ 2006-10-26 12:10 . 2006-10-26 12:10	1190688              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FM20.DLL
+ 2010-04-23 18:58 . 2010-04-23 18:58	1276720              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCELPIA.DLL
+ 2006-09-13 07:09 . 2006-09-13 07:09	1277496              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CRYPTOPP.DLL
+ 2006-10-27 13:00 . 2006-10-27 13:00	1751904              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACECORE.DLL
+ 2006-10-26 12:05 . 2006-10-26 12:05	1165584              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACCICONS.EXE
+ 2006-10-26 17:49 . 2006-10-26 17:49	1011488              c:\windows\Installer\$PatchCache$\Managed\00002109010070400000000000F01FEC\12.0.4518\MSDAIPP.DLL
+ 2011-02-10 22:52 . 2010-11-06 00:27	1168384              c:\windows\ie7updates\KB2482017-IE7\urlmon.dll
+ 2011-02-10 22:52 . 2010-11-06 00:27	3604480              c:\windows\ie7updates\KB2482017-IE7\mshtml.dll
+ 2011-02-10 22:52 . 2010-11-06 00:27	6075904              c:\windows\ie7updates\KB2482017-IE7\ieframe.dll
+ 2010-12-17 18:57 . 2010-09-09 13:32	1168384              c:\windows\ie7updates\KB2416400-IE7\urlmon.dll
+ 2010-12-17 18:57 . 2010-09-09 13:32	3601920              c:\windows\ie7updates\KB2416400-IE7\mshtml.dll
+ 2010-12-17 18:57 . 2010-09-09 13:32	6075904              c:\windows\ie7updates\KB2416400-IE7\ieframe.dll
+ 2009-08-10 09:12 . 2010-12-09 15:13	2195072              c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-08-10 09:12 . 2010-12-09 15:13	2029568              c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-10 17:03 . 2010-12-09 15:13	2071680              c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-08-10 09:12 . 2010-12-09 15:13	2151424              c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2011-02-25 23:15 . 2011-02-25 23:15	1279848              c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2010-12-17 18:58 . 2010-09-01 07:54	1852928              c:\windows\$NtUninstallKB2436673$\win32k.sys
+ 2010-10-26 13:58 . 2010-10-26 13:58	1862400              c:\windows\$hf_mig$\KB2436673\SP3QFE\win32k.sys
+ 2010-11-06 00:27 . 2010-11-06 00:27	1171968              c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\urlmon.dll
+ 2010-11-06 00:27 . 2010-11-06 00:27	3607040              c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\mshtml.dll
+ 2010-11-06 00:27 . 2010-11-06 00:27	6080000              c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\ieframe.dll
+ 2010-12-17 18:12 . 2009-06-29 08:33	2452872              c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\ieapfltr.dat
+ 2005-05-12 15:33 . 2011-02-10 22:53	37443528              c:\windows\system32\MRT.exe
+ 2011-02-24 23:53 . 2011-02-24 23:53	20308992              c:\windows\Installer\3d13fc.msp
+ 2009-04-04 16:09 . 2009-04-04 16:09	10874880              c:\windows\Installer\3872c83.msp
+ 2009-04-04 06:33 . 2009-04-04 06:33	20297216              c:\windows\Installer\3872ac0.msp
+ 2009-04-04 06:32 . 2009-04-04 06:32	14140416              c:\windows\Installer\3872aa7.msp
+ 2010-12-21 12:06 . 2010-12-21 12:06	11570688              c:\windows\Installer\25cd21.msp
+ 2010-07-23 00:04 . 2010-07-23 00:04	11395072              c:\windows\Installer\25cc69.msp
+ 2009-04-03 17:01 . 2009-04-03 17:01	15108448              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\XL12CNV.EXE
+ 2009-04-03 17:11 . 2009-04-03 17:11	17740136              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\WWLIB.DLL
+ 2009-03-06 01:06 . 2009-03-06 01:06	12707696              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OUTLOOK.EXE
+ 2009-04-03 17:46 . 2009-04-03 17:46	17314688              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSO.DLL
+ 2009-03-06 01:37 . 2009-03-06 01:37	10222432              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSACCESS.EXE
+ 2009-04-03 17:11 . 2009-04-03 17:11	18330984              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\EXCEL.EXE
+ 2006-10-26 19:13 . 2006-10-26 19:13	14674216              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2006-10-27 13:23 . 2006-10-27 13:23	17483560              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-27 13:16 . 2006-10-27 13:16	12813096              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLOOK.EXE
+ 2006-10-27 13:14 . 2006-10-27 13:14	14151456              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OART.DLL
+ 2006-10-27 13:26 . 2006-10-27 13:26	16870712              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSO.DLL
+ 2006-10-27 13:01 . 2006-10-27 13:01	10371880              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSACCESS.EXE
+ 2006-10-27 13:07 . 2006-10-27 13:07	17891112              c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCEL.EXE
+ 2009-04-04 16:08 . 2009-04-04 16:08	343058432              c:\windows\Installer\3872c74.msp
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="d:\acrobat reader\Reader\AdobeUpdateManager.exe" [2005-08-18 307200]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-06 68856]
"SUPERAntiSpyware"="c:\programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-02-23 2423752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"zBrowser Launcher"="d:\logitech keyboard\iTouch\iTouch.exe" [2004-03-18 892928]
"Sony Ericsson PC Suite"="c:\programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2009-01-05 413696]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-04-26 29696]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"GrooveMonitor"="d:\office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"CanonSolutionMenu"="c:\programme\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\programme\Canon\MyPrinter\BJMyPrt.exe" [2008-03-03 1848648]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-12-12 335872]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\Besitzer\Startmen\Programme\Autostart\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - d:\office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Logitech SetPoint.lnk - d:\logitech keyboard\SetPoint\KEM.exe [2007-7-26 573440]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Office12\\OUTLOOK.EXE"=
"d:\\Office12\\GROOVE.EXE"=
"d:\\Office12\\ONENOTE.EXE"=
"d:\\Office\\Office12\\OUTLOOK.EXE"=
"d:\\Office\\Office12\\GROOVE.EXE"=
"d:\\Office\\Office12\\ONENOTE.EXE"=

R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [10.05.2010 19:41 67656]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [26.02.2011 12:35 135336]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [18.04.2010 15:33 16512]
.
Inhalt des "geplante Tasks" Ordners

2011-02-26 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-06 19:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=%s
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - d:\office\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\xw22dbqf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig?hl=de&source=iglk
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

URLSearchHooks-{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
Toolbar-{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - (no file)
Toolbar-{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
HKCU-Run-Registry Reviver - c:\programme\Reviversoft\Registry Reviver\RegistryReviver.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-02-26 21:18
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="BE899CBAF6DB7CA74AD6ED64B14A0D3ABD84A84639FE151333C3C45A0085C915E7A4A8190AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D14078EDD5E5BE2F6E6675D575E7D6A3B98081AEE399B974C4682A9E1AEACF43D976D81FC3B9AEE0F309303CCA25BD1D8D769EDD789D85970F616A934B52B0CDD1D5A2AEDDD209CB19A40D9379292E39DB19719F0A716665EC54CCCFC40ECE9FC3080FDE45B519DD51883074CF68CCEFAD98DD2B4C3E1315E03D12B936945B3CA5D60153853E6E7B78AD4457D1B85785DAD5617CF721DB0A7A3E9A081AC5C11F050924D6ECE6E748BF74091F02F904C24AC12A3A72C00E16841E74C88EDAD2E06DBBEC6C4B54742780CE32F00C51339A3F976FBD1CC15444097B5949AF0083E9975A368AC5827511A9673A3385647B0A45E4A6818953B5A468851A0E05E9072ADB6155A49E898A87D88B6B95A3D3B2961446A72792BA52D01194BDBB5C5BF07B85EF88973FC75502779097F5CB9CE1F8CBEC7EAA7945947EFF0497728175E36244F48A7388FEF588E245846696D3910477EE4E38ABEB2B8025F83E67DA88F414D0D12A8587E0CD01DE8A824DC62847EABDCDBB33CFA60151D5248E2AAB2456C86C2F847C68C244F33C812F3C8818E71445558778AFCE4741B61F8E65ED3470297BDB2002DDFE26E246C3FD4729C88F21287998DF85C9771C7438AB3758C32CC38700993E8034ACA359C6F27536478138939F5983D97A12DE4D686CD0542F41E97F15C8709E4AF86A24A76129A72376312CFD380428D04CA279B097CD3BF54CAD7791DA552D63B489C87B900A8C1F37A07D8306F27818F71B7B5444C5DB0662B8E67D17A3E1168B6430BB61E1231AFF23A039BD5BC9EEB4D3370FD0DD1A6199BC5BB14D6782C0A03AF2F7B5E2284C0ECEDA3BAE60C6F138DAAB70FD39419AAFDFB9D94D0E2A6C3DC6C742C7855E2CF885A31C3184D65D566249BE4F63C5EAFB623D613400F640F7AF87C7F65DDD75C6F2DC80625EF54558F97D1019416368F2D2054E743C82BB815C70F40E39FD236C984A95F8D967408C37333778C20C105CD4F297BBA0A24E0EA3F164E75B6A68446F438459597623AC2173CF1020E84A20B7C0B4DCB065FFBBC3B219D606E8B411987FBBEC2FD1F89D0D70EAEDC486AC9596A536E601F4ED3518BE334AFC99C39F736A0E961080EE936FE6EFECBE93FB231CE8087A4EDC70572F133AEB0FCD98E1FF3F575FE28F7203D4AC4463BC135E90DD4B3CF0AC005006CA58B3AF57225B6C9A1F0A6F0040A48B6E91E80E2D3E0CDF019B318C516260A11520C1D54C748FBBE9928D54D77D2D0F5032D383958BC145FAF6A41D0232DBAB696F5ABE84EEB7CC0A658EE6E91497DD12FC49079B925"
"OODEFRAG11.00.00.01WORKSTATION"="871A3D83A799133192EFF46CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407A6171C11EC38DE3DA2D97226D213B555671DB1FB5F9A727414B0E09E986ADB9E8057A712E777F594BE7A7900CC3D3D893A4294FA9F0B47B5621F70B85C11975820DE7E5E45FD424922D7AED7D22E659B7214D045716BE6545FA5C0F419B88E253673E26BA534E6C447A46D038B81F450C5920B0F5ACCB73CE655C19E07D404DA62D4B1BF148E2366B472A15FFACD472D3FBFDB31708654BFA74059A7749E703297C73E8535476BEFC2582AF1B76C6F9EBB224E2560B48A12247FDE24C2927E491F14CE09BCDA68081CEF59DEEC7B34736DC4628CEBB65E4AB32E21CDE66F0F2114879C3D780B77B84355F6F3595F0CDF59B58DAAE6AE84E600EB6100EAB9B31F667355B8C3DB28700DABBD1D52BBA6FA5A083669380468C7895BD23EE9BAB40DD9AA9CB31218BF822118DCEF3DFAE43F9ED23851DCE1A93021A520AB18FC8D190687870EE94CB525FD447722164CDC0D26B0E515E5B719C96E76E490B8516E5256E59FC7E4C83871F2DC240F6C22D728C63F010776383D21EB7D345B25CC3AAF0B26E30832A32666A594EDB4E2315237AC22C12048DA51A5E9EB119CCA47888B38AC4597923515E70EA1D3B5B1F3FEC5D27FD57BA5DB44AC09FC7509ACDB25A0C563AA66DD9BCCBA7ABCC95BA2AA43430E82DB597038386D41E9CD795DEA8F13EE366E847D37C9098AA3B50E16D3380401D9E79D9CB404855D72FB6A0819FA6742955DA870AD3DE2321873DDFE39ACBDA637824FB257B175FB5CD47E69CECF05A5F63AAC48688BB93BDFD17D65E2A08CCD51A69B4E6CFE2010EC21F753B7283C50D1BA0E2B934E63C2C49343E39EC96F16E3C6529F02DF4F5F711D412A4454BDCDA3896E54A14F1AB914EE2CA80012CB78ADC3E76B6C7A2F85B77BE7E6A7D79DFD6DC394914691FDE31F115479DC1766BBEF78F189C2294F7195E01B975B6A569333FCE9C47BC7105A3C177FABCE2A6CFE72AEAD675EF9A5E561E4B0DD9A7745987C397D63FDDC370AC594162B34D0EB33FEA77B04DFB088F97616226E679E2B67D774FE7ACFE93FB4979122F62F455A9F65975FF32BC23696B5750C1303322F2FD51BC5A5B4C2536C9408512226F20D5CF7A5005FE4DACE7D02762EA777BCD7750A104C9837EA081DA2E678D4C27EC0580D6E2A037B57D5BE4383EE9E90F5948F0E29AE19249AD2022A110DCAF3BA9255FD024E2F9ACBB4C2E47A567D5E50362B7EAFB0028CBD10AB19DEAA51EB3309E8AC647F48B8FDB5C256A9125D35ED7349FA63364145757BFEE19A0F4C9FA30A7CF70DF4450B690C500C58F1EAACA663BA28F34B586796B9357A821FB4CA7F61CD4AE80C"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft-Datenträgerkontingent"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"=expand:"@iedkcs32.dll,-3051"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"=expand:"@iedkcs32.dll,-3014"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Softwareinstallation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
@DACL=(02 0000)
"DllName"="c:\\Programme\\SUPERAntiSpyware\\SASWINLO.DLL"
"Logon"="SABWINLOLogon"
"Logoff"="SABWINLOLogoff"
"Startup"="SABWINLOStartup"
"Shutdown"="SABWINLOShutdown"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
@DACL=(02 0000)
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
@DACL=(02 0000)
"Asynchronous"=dword:00000001
"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"
"Startup"="WlDimsStartup"
"Shutdown"="WlDimsShutdown"
"Logon"="WlDimsLogon"
"Logoff"="WlDimsLogoff"
"StartShell"="WlDimsStartShell"
"Lock"="WlDimsLock"
"Unlock"="WlDimsUnlock"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
@DACL=(02 0000)
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=expand:"sclgntfy.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
@DACL=(02 0000)
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"Hilfeassistent"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"HelpAssistant"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
.
Zeit der Fertigstellung: 2011-02-26  21:21:37
ComboFix-quarantined-files.txt  2011-02-26 20:21
ComboFix2.txt  2010-11-27 21:33

Vor Suchlauf: 859.389.952 Bytes frei
Nach Suchlauf: 866.594.816 Bytes frei

- - End Of File - - B2A77932A3BED21D926258E0CC1DCE8C[/QUOTE]
         
--- --- ---

Alt 26.02.2011, 21:47   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira macht Probleme - Standard

Avira macht Probleme



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur einige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.02.2011, 22:07   #9
lurchi09
 
Avira macht Probleme - Standard

Avira macht Probleme



Here it is

OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:58:52 on 26.02.2011

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.17095

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"BDEADMIN.CPL" - ? - C:\WINDOWS\system32\BDEADMIN.CPL
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"AntiVir PersonalEdition Classic Configuration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)
"Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)
"ECSEPM" - "Sony Ericsson Mobile Communications AB" - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\ecsepm.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - D:\Office\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Advanced SCSI Programming Interface Driver" (ASPI) - "Adaptec" - C:\WINDOWS\System32\DRIVERS\ASPI32.sys
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\DOKUME~1\Besitzer\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys
"ElbyDelay" (ElbyDelay) - "Elaborate Bytes" - C:\WINDOWS\System32\Drivers\ElbyDelay.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"Lbd" (Lbd) - ? - C:\WINDOWS\System32\DRIVERS\Lbd.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"Logitech SetPoint Keyboard Driver" (L8042Kbd) - ? - C:\WINDOWS\System32\Drivers\L8042Kbd.sys  (File not found)
"MagicTune" (MagicTune) - ? - C:\WINDOWS\System32\drivers\MTiCtwl.sys  (File not found)
"mbr" (mbr) - ? - C:\cofi\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"Microsoft serieller Infrarottreiber" (irsir) - ? - C:\WINDOWS\System32\DRIVERS\irsir.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\DRIVERS\PxHelp20.sys
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Desktop\Components )-----
"(0) Source" - ? - hxxp://www.hintergrundbilder.de/wallpaper/download.php?image_id=435&size=1280  (HTTP value)
"(1) Source" - ? - hxxp://www.mountainstar.info/uploads/pics/TuxWi0506-AbsolutCool_02.jpg  (HTTP value)
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - D:\Acrobat Reader\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - D:\Office\Office12\GrooveSystemServices.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - D:\Office\Office12\GrooveShellExtensions.dll
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\SUPERAntiSpyware\SASSEH.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\System32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\System32\nvshell.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - D:\Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - D:\Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - D:\Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - D:\Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - D:\Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - D:\Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - D:\Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - D:\Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - D:\Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - D:\Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - D:\Office\Office12\GrooveShellExtensions.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - D:\Office\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - D:\Office\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\System32\nvshell.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - D:\Office\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{A5110426-177D-4e08-AB3F-785F10B4439C} "Sony Ericsson Datei-Manager" - "Sony Ericsson Mobile Communications AB" - C:\Programme\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - D:\WINZIP\WZSHLSTB.DLL
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - D:\WINZIP\WZSHLSTB.DLL
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - D:\WINZIP\WZSHLSTB.DLL
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - D:\WINZIP\WZSHLSTB.DLL

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{46AE04C0-BCFA-4728-90E7-00EB4A8B3863}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} "DivXBrowserPlugin Object" - "DivX,Inc." - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll / hxxp://download.divx.com/player/DivXBrowserPlugin.cab
{1E54D648-B804-468d-BC78-4AFFED8E262E} "System Requirements Lab Class" - "Husdawg, LLC" - C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
{73ECB3AA-4717-450C-A2AB-D00DAD9EE203} "{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}" - ? -   (File not found | COM-object registry key not found) / hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
{9F1C11AA-197B-4942-BA54-47A8489BB47F} "{9F1C11AA-197B-4942-BA54-47A8489BB47F}" - ? -   (File not found | COM-object registry key not found) / hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38099.2163773148
{D27CDB6E-AE6D-11CF-96B8-444553540000} "{D27CDB6E-AE6D-11CF-96B8-444553540000}" - ? -   (File not found | COM-object registry key not found) / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} "{EF791A6B-FC12-4C68-99EF-FB9E207A39E6}" - ? -   (File not found | COM-object registry key not found) / hxxp://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4374/mcfscan.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - D:\Office\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - D:\Office\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{46AE04C0-BCFA-4728-90E7-00EB4A8B3863} "eBay ToolBar" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - D:\Acrobat Reader\ActiveX\AcroIEHelper.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - D:\Office\Office12\GrooveShellExtensions.dll
{02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? -   (File not found | COM-object registry key not found)
{DBC80044-A445-435b-BC74-9C25C1C588A9} "{DBC80044-A445-435b-BC74-9C25C1C588A9}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Logitech SetPoint.lnk" - "Logitech Inc." - D:\Logitech Keyboard\SetPoint\KEM.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - D:\Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"updateMgr" - "Adobe Systems Incorporated" - D:\Acrobat Reader\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"ATIPTA" - "ATI Technologies, Inc." - "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"CanonMyPrinter" - "CANON INC." - C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon
"CanonSolutionMenu" - "CANON INC." - C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon
"DivXUpdate" - ? - "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"GrooveMonitor" - "Microsoft Corporation" - "D:\Office\Office12\GrooveMonitor.exe"
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"SiSUSBRG" - "Silicon Integrated Systems Corp." - C:\WINDOWS\SiSUSBrg.exe
"Sony Ericsson PC Suite" - "Sony Ericsson Mobile Communications AB" - "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"zBrowser Launcher" - "Logitech Inc." - D:\Logitech Keyboard\iTouch\iTouch.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - "internet-support foehr.com" - C:\WINDOWS\system32\pdfcmnnt.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - C:\Programme\Canon\CAL\CALMAIN.exe
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - D:\Office\Office12\GrooveAuditService.exe
"NMSAccess" (NMSAccess) - ? - C:\Programme\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{B587E2B1-4D59-4e7e-AED9-22B9DF11D053} "802.3 Group Policy" - "Microsoft Corporation" - C:\WINDOWS\system32\dot3gpclnt.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A} "EFS recovery" - "Microsoft Corporation" - C:\WINDOWS\system32\scecli.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} "Internet Explorer Branding" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3} "Internet Explorer Zonemapping" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{C631DF4C-088F-4156-B058-4375F0853CD8} "Microsoft Offline Files" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{3610eda5-77ef-11d2-8dc5-00c04fa31a66} "Microsoft-Datenträgerkontingent" - "Microsoft Corporation" - C:\WINDOWS\system32\dskquota.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{827D319E-6EAC-11D2-A4EA-00C04F79F83A} "Security" - "Microsoft Corporation" - C:\WINDOWS\system32\scecli.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (Hidden registry entry, rootkit activity | File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL  (Hidden registry entry, rootkit activity)
"crypt32chain" - "Microsoft Corporation" - C:\WINDOWS\system32\crypt32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"cryptnet" - "Microsoft Corporation" - C:\WINDOWS\system32\cryptnet.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"cscdll" - "Microsoft Corporation" - C:\WINDOWS\system32\cscdll.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"dimsntfy" - "Microsoft Corporation" - C:\WINDOWS\System32\dimsntfy.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"ScCertProp" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"Schedule" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"sclgntfy" - "Microsoft Corporation" - C:\WINDOWS\system32\sclgntfy.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"SensLogn" - "Microsoft Corporation" - C:\WINDOWS\system32\WlNotify.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"termsrv" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll
"wlballoon" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE]
Angehängte Dateien
Dateityp: txt MBRCheck_02.26.11_22.00.58.txt (9,4 KB, 222x aufgerufen)

Alt 26.02.2011, 22:46   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira macht Probleme - Standard

Avira macht Probleme



GMER ging nicht?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.02.2011, 12:09   #11
lurchi09
 
Avira macht Probleme - Standard

Avira macht Probleme



Hatte etwas länger gedauert :-)

Zitat:
MER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-02-27 12:06:59
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ExcelStor_Technology_J680 rev.V32OA60A
Running: e97vr3r9.exe; Driver: C:\DOKUME~1\Besitzer\LOKALE~1\Temp\uftdapow.sys


---- System - GMER 1.0.15 ----

SSDT F7F51C7E ZwCreateKey
SSDT F7F51C74 ZwCreateThread
SSDT F7F51C83 ZwDeleteKey
SSDT F7F51C8D ZwDeleteValueKey
SSDT F7F51C92 ZwLoadKey
SSDT F7F51C60 ZwOpenProcess
SSDT F7F51C65 ZwOpenThread
SSDT F7F51C9C ZwReplaceKey
SSDT F7F51C97 ZwRestoreKey
SSDT F7F51C88 ZwSetValueKey
SSDT \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0xA6362620]

---- Kernel code sections - GMER 1.0.15 ----

? C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS Das System kann den angegebenen Pfad nicht finden. !
? C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS Das System kann den angegebenen Pfad nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text C:\Programme\Mozilla Firefox\firefox.exe[1104] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 004013F0 C:\Programme\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library C:\Programme\SUPERAntiSpyware\SASSEH.DLL (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [412] 0x00D50000
Library C:\Programme\SUPERAntiSpyware\SASCTXMN.DLL (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [412] 0x030B0000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION BE899CBAF6DB7CA74AD6ED64B14A0D3ABD84A84639FE151333C3C45A0085C915E7A4A8190AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BEC C74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D14078EDD5E5BE2F6E6675D575E7D6A3B98081AEE399B974C4682A9E1AEACF43D976D81FC3B9AEE0F309303CCA25BD1D8D769ED D789D85970F616A934B52B0CDD1D5A2AEDDD209CB19A40D9379292E39DB19719F0A716665EC54CCCFC40ECE9FC3080FDE45B519DD51883074CF68CCEFAD98DD2B4C3E1315E03D12B936945 B3CA5D60153853E6E7B78AD4457D1B85785DAD5617CF721DB0A7A3E9A081AC5C11F050924D6ECE6E748BF74091F02F904C24AC12A3A72C00E16841E74C88EDAD2E06DBBEC6C4B54742780C E32F00C51339A3F976FBD1CC15444097B5949AF0083E9975A368AC5827511A9673A3385647B0A45E4A6818953B5A468851A0E05E9072ADB6155A49E898A87D88B6B95A3D3B2961446A7279 2BA52D01194BDBB5C5BF07B85EF88973FC75502779097F5CB9CE1F8CBEC7EAA7945947EFF0497728175E36244F48A7388FEF588E245846696D3910477EE4E38ABEB2B8025F83E67DA88F41 4D0D12A8587E0CD01DE8A824DC62847EABDCDBB33CFA60151D5248E2AAB2456C86C2F847C68C244F33C812F3C8818E71445558778AFCE4741B61F8E65ED
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG11.00.00.01WORKSTATION 871A3D83A799133192EFF46CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D14 07A6171C11EC38DE3DA2D97226D213B555671DB1FB5F9A727414B0E09E986ADB9E8057A712E777F594BE7A7900CC3D3D893A4294FA9F0B47B5621F70B85C11975820DE7E5E45FD424922D7 AED7D22E659B7214D045716BE6545FA5C0F419B88E253673E26BA534E6C447A46D038B81F450C5920B0F5ACCB73CE655C19E07D404DA62D4B1BF148E2366B472A15FFACD472D3FBFDB3170 8654BFA74059A7749E703297C73E8535476BEFC2582AF1B76C6F9EBB224E2560B48A12247FDE24C2927E491F14CE09BCDA68081CEF59DEEC7B34736DC4628CEBB65E4AB32E21CDE66F0F21 14879C3D780B77B84355F6F3595F0CDF59B58DAAE6AE84E600EB6100EAB9B31F667355B8C3DB28700DABBD1D52BBA6FA5A083669380468C7895BD23EE9BAB40DD9AA9CB31218BF822118DC EF3DFAE43F9ED23851DCE1A93021A520AB18FC8D190687870EE94CB525FD447722164CDC0D26B0E515E5B719C96E76E490B8516E5256E59FC7E4C83871F2DC240F6C22D728C63F01077638 3D21EB7D345B25CC3AAF0B26E30832A32666A594EDB4E2315237AC22C12048DA51A5E9EB119CCA47888B38AC4597923515E70EA1D3B5B1F3FEC5D27FD57
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@ Microsoft-Datentr?gerkontingent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoMachinePolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoBackgroundPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@PerUserLocalSettings 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@EnableAsynchronousProcessing 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@DllName dskquota.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@ProcessGroupPolicy ProcessGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@ Internet Explorer Zonemapping
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@DllName iedkcs32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@ProcessGroupPolicy ProcessGroupPolicyForZoneMap
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@RequiresSucessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@DisplayName @iedkcs32.dll,-3051
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicy SceProcessSecurityPolicyGPO
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@GenerateGroupPolicy SceGenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ExtensionRsopPlanningDebugLevel 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicyEx SceProcessSecurityPolicyGPOEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ExtensionDebugLevel 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@DllName scecli.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ Security
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@EnableAsynchronousProcessing 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@MaxNoGPOListChangesInterval 960
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ProcessGroupPolicyEx ProcessGroupPolicyEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@GenerateGroupPolicy GenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ProcessGroupPolicy ProcessGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@DllName iedkcs32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ Internet Explorer Branding
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoBackgroundPolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoMachinePolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@DisplayName @iedkcs32.dll,-3014
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicy SceProcessEFSRecoveryGPO
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@DllName scecli.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@ EFS recovery
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@ 802.3 Group Policy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@DisplayName @dot3gpclnt.dll,-100
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@ProcessGroupPolicyEx ProcessLANPolicyEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@GenerateGroupPolicy GenerateLANPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@DllName dot3gpclnt.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@ Microsoft Offline Files
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@DllName %SystemRoot%\System32\cscui.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@EnableAsynchronousProcessing 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoBackgroundPolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoGPOListChanges 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoMachinePolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoSlowLink 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@PerUserLocalSettings 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@ProcessGroupPolicy ProcessGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@ Softwareinstallation
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@DllName appmgmts.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@ProcessGroupPolicyEx ProcessGroupPolicyObjectsEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@GenerateGroupPolicy GenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@NoBackgroundPolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@RequiresSucessfulRegistry 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@PerUserLocalSettings 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@EventSources (Application Management,Application)?(MsiInstaller,Application)?
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@DllName C:\Programme\SUPERAntiSpyware\SASWINLO.DLL
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Logon SABWINLOLogon
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Logoff SABWINLOLogoff
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Startup SABWINLOStartup
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Shutdown SABWINLOShutdown
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@DllName crypt32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@Logoff ChainWlxLogoffEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@DllName cryptnet.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@Logoff CryptnetWlxLogoffEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@DLLName cscdll.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Logon WinlogonLogonEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Logoff WinlogonLogoffEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@ScreenSaver WinlogonScreenSaverEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Startup WinlogonStartupEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Shutdown WinlogonShutdownEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@StartShell WinlogonStartShellEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@DllName %SystemRoot%\System32\dimsntfy.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Startup WlDimsStartup
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Shutdown WlDimsShutdown
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Logon WlDimsLogon
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Logoff WlDimsLogoff
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@StartShell WlDimsStartShell
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Lock WlDimsLock
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Unlock WlDimsUnlock
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@DLLName wlnotify.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Logon SCardStartCertProp
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Logoff SCardStopCertProp
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Lock SCardSuspendCertProp
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Unlock SCardResumeCertProp
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Enabled 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Impersonate 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@DllName wlnotify.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@StartShell SchedStartShell
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@Logoff SchedEventLogOff
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@Logoff WLEventLogoff
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@DllName sclgntfy.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@DLLName WlNotify.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Lock SensLockEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Logon SensLogonEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Logoff SensLogoffEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Safe 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@MaxWait 600
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@StartScreenSaver SensStartScreenSaverEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@StopScreenSaver SensStopScreenSaverEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Startup SensStartupEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Shutdown SensShutdownEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@StartShell SensStartShellEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@PostShell SensPostShellEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Disconnect SensDisconnectEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Reconnect SensReconnectEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Unlock SensUnlockEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Impersonate 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@DllName wlnotify.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Logoff TSEventLogoff
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Logon TSEventLogon
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@PostShell TSEventPostShell
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Shutdown TSEventShutdown
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@StartShell TSEventStartShell
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Startup TSEventStartup
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@MaxWait 600
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Reconnect TSEventReconnect
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Disconnect TSEventDisconnect
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@DLLName wlnotify.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Logon RegisterTicketExpiredNotificationEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Logoff UnregisterTicketExpiredNotificationEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Impersonate 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@Hilfeassistent 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@TsInternetUser 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@SQLAgentCmdExec 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@NetShowServices 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@HelpAssistant 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@IWAM_ 65536
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@IUSR_ 65536
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@VUSR_ 65536
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@ASPNET 0

---- EOF - GMER 1.0.15 ----

Alt 27.02.2011, 15:57   #12
lurchi09
 
Avira macht Probleme - Standard

Avira macht Probleme



Hatte gestern auch mal die Systemwiederherstellung von Windows probiert mit Zeitpunkt 23.02. Hat auch nichts gebracht. Keine Dateien verändert wurde gemeldet.
Habe heute mwb drüber laufen lassen und er hat wieder was gefunden siehe log
Angehängte Dateien
Dateityp: txt mbam-log-2011-02-27 (15-48-44).txt (1,9 KB, 149x aufgerufen)

Alt 27.02.2011, 20:32   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira macht Probleme - Standard

Avira macht Probleme



Zitat:
Infizierte Dateien:

c:\dokumente und einstellungen\Besitzer\lokale einstellungen\Temp\icreinstall\pdfconvertersetup.exe (Adware.Agent) -> Quarantined and deleted successfully.

c:\system volume information\_restore{bb8e107c-f1ed-47bb-b284-7b303060c108}\RP449\A0128520.rbf (PUP.Dealio) -> Quarantined and deleted successfully.

c:\system volume information\_restore{bb8e107c-f1ed-47bb-b284-7b303060c108}\RP449\A0128521.rbf (PUP.Dealio) -> Quarantined and deleted successfully.

c:\system volume information\_restore{bb8e107c-f1ed-47bb-b284-7b303060c108}\RP449\A0128522.rbf (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

c:\system volume information\_restore{bb8e107c-f1ed-47bb-b284-7b303060c108}\RP449\A0128523.rbf (PUP.Dealio) -> Quarantined and deleted successfully.

j:\set up dateien\Computer\pdf-creator\pdfconvertersetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
Der PDF-Creator ist _eigentlich_ vertrauenswürdig. Bist du auf den angewiesen? Aus welcher Quelle hast du den?

Wegen der Funde in System Volume Information => Deaktiviere die Systemwiederherstellung, im Verlauf der Infektion wurden auch Malwaredateien in Wiederherstellungspunkten mitgesichert - die sind alle nun unbrauchbar, da ein Zurücksetzen des Systems durch einen Wiederherstellungspunkt wahrscheinlich wieder eine Infektion nach sich ziehen würde.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.02.2011, 20:50   #14
lurchi09
 
Avira macht Probleme - Standard

Avira macht Probleme



Nö den PDF Creator brauch eich nicht habe eine anderen drauf gemacht weil der Creaotor Fehlermeldung gebracht hat.

Deinen zweiten Satz verstehe ich nicht. Was soll das jetzt genau heissen?

Alt 27.02.2011, 20:59   #15
lurchi09
 
Avira macht Probleme - Standard

Avira macht Probleme



Habe die Systemwiederherstellung jetzt deaktiviert ich glaube das wolltest du oder?

Antwort

Themen zu Avira macht Probleme
avira, cleaner, could, deaktiviert, deinstalliert, dokumente, file, funktionier, gefunde, gelöscht, guard, heute, log, lokale, neu, nicht mehr, not, objekte, probiert, problem, probleme, registry, registry cleaner, richtig, updates



Ähnliche Themen: Avira macht Probleme


  1. PC macht Probleme
    Plagegeister aller Art und deren Bekämpfung - 27.03.2015 (5)
  2. Avira macht keine Updates mehr!
    Plagegeister aller Art und deren Bekämpfung - 07.12.2014 (21)
  3. ScanTrack macht Probleme :/
    Log-Analyse und Auswertung - 17.06.2014 (15)
  4. Mozilla macht Probleme
    Plagegeister aller Art und deren Bekämpfung - 13.02.2013 (27)
  5. Mein Avira macht alarm ...
    Plagegeister aller Art und deren Bekämpfung - 22.12.2012 (1)
  6. Svchost.exe macht probleme
    Plagegeister aller Art und deren Bekämpfung - 25.09.2012 (23)
  7. Avira AntiVir macht keine Updates mehr...
    Mülltonne - 31.01.2010 (5)
  8. Avira macht Alarm :-(
    Log-Analyse und Auswertung - 12.12.2009 (1)
  9. Avira macht keine Updates
    Log-Analyse und Auswertung - 30.01.2009 (0)
  10. explorer.exe macht Probleme!
    Alles rund um Windows - 28.10.2007 (0)
  11. Windows XP macht Probleme
    Log-Analyse und Auswertung - 06.09.2007 (6)
  12. Browser macht Probleme
    Log-Analyse und Auswertung - 15.08.2007 (1)
  13. svchost.exe macht probleme
    Log-Analyse und Auswertung - 28.03.2006 (1)
  14. svchost macht probleme
    Plagegeister aller Art und deren Bekämpfung - 15.08.2005 (1)
  15. DDRAW.dll macht probleme
    Plagegeister aller Art und deren Bekämpfung - 13.08.2005 (4)
  16. IE6-Startseite macht Probleme
    Plagegeister aller Art und deren Bekämpfung - 04.06.2004 (2)

Zum Thema Avira macht Probleme - Habe seit heute das Problem das Avira nicht mehr richtig funktioniert. AV Guard ist deaktiviert und Updates gehen auch nicht mehr. Alles deinstalliert dann neu installiert und das gleiche Problem. - Avira macht Probleme...
Archiv
Du betrachtest: Avira macht Probleme auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.