Trojaner-Board
Seite 3 von 4 12 3 4
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Unbeabsichtigte Weiterleitung bei Aktivieren eines Google-links (https://www.trojaner-board.de/125764-unbeabsichtigte-weiterleitung-aktivieren-google-links.html)

christoph03 24.10.2012 05:34
Code:
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012/08/13 16:58:53 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\.marble
[2008/11/28 20:04:21 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Adobe
[2009/02/08 15:10:35 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Apple Computer
[2011/01/30 12:53:20 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Ashampoo Cover Studio 2
[2009/02/17 07:35:20 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\AVS4YOU
[2012/10/17 17:20:21 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\blaxxun interactive
[2011/08/13 16:59:58 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Blender Foundation
[2011/08/27 07:09:42 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Bolthouse Software
[2011/01/15 13:16:01 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Canneverbe Limited
[2012/09/04 17:24:07 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\codeblocks
[2009/02/14 11:54:52 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Corel
[2009/02/08 09:45:58 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\CyberLink
[2008/08/20 07:34:06 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Das Fussball Studio
[2011/02/18 18:18:15 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\DVD Flick
[2012/03/25 15:36:23 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\DVDVideoSoft
[2009/01/15 18:26:47 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Engelmann Media
[2012/06/24 14:14:52 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Exif Viewer
[2012/04/03 17:36:24 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\fltk.org
[2012/06/16 17:35:55 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\FreeCAD
[2011/01/15 16:06:59 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\FreeFLVConverter
[2011/02/01 18:45:21 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\GetRightToGo
[2010/12/31 12:40:25 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Google
[2012/05/22 18:00:58 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\gtk-2.0
[2011/12/08 12:21:40 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Help
[2008/08/13 17:41:22 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Hemera
[2008/05/05 19:08:39 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Hewlett-Packard
[2009/01/17 18:34:01 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\HP
[2012/09/30 08:28:00 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\HpUpdate
[2008/05/05 19:10:16 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Identities
[2009/01/10 16:18:57 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\InstallShield
[2012/08/29 17:56:58 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\IrfanView
[2008/11/28 20:00:13 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Leadertech
[2009/03/08 16:06:34 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Livestation
[2011/09/25 08:40:09 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Logitech
[2008/05/05 19:09:03 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Macromedia
[2012/10/19 06:52:26 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Malwarebytes
[2012/03/11 08:30:41 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\MathWorks
[2009/06/25 18:23:21 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Mchid
[2006/11/02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Media Center Programs
[2012/08/01 16:57:55 | 000,000,000 | --SD | M] -- C:\Users\christoph\AppData\Roaming\Microsoft
[2012/03/13 18:21:02 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Microsoft Corporation
[2011/02/04 19:34:12 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Mozilla
[2009/01/02 19:10:09 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Nikon
[2012/10/12 16:55:59 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Nitro PDF
[2010/08/09 16:39:11 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Nokia
[2012/03/21 19:55:22 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Notepad++
[2012/10/13 15:13:36 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\NVIDIA
[2009/01/15 18:51:08 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Orbit
[2012/09/12 17:01:09 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Origin
[2010/08/09 14:54:38 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\PC Suite
[2011/02/05 16:18:37 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\PeerNetworking
[2008/12/14 18:06:41 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\PPMate
[2011/03/11 08:09:21 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Real
[2012/10/03 16:37:21 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Scilab
[2008/06/21 17:55:17 | 000,000,000 | RH-D | M] -- C:\Users\christoph\AppData\Roaming\SecuROM
[2009/02/17 08:16:56 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\SopCast
[2011/11/04 19:05:27 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Sports Interactive
[2009/03/02 17:44:12 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Symantec
[2008/06/21 18:17:16 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\temp
[2009/02/07 13:37:00 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\TerraTec
[2012/08/11 16:27:17 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\transdat
[2008/12/14 18:08:25 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\TVU Networks
[2012/08/18 10:30:01 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Uniblue
[2012/09/21 16:17:55 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\vlc
[2011/03/06 09:16:30 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\WinFAQ
[2011/09/03 13:37:03 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012/08/02 16:54:56 | 000,095,315 | R--- | M] () -- C:\Users\christoph\AppData\Roaming\Microsoft\Installer\{D774CBD3-A27F-45A1-A34D-6BE5C918462E}\_25bb508a.exe
[2012/08/02 16:54:56 | 000,053,559 | R--- | M] () -- C:\Users\christoph\AppData\Roaming\Microsoft\Installer\{D774CBD3-A27F-45A1-A34D-6BE5C918462E}\_25be7a87.exe
[2012/08/02 16:54:56 | 000,046,502 | R--- | M] () -- C:\Users\christoph\AppData\Roaming\Microsoft\Installer\{D774CBD3-A27F-45A1-A34D-6BE5C918462E}\_25c12483.exe
[2012/08/02 16:54:56 | 000,046,502 | R--- | M] () -- C:\Users\christoph\AppData\Roaming\Microsoft\Installer\{D774CBD3-A27F-45A1-A34D-6BE5C918462E}\_2fc2113e.exe
[2012/08/02 16:54:56 | 000,061,203 | R--- | M] () -- C:\Users\christoph\AppData\Roaming\Microsoft\Installer\{D774CBD3-A27F-45A1-A34D-6BE5C918462E}\_55714a50.exe
[2012/08/02 16:54:56 | 000,053,394 | R--- | M] () -- C:\Users\christoph\AppData\Roaming\Microsoft\Installer\{D774CBD3-A27F-45A1-A34D-6BE5C918462E}\_758a6f3e.exe
[2012/08/02 16:54:56 | 000,057,332 | R--- | M] () -- C:\Users\christoph\AppData\Roaming\Microsoft\Installer\{D774CBD3-A27F-45A1-A34D-6BE5C918462E}\_7dbc59a7.exe
[2008/02/21 16:02:34 | 000,152,952 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\LUpdate\WLUEX\ALUNOTIF.EXE
[2008/02/21 16:02:54 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\LUpdate\WLUEX\ALUSDSVC.EXE
[2008/02/21 16:02:36 | 000,308,600 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\LUpdate\WLUEX\AUPDATE.EXE
[2008/02/21 16:03:08 | 000,181,624 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\LUpdate\WLUEX\LSETUP.EXE
[2008/02/21 16:02:40 | 000,873,848 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\LUpdate\WLUEX\LUALL.EXE
[2008/02/21 16:02:48 | 000,062,840 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\LUpdate\WLUEX\LUCBPRXY.EXE
[2008/02/21 16:03:08 | 000,181,624 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\LUpdate\WLUEX\LUCheck.exe
[2008/02/21 16:02:46 | 003,220,856 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\LUpdate\WLUEX\LUCOMSVR.EXE
[2008/02/21 16:02:42 | 000,804,216 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\LUpdate\WLUEX\LuConfig.EXE
[2008/02/21 16:02:44 | 000,016,760 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\LUpdate\WLUEX\NotifyHA.exe
[2005/05/19 23:50:36 | 002,584,848 | ---- | M] (Microsoft Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\MSI\wiupdate.exe
[2008/02/23 20:08:52 | 000,382,320 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\NCO\NCO\APP\COExport.exe
[2008/02/23 20:08:18 | 000,095,600 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\NCO\NCO\APP\coVisPrx.exe
[2007/11/29 18:15:06 | 000,288,088 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\NCO\NCO\SYMSHARE\COL\COLUpdtr.exe
[2008/02/20 01:03:58 | 000,160,112 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\Remover\Remover.exe
[2008/02/20 01:03:51 | 000,990,056 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\Reporter\Reporter.exe
[2008/01/25 19:16:58 | 000,832,896 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\SEVINST\SEVINST.EXE
[2008/01/26 10:27:32 | 000,661,896 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\SPBBC\SPBBC32\SYMSHARE\SPBBC\UpdMgr.exe
[2008/02/20 01:03:49 | 000,687,976 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\SymLnch\SymLnch.exe
[2007/02/13 05:10:44 | 002,682,880 | ---- | M] (Microsoft Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\VCRedist\redist32.exe
[2007/02/13 05:10:44 | 003,161,088 | ---- | M] (Microsoft Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\VCRedist\redist64.exe
[2008/04/02 19:07:14 | 002,613,088 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Setup.exe
[2008/02/20 01:03:53 | 000,778,080 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Stub.exe
[2008/01/25 17:57:36 | 000,031,576 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\FWCfg.exe
[2008/01/18 19:43:28 | 001,250,656 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\COH32\COH32.exe
[2008/01/18 19:58:48 | 001,996,336 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\COH64\COH64.exe
[2008/02/26 16:50:42 | 000,448,352 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\Norton\app\MainStub.exe
[2008/02/26 16:50:42 | 000,370,528 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\Norton\app\NSWRedir.exe
[2008/02/26 16:50:44 | 000,988,512 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\Norton\app\osCheck.exe
[2008/02/26 16:50:44 | 000,404,320 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\Norton\app\ScanStub.exe
[2008/02/26 16:50:46 | 000,972,640 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\Norton\app\tpNetMap.exe
[2008/02/25 07:21:32 | 000,096,424 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\Norton\app\WSCStub.exe
[2008/02/21 16:49:04 | 000,051,576 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\NPC\HSLoader.exe
[2008/02/21 16:49:08 | 000,036,728 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\NPC\isUAC.exe
[2008/02/21 16:49:14 | 000,042,360 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\NPC\npcLULdr.exe
[2008/02/21 16:49:16 | 000,082,808 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\NPC\npcLUStb.exe
[2008/02/23 18:41:38 | 000,423,304 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\OPC\cltUAC.exe
[2008/02/23 18:40:46 | 000,533,896 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\OPC\SSAutoRN.exe
[2008/02/23 18:41:28 | 000,611,712 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\OPC\SYMCUW.exe
[2008/01/22 16:09:02 | 002,368,888 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\SYMSHARE\IDS\IdsInst.exe
[2008/02/07 00:49:36 | 000,443,760 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\SYMSHARE\SecHist\MCUI32.exe
[2007/08/22 02:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\SYMSHARE\VASCAN\comHost.exe
[2007/08/22 02:22:08 | 000,267,096 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\SYMSHARE\VASCAN64\comHost.exe
[2008/02/23 18:40:46 | 000,533,896 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\SymLT\OPC\SSAutoRN.exe
[2008/01/30 14:55:54 | 001,279,368 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\SymLT\PIF_96E2\pifCrawl.exe
[2008/01/30 14:55:34 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\SymLT\PIF_96E2\PIFSvc.exe
[2008/01/25 19:16:59 | 001,022,848 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Supp64\SEVINST\Sevntx64.exe
[2008/02/26 10:34:20 | 000,137,568 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\Backup\Backup\buDump.exe
[2008/02/18 13:37:38 | 000,051,048 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\ccCommon\ccCommon\ccApp.exe
[2008/02/18 13:37:40 | 000,056,168 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\ccCommon\ccCommon\ccEvtMgr.exe
[2008/02/18 13:37:10 | 000,268,648 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\ccCommon\ccCommon\ccLgView.exe
[2008/02/18 13:37:18 | 000,046,440 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\ccCommon\ccCommon\ccSetMgr.exe
[2008/02/18 13:37:54 | 000,876,392 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\ccCommon\ccCommon\ccSEUPDT.exe
[2008/02/18 13:37:20 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\ccCommon\ccCommon\ccSvcHst.exe
[2008/02/21 16:02:34 | 000,152,952 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\ALUNOTIF.EXE
[2008/02/21 16:02:54 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\ALUSDSVC.EXE
[2008/02/21 16:02:36 | 000,308,600 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\AUPDATE.EXE
[2008/02/21 16:03:08 | 000,181,624 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\LSETUP.EXE
[2008/02/21 16:02:40 | 000,873,848 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\LUALL.EXE
[2008/02/21 16:02:48 | 000,062,840 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\LUCBPRXY.EXE
[2008/02/21 16:03:08 | 000,181,624 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\LUCheck.exe
[2008/02/21 16:02:46 | 003,220,856 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\LUCOMSVR.EXE
[2008/02/21 16:02:42 | 000,804,216 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\LuConfig.EXE
[2008/02/21 16:02:44 | 000,016,760 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\NotifyHA.exe
[2005/05/19 23:50:36 | 002,584,848 | ---- | M] (Microsoft Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\MSI\wiupdate.exe
[2008/02/23 20:08:52 | 000,382,320 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\NCO\NCO\APP\COExport.exe
[2008/02/23 20:08:18 | 000,095,600 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\NCO\NCO\APP\coVisPrx.exe
[2007/11/29 18:15:06 | 000,288,088 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\NCO\NCO\SYMSHARE\COL\COLUpdtr.exe
[2008/02/20 01:03:58 | 000,160,112 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\Remover\Remover.exe
[2008/02/20 01:03:51 | 000,990,056 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\Reporter\Reporter.exe
[2008/01/25 19:16:58 | 000,832,896 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\SEVINST\SEVINST.EXE
[2008/01/26 10:27:32 | 000,661,896 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\SPBBC\SPBBC32\SYMSHARE\SPBBC\UpdMgr.exe
[2008/02/20 01:03:49 | 000,687,976 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\SymLnch\SymLnch.exe
[2007/02/13 05:10:44 | 002,682,880 | ---- | M] (Microsoft Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\VCRedist\redist32.exe
[2007/02/13 05:10:44 | 003,161,088 | ---- | M] (Microsoft Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\VCRedist\redist64.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< %systemroot%\Installer\*. /s >
[2012/08/02 16:52:45 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$
[2012/03/12 20:13:45 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{0125D081-30D0-4A97-82A8-C28D444B6256}
[2011/11/04 16:50:36 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}
[2010/08/09 14:52:22 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{089DD780-DB3F-4CDB-A0C2-111360247298}
[2011/03/03 15:07:28 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}
[2011/09/25 08:39:37 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{0C826C5B-B131-423A-A229-C71B3CACCD6A}
[2008/03/27 16:44:23 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{0E19A83E-F53B-40CF-8C91-96F32D955E6A}
[2011/03/05 16:29:41 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{0EE0B0D9-C159-4D0D-8E92-83959FCAA35D}
[2012/06/30 18:33:39 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{10E1E87C-656C-4D08-86D6-5443D28583BE}
[2009/11/14 09:10:36 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{11202615-E557-4ECF-9B86-F59C81E52909}
[2008/03/27 16:38:22 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{11BB336F-0E58-4977-B866-F24FA334616B}
[2010/08/09 14:49:08 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{1B9B5B3B-28E7-4E59-A80D-D670AA984514}
[2012/03/12 20:32:27 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{1C2B3CEA-482E-4453-B3E2-C9731337828A}
[2010/08/09 14:53:13 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}
[2008/11/28 19:59:59 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{2315B23D-3E21-4920-837D-AE6460934ECB}
[2011/02/07 16:02:16 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{26A24AE4-039D-4CA4-87B4-2F83216023FF}
[2012/09/30 12:06:21 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{26A24AE4-039D-4CA4-87B4-2F83217007FF}
[2011/11/14 07:14:13 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}
[2012/04/19 17:45:39 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{2D87E961-577B-492B-AD54-1368680FB9A7}
[2010/05/13 07:07:44 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}
[2011/09/25 08:36:50 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{3101CB58-3482-4D21-AF1A-7057FC935355}
[2012/08/24 18:26:25 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{32A9C5B3-D166-4C6D-A11E-A54473151000}
[2012/03/12 20:33:58 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}
[2012/10/12 07:24:18 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{39D0E034-1042-4905-BECB-5502909FCB7C}
[2012/09/14 16:28:47 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{3C57F42A-4925-4B5D-9774-18AEF2B81A97}
[2010/10/13 17:57:55 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}
[2012/09/08 16:16:15 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{40AAB711-8EFF-4830-8B39-017D3F66983D}
[2010/12/31 12:14:51 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{4422D20B-F530-4E65-8504-31396C9BC066}
[2012/06/30 18:34:38 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
[2009/01/10 16:17:31 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
[2012/03/12 20:33:54 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{4AF2248C-B3DF-46FB-9596-87F5DB193689}
[2012/10/10 17:49:52 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{4BA6784F-3B10-473A-B9F5-33A36AC354D5}
[2012/09/08 16:16:04 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}
[2012/05/13 15:13:20 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{612C34C7-5E90-47D8-9B5C-0F717DD82726}
[2012/05/23 07:36:00 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{6151CF20-0BD8-4023-A4A0-6A86DCFE58E5}
[2009/01/24 08:26:13 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}
[2011/01/29 18:41:13 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
[2012/05/23 07:42:40 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{7003B63A-7ECA-42B0-A122-AFF24A9F1D5B}
[2009/01/15 06:44:41 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
[2012/05/12 07:32:06 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
[2012/05/12 07:38:49 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{90120000-0020-0407-0000-0000000FF1CE}
[2012/03/01 08:05:07 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{90120000-006E-0407-0000-0000000FF1CE}
[2009/12/19 08:30:17 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}
[2012/05/12 07:51:08 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}
[2012/05/12 07:51:45 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{95120000-00AF-0407-0000-0000000FF1CE}
[2012/03/12 20:30:12 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{9AA2D735-3375-42D4-9A61-3FFEF82599D6}
[2011/09/25 08:40:03 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{A498D9EB-927B-459B-85D6-DD6EF8C2C564}
[2011/08/20 16:14:41 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{A8DB611A-D80E-450D-85F6-3ACDD164BE31}
[2009/03/22 14:48:33 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{AC76BA86-7AD7-1031-7B44-A81300000003}
[2008/12/31 12:22:26 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{AC76BA86-7AD7-5464-3428-800000000003}
[2012/09/08 16:16:37 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}
[2009/06/21 10:20:48 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}
[2012/03/11 11:46:31 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{C04BADDA-A8E5-4460-8385-88F2A9E2A305}
[2010/02/04 18:30:30 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{C084BC61-E537-11DE-8616-005056806466}
[2012/03/12 20:33:56 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{C965F01C-76EA-4BD7-973E-46236AE312D7}
[2008/03/27 16:43:58 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}
[2009/02/28 16:36:56 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{CB84F0F2-927B-458D-9DC5-87832E3DC653}
[2010/08/09 15:03:43 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
[2012/03/12 20:33:49 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{D074DC76-F6C9-440E-A1D0-1DE958417FDB}
[2009/01/01 16:50:20 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{D16D8A48-65A4-4B19-8A02-DC9A40FB80C4}
[2012/05/26 16:51:52 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}
[2010/12/17 08:33:01 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
[2009/02/28 16:15:25 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{E80F62FF-5D3C-4A19-8409-9721F2928206}
[2011/01/15 13:16:23 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{EC385B36-AE9D-4F0F-A596-08F7D425D09D}
[2011/01/29 18:41:30 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{EE6097DD-05F4-4178-9719-D3170BF098E8}
[2008/11/28 20:01:24 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{EF7E931D-DC84-471B-8DB6-A83358095474}
[2012/04/28 15:39:53 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}
[2009/11/26 17:23:29 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
[2009/01/10 16:15:42 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}
[2012/09/08 16:15:32 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{FE19B8A3-C79D-4A90-8F7C-1B206DB00CFC}
[2012/10/20 06:40:15 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed
[2012/08/02 16:52:45 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\UnManaged
[2012/03/01 08:12:03 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109020070400000000000F01FEC
[2008/12/29 16:25:19 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\000021091A0070400000000000F01FEC
[2012/03/01 08:05:30 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109610070400000000000F01FEC
[2012/03/01 08:05:49 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109810070400000000000F01FEC
[2012/03/01 08:05:54 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109B10070400000000000F01FEC
[2008/12/29 16:25:02 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109E60070400000000000F01FEC
[2008/12/29 16:25:32 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109F10001400000000000F01FEC
[2008/12/29 16:25:30 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109F10070400000000000F01FEC
[2008/12/29 16:24:55 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109F10090400000000000F01FEC
[2010/01/21 17:36:38 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC
[2012/03/01 08:08:53 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC
[2012/03/12 20:13:41 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\000021599B0090400000000000F01FEC
[2012/03/01 08:02:38 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002159FA0070400000000000F01FEC
[2012/05/01 07:43:37 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC
[2009/01/12 07:47:35 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\0D00C83EB86A81348A6A7F4D5B1BFDE0
[2012/03/12 20:33:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\0D756077321A70C3E844C138CE981581
[2012/03/12 20:34:21 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\11993DB5F21A265489AB6A0EE333071B
[2012/03/12 20:29:44 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\180D52100D0379A4288A2CD844B42665
[2012/03/12 20:29:44 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\1B5423D68BD832A4C92DC2094FA0AB6F
[2009/01/24 08:24:58 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\1BF27E46343277944B8A62C25DD3B03D
[2012/03/15 07:32:35 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A
[2009/08/22 07:35:41 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D
[2012/03/12 20:31:42 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\2E43F6A45E9061642B72A4624A886A9F
[2012/03/12 20:34:03 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\3323515BEEA94DC4D9C2F4AA8C07BD2E
[2012/03/14 06:39:29 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\3EF5BEED5F04B5C3F8583560FEC3804F
[2012/06/30 18:33:53 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\40B8D8DFDAEB55A4AAD1262D73E3D7AE
[2012/03/12 20:13:41 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\41DAA1250305BB44B8E0C56EF5EC750E
[2012/06/30 18:33:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\42C2662EE13B94340A4823BE678E7B06
[2009/06/12 14:51:57 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\430E0D9324015094EBBC552009F9BCC7
[2012/06/30 18:34:13 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\4D738037E5FFBD84AB94337E23FD0F3B
[2012/03/12 20:31:33 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\537D2AA957334D24A916F3EF8F52996D
[2011/04/14 16:38:22 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A
[2012/03/12 20:33:14 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\5F514774AD39AA64585C460074289559
[2012/03/12 20:33:46 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\67CD470D9C6FE0441A0DD19E8514F7BD
[2011/06/28 07:03:33 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\689C057F0135A5A3598FE47CC1A80CC1
[2009/03/22 14:48:25 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B7448A3100000030
[2012/03/12 20:32:37 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\6BA4943F00966C14FA7528636228E78D
[2012/06/30 18:32:31 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\79F70AEA8809c7948812F063DBD52C15
[2012/06/30 18:34:29 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\81500F31A708A3B4380B7ADC093F3A89
[2012/06/30 18:33:12 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\A1DC6DCBEBD0E214F952B305D0E1B61A
[2012/03/12 20:13:41 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\ADDAB40C5E8A06443858882F9A2E3A50
[2012/03/12 20:33:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\AEC3B2C1E28435443B2E9C37317328A8
[2012/09/08 16:16:34 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\AFC9600B9BB530C41B6C98EC92E0A5EF
[2012/10/10 06:59:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\b25099274a207264182f8181add555d0
[2012/06/30 18:33:12 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\BEF1496C59505ff4F8136B4F3BC130F1
[2012/03/12 20:33:55 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\C10F569CAE677DB479E36432A63E217D
[2012/03/12 20:29:44 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\c1c4f01781cc94c4c8fb1542c0981a2a
[2012/06/30 18:33:38 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\C78E1E01C65680D4686D45342D5838EB
[2012/03/12 20:29:43 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\C839E3454CDB33946A211092936948F5
[2012/03/12 20:33:52 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\C8422FA4FD3BBF645969785FBD916398
[2009/03/14 09:32:41 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100
[2012/03/12 20:29:44 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\DD7906EE4F50871479913D71B00F898E
[2012/05/27 08:14:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\DDE7F2BCF1D91C3409CFF425AE1E271A
[2012/10/10 17:49:49 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\F4876AB401B3A3749B5F333AA63C455D
[2012/03/14 06:43:37 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\FCDAC0A0AD874C333A05DC1548B97920
[2009/02/28 18:37:20 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\FF26F08EC3D591A4489079122F292860
[2012/03/12 20:33:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109020070400000000000F01FEC\12.0.4518
[2012/03/01 08:11:59 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109020070400000000000F01FEC\12.0.6612
[2010/01/21 17:33:36 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\000021091A0070400000000000F01FEC\12.0.4518
[2010/01/21 17:33:28 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109610070400000000000F01FEC\12.0.4518
[2012/03/01 08:05:30 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109610070400000000000F01FEC\12.0.6612
[2010/01/21 17:33:44 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109810070400000000000F01FEC\12.0.4518
[2012/03/01 08:05:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109810070400000000000F01FEC\12.0.6612
[2010/01/21 17:33:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109B10070400000000000F01FEC\12.0.4518
[2012/03/01 08:05:54 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109B10070400000000000F01FEC\12.0.6612
[2012/03/01 08:05:03 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109E60070400000000000F01FEC\12.0.4518
[2008/12/29 16:25:32 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109F10001400000000000F01FEC\12.0.4518
[2012/03/01 08:10:39 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109F10070400000000000F01FEC\12.0.4518
[2010/01/21 17:36:34 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109F10090400000000000F01FEC\12.0.4518
[2012/03/01 08:11:01 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518
[2012/05/12 07:34:40 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518
[2012/03/01 08:08:43 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612
[2012/03/12 20:33:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\000021599B0090400000000000F01FEC\12.0.6012
[2012/03/12 20:33:47 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002159FA0070400000000000F01FEC\12.0.4518
[2012/03/01 08:02:30 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002159FA0070400000000000F01FEC\12.0.6612
[2012/05/01 07:43:37 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130
[2010/12/17 08:32:56 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\0D00C83EB86A81348A6A7F4D5B1BFDE0\9.0.2980
[2012/03/12 20:33:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\0D756077321A70C3E844C138CE981581\8.0.50727
[2012/03/12 20:34:25 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\11993DB5F21A265489AB6A0EE333071B\10.0.1600
[2012/03/12 20:33:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\180D52100D0379A4288A2CD844B42665\3.5.8080
[2012/03/12 20:33:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\1B5423D68BD832A4C92DC2094FA0AB6F\1.0.3
[2012/03/12 20:33:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\1BF27E46343277944B8A62C25DD3B03D\12.1.0
[2012/03/15 07:32:35 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219
[2012/05/12 07:58:17 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729
[2012/03/12 20:31:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\2E43F6A45E9061642B72A4624A886A9F\10.0.1600
[2012/03/12 20:34:13 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\3323515BEEA94DC4D9C2F4AA8C07BD2E\10.0.1600
[2012/03/14 06:41:01 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\3EF5BEED5F04B5C3F8583560FEC3804F\10.0.30319
[2012/06/30 18:33:53 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\40B8D8DFDAEB55A4AAD1262D73E3D7AE\90.0.146
[2012/03/12 20:33:47 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\41DAA1250305BB44B8E0C56EF5EC750E\1.0.0
[2012/06/30 18:33:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\42C2662EE13B94340A4823BE678E7B06\90.0.146
[2012/03/12 20:33:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\430E0D9324015094EBBC552009F9BCC7\9.7.621
[2012/06/30 18:34:13 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\4D738037E5FFBD84AB94337E23FD0F3B\90.0.146
[2012/03/12 20:33:47 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\537D2AA957334D24A916F3EF8F52996D\10.1.2731
[2012/05/13 07:21:26 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319
[2012/03/12 20:33:24 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\5F514774AD39AA64585C460074289559\10.0.1600
[2012/05/12 07:38:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\67CD470D9C6FE0441A0DD19E8514F7BD\10.0.1600
[2011/06/28 07:07:55 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\689C057F0135A5A3598FE47CC1A80CC1\4.0.30319
[2012/03/12 20:33:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B7448A3100000030\8.1.3
[2012/03/12 20:32:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\6BA4943F00966C14FA7528636228E78D\10.0.1600
[2012/06/30 18:34:46 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\79F70AEA8809c7948812F063DBD52C15\90.0.146
[2012/06/30 18:34:29 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\81500F31A708A3B4380B7ADC093F3A89\90.0.146
[2012/06/30 18:33:12 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\A1DC6DCBEBD0E214F952B305D0E1B61A\90.0.146
[2012/03/12 20:33:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\ADDAB40C5E8A06443858882F9A2E3A50\7.6.0
[2012/03/12 20:33:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\AEC3B2C1E28435443B2E9C37317328A8\10.1.2531
[2012/09/08 16:16:34 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\AFC9600B9BB530C41B6C98EC92E0A5EF\5.2.6
[2012/10/10 06:59:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\b25099274a207264182f8181add555d0\8.0.56336
[2012/06/30 18:33:12 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\BEF1496C59505ff4F8136B4F3BC130F1\90.0.189
[2012/03/12 20:33:56 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\C10F569CAE677DB479E36432A63E217D\10.0.1600
[2012/03/12 20:33:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\c1c4f01781cc94c4c8fb1542c0981a2a\8.0.61001
[2012/06/30 18:33:38 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\C78E1E01C65680D4686D45342D5838EB\90.0.146
[2012/03/12 20:33:47 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\C839E3454CDB33946A211092936948F5\9.0.0
[2012/03/12 20:33:54 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\C8422FA4FD3BBF645969785FBD916398\10.0.1600
[2009/03/14 09:32:41 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0
[2012/03/12 20:33:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\DD7906EE4F50871479913D71B00F898E\1.4.1
[2012/05/27 08:14:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\DDE7F2BCF1D91C3409CFF425AE1E271A\1.1.4322
[2012/10/10 17:49:49 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\F4876AB401B3A3749B5F333AA63C455D\3.0.14358
[2012/05/01 07:53:57 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\FCDAC0A0AD874C333A05DC1548B97920\4.0.30319
[2009/02/28 18:37:20 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\FF26F08EC3D591A4489079122F292860\3.4.1
[2012/08/02 16:52:45 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\UnManaged\S-1-5-21-110388515-1034420003-653005438-1000
[2012/08/02 16:52:45 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\UnManaged\S-1-5-21-110388515-1034420003-653005438-1000\3DBC477DF72A1A543AD4B65E9C8164E2
[2012/08/02 16:52:46 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\UnManaged\S-1-5-21-110388515-1034420003-653005438-1000\3DBC477DF72A1A543AD4B65E9C8164E2\9.1.2
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006/11/02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012/09/09 17:10:00 | 000,143,360 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\system32\d3dx10_33G.dll
 
< %systemroot%\Installer\*. /s >
[2012/08/02 16:52:45 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$
[2012/03/12 20:13:45 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{0125D081-30D0-4A97-82A8-C28D444B6256}
[2011/11/04 16:50:36 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}
[2010/08/09 14:52:22 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{089DD780-DB3F-4CDB-A0C2-111360247298}
[2011/03/03 15:07:28 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}
[2011/09/25 08:39:37 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{0C826C5B-B131-423A-A229-C71B3CACCD6A}
[2008/03/27 16:44:23 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{0E19A83E-F53B-40CF-8C91-96F32D955E6A}
[2011/03/05 16:29:41 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{0EE0B0D9-C159-4D0D-8E92-83959FCAA35D}
[2012/06/30 18:33:39 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{10E1E87C-656C-4D08-86D6-5443D28583BE}
[2009/11/14 09:10:36 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{11202615-E557-4ECF-9B86-F59C81E52909}
[2008/03/27 16:38:22 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{11BB336F-0E58-4977-B866-F24FA334616B}
[2010/08/09 14:49:08 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{1B9B5B3B-28E7-4E59-A80D-D670AA984514}
[2012/03/12 20:32:27 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{1C2B3CEA-482E-4453-B3E2-C9731337828A}
[2010/08/09 14:53:13 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}
[2008/11/28 19:59:59 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{2315B23D-3E21-4920-837D-AE6460934ECB}
[2011/02/07 16:02:16 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{26A24AE4-039D-4CA4-87B4-2F83216023FF}
[2012/09/30 12:06:21 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{26A24AE4-039D-4CA4-87B4-2F83217007FF}
[2011/11/14 07:14:13 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}
[2012/04/19 17:45:39 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{2D87E961-577B-492B-AD54-1368680FB9A7}
[2010/05/13 07:07:44 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}
[2011/09/25 08:36:50 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{3101CB58-3482-4D21-AF1A-7057FC935355}
[2012/08/24 18:26:25 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{32A9C5B3-D166-4C6D-A11E-A54473151000}
[2012/03/12 20:33:58 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}
[2012/10/12 07:24:18 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{39D0E034-1042-4905-BECB-5502909FCB7C}
[2012/09/14 16:28:47 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{3C57F42A-4925-4B5D-9774-18AEF2B81A97}
[2010/10/13 17:57:55 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}
[2012/09/08 16:16:15 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{40AAB711-8EFF-4830-8B39-017D3F66983D}
[2010/12/31 12:14:51 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{4422D20B-F530-4E65-8504-31396C9BC066}
[2012/06/30 18:34:38 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
[2009/01/10 16:17:31 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
[2012/03/12 20:33:54 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{4AF2248C-B3DF-46FB-9596-87F5DB193689}
[2012/10/10 17:49:52 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{4BA6784F-3B10-473A-B9F5-33A36AC354D5}
[2012/09/08 16:16:04 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}
[2012/05/13 15:13:20 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{612C34C7-5E90-47D8-9B5C-0F717DD82726}
[2012/05/23 07:36:00 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{6151CF20-0BD8-4023-A4A0-6A86DCFE58E5}
[2009/01/24 08:26:13 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}
[2011/01/29 18:41:13 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
[2012/05/23 07:42:40 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{7003B63A-7ECA-42B0-A122-AFF24A9F1D5B}
[2009/01/15 06:44:41 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
[2012/05/12 07:32:06 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
[2012/05/12 07:38:49 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{90120000-0020-0407-0000-0000000FF1CE}
[2012/03/01 08:05:07 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{90120000-006E-0407-0000-0000000FF1CE}
[2009/12/19 08:30:17 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}
[2012/05/12 07:51:08 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}
[2012/05/12 07:51:45 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{95120000-00AF-0407-0000-0000000FF1CE}
[2012/03/12 20:30:12 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{9AA2D735-3375-42D4-9A61-3FFEF82599D6}
[2011/09/25 08:40:03 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{A498D9EB-927B-459B-85D6-DD6EF8C2C564}
[2011/08/20 16:14:41 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{A8DB611A-D80E-450D-85F6-3ACDD164BE31}
[2009/03/22 14:48:33 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{AC76BA86-7AD7-1031-7B44-A81300000003}
[2008/12/31 12:22:26 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{AC76BA86-7AD7-5464-3428-800000000003}
[2012/09/08 16:16:37 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}
[2009/06/21 10:20:48 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}
[2012/03/11 11:46:31 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{C04BADDA-A8E5-4460-8385-88F2A9E2A305}
[2010/02/04 18:30:30 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{C084BC61-E537-11DE-8616-005056806466}
[2012/03/12 20:33:56 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{C965F01C-76EA-4BD7-973E-46236AE312D7}
[2008/03/27 16:43:58 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}
[2009/02/28 16:36:56 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{CB84F0F2-927B-458D-9DC5-87832E3DC653}
[2010/08/09 15:03:43 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
[2012/03/12 20:33:49 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{D074DC76-F6C9-440E-A1D0-1DE958417FDB}
[2009/01/01 16:50:20 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{D16D8A48-65A4-4B19-8A02-DC9A40FB80C4}
[2012/05/26 16:51:52 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}
[2010/12/17 08:33:01 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
[2009/02/28 16:15:25 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{E80F62FF-5D3C-4A19-8409-9721F2928206}
[2011/01/15 13:16:23 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{EC385B36-AE9D-4F0F-A596-08F7D425D09D}
[2011/01/29 18:41:30 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{EE6097DD-05F4-4178-9719-D3170BF098E8}
[2008/11/28 20:01:24 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{EF7E931D-DC84-471B-8DB6-A83358095474}
[2012/04/28 15:39:53 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}
[2009/11/26 17:23:29 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
[2009/01/10 16:15:42 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}
[2012/09/08 16:15:32 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{FE19B8A3-C79D-4A90-8F7C-1B206DB00CFC}
[2012/10/20 06:40:15 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed
[2012/08/02 16:52:45 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\UnManaged
[2012/03/01 08:12:03 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109020070400000000000F01FEC
[2008/12/29 16:25:19 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\000021091A0070400000000000F01FEC
[2012/03/01 08:05:30 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109610070400000000000F01FEC
[2012/03/01 08:05:49 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109810070400000000000F01FEC
[2012/03/01 08:05:54 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109B10070400000000000F01FEC
[2008/12/29 16:25:02 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109E60070400000000000F01FEC
[2008/12/29 16:25:32 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109F10001400000000000F01FEC
[2008/12/29 16:25:30 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109F10070400000000000F01FEC
[2008/12/29 16:24:55 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109F10090400000000000F01FEC
[2010/01/21 17:36:38 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC
[2012/03/01 08:08:53 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC
[2012/03/12 20:13:41 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\000021599B0090400000000000F01FEC
[2012/03/01 08:02:38 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002159FA0070400000000000F01FEC
[2012/05/01 07:43:37 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC
[2009/01/12 07:47:35 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\0D00C83EB86A81348A6A7F4D5B1BFDE0
[2012/03/12 20:33:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\0D756077321A70C3E844C138CE981581
[2012/03/12 20:34:21 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\11993DB5F21A265489AB6A0EE333071B
[2012/03/12 20:29:44 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\180D52100D0379A4288A2CD844B42665
[2012/03/12 20:29:44 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\1B5423D68BD832A4C92DC2094FA0AB6F
[2009/01/24 08:24:58 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\1BF27E46343277944B8A62C25DD3B03D
[2012/03/15 07:32:35 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A
[2009/08/22 07:35:41 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D
[2012/03/12 20:31:42 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\2E43F6A45E9061642B72A4624A886A9F
[2012/03/12 20:34:03 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\3323515BEEA94DC4D9C2F4AA8C07BD2E
[2012/03/14 06:39:29 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\3EF5BEED5F04B5C3F8583560FEC3804F
[2012/06/30 18:33:53 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\40B8D8DFDAEB55A4AAD1262D73E3D7AE
[2012/03/12 20:13:41 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\41DAA1250305BB44B8E0C56EF5EC750E
[2012/06/30 18:33:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\42C2662EE13B94340A4823BE678E7B06
[2009/06/12 14:51:57 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\430E0D9324015094EBBC552009F9BCC7
[2012/06/30 18:34:13 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\4D738037E5FFBD84AB94337E23FD0F3B
[2012/03/12 20:31:33 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\537D2AA957334D24A916F3EF8F52996D
[2011/04/14 16:38:22 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A
[2012/03/12 20:33:14 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\5F514774AD39AA64585C460074289559
[2012/03/12 20:33:46 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\67CD470D9C6FE0441A0DD19E8514F7BD
[2011/06/28 07:03:33 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\689C057F0135A5A3598FE47CC1A80CC1
[2009/03/22 14:48:25 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B7448A3100000030
[2012/03/12 20:32:37 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\6BA4943F00966C14FA7528636228E78D
[2012/06/30 18:32:31 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\79F70AEA8809c7948812F063DBD52C15
[2012/06/30 18:34:29 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\81500F31A708A3B4380B7ADC093F3A89
[2012/06/30 18:33:12 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\A1DC6DCBEBD0E214F952B305D0E1B61A
[2012/03/12 20:13:41 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\ADDAB40C5E8A06443858882F9A2E3A50
[2012/03/12 20:33:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\AEC3B2C1E28435443B2E9C37317328A8
[2012/09/08 16:16:34 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\AFC9600B9BB530C41B6C98EC92E0A5EF
[2012/10/10 06:59:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\b25099274a207264182f8181add555d0
[2012/06/30 18:33:12 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\BEF1496C59505ff4F8136B4F3BC130F1
[2012/03/12 20:33:55 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\C10F569CAE677DB479E36432A63E217D
[2012/03/12 20:29:44 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\c1c4f01781cc94c4c8fb1542c0981a2a
[2012/06/30 18:33:38 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\C78E1E01C65680D4686D45342D5838EB
[2012/03/12 20:29:43 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\C839E3454CDB33946A211092936948F5
[2012/03/12 20:33:52 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\C8422FA4FD3BBF645969785FBD916398
[2009/03/14 09:32:41 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100
[2012/03/12 20:29:44 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\DD7906EE4F50871479913D71B00F898E
[2012/05/27 08:14:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\DDE7F2BCF1D91C3409CFF425AE1E271A
[2012/10/10 17:49:49 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\F4876AB401B3A3749B5F333AA63C455D
[2012/03/14 06:43:37 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\FCDAC0A0AD874C333A05DC1548B97920
[2009/02/28 18:37:20 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\FF26F08EC3D591A4489079122F292860
[2012/03/12 20:33:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109020070400000000000F01FEC\12.0.4518
[2012/03/01 08:11:59 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109020070400000000000F01FEC\12.0.6612
[2010/01/21 17:33:36 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\000021091A0070400000000000F01FEC\12.0.4518
[2010/01/21 17:33:28 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109610070400000000000F01FEC\12.0.4518
[2012/03/01 08:05:30 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109610070400000000000F01FEC\12.0.6612
[2010/01/21 17:33:44 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109810070400000000000F01FEC\12.0.4518
[2012/03/01 08:05:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109810070400000000000F01FEC\12.0.6612
[2010/01/21 17:33:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109B10070400000000000F01FEC\12.0.4518
[2012/03/01 08:05:54 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109B10070400000000000F01FEC\12.0.6612
[2012/03/01 08:05:03 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109E60070400000000000F01FEC\12.0.4518
[2008/12/29 16:25:32 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109F10001400000000000F01FEC\12.0.4518
[2012/03/01 08:10:39 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109F10070400000000000F01FEC\12.0.4518
[2010/01/21 17:36:34 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109F10090400000000000F01FEC\12.0.4518
[2012/03/01 08:11:01 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518
[2012/05/12 07:34:40 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518
[2012/03/01 08:08:43 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612
[2012/03/12 20:33:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\000021599B0090400000000000F01FEC\12.0.6012
[2012/03/12 20:33:47 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002159FA0070400000000000F01FEC\12.0.4518
[2012/03/01 08:02:30 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002159FA0070400000000000F01FEC\12.0.6612
[2012/05/01 07:43:37 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130
[2010/12/17 08:32:56 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\0D00C83EB86A81348A6A7F4D5B1BFDE0\9.0.2980
[2012/03/12 20:33:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\0D756077321A70C3E844C138CE981581\8.0.50727
[2012/03/12 20:34:25 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\11993DB5F21A265489AB6A0EE333071B\10.0.1600
[2012/03/12 20:33:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\180D52100D0379A4288A2CD844B42665\3.5.8080
[2012/03/12 20:33:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\1B5423D68BD832A4C92DC2094FA0AB6F\1.0.3
[2012/03/12 20:33:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\1BF27E46343277944B8A62C25DD3B03D\12.1.0
[2012/03/15 07:32:35 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219
[2012/05/12 07:58:17 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729
[2012/03/12 20:31:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\2E43F6A45E9061642B72A4624A886A9F\10.0.1600
[2012/03/12 20:34:13 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\3323515BEEA94DC4D9C2F4AA8C07BD2E\10.0.1600
[2012/03/14 06:41:01 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\3EF5BEED5F04B5C3F8583560FEC3804F\10.0.30319
[2012/06/30 18:33:53 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\40B8D8DFDAEB55A4AAD1262D73E3D7AE\90.0.146
[2012/03/12 20:33:47 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\41DAA1250305BB44B8E0C56EF5EC750E\1.0.0
[2012/06/30 18:33:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\42C2662EE13B94340A4823BE678E7B06\90.0.146
[2012/03/12 20:33:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\430E0D9324015094EBBC552009F9BCC7\9.7.621
[2012/06/30 18:34:13 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\4D738037E5FFBD84AB94337E23FD0F3B\90.0.146
[2012/03/12 20:33:47 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\537D2AA957334D24A916F3EF8F52996D\10.1.2731
[2012/05/13 07:21:26 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319
[2012/03/12 20:33:24 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\5F514774AD39AA64585C460074289559\10.0.1600
[2012/05/12 07:38:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\67CD470D9C6FE0441A0DD19E8514F7BD\10.0.1600
[2011/06/28 07:07:55 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\689C057F0135A5A3598FE47CC1A80CC1\4.0.30319
[2012/03/12 20:33:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B7448A3100000030\8.1.3
[2012/03/12 20:32:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\6BA4943F00966C14FA7528636228E78D\10.0.1600
[2012/06/30 18:34:46 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\79F70AEA8809c7948812F063DBD52C15\90.0.146
[2012/06/30 18:34:29 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\81500F31A708A3B4380B7ADC093F3A89\90.0.146
[2012/06/30 18:33:12 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\A1DC6DCBEBD0E214F952B305D0E1B61A\90.0.146
[2012/03/12 20:33:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\ADDAB40C5E8A06443858882F9A2E3A50\7.6.0
[2012/03/12 20:33:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\AEC3B2C1E28435443B2E9C37317328A8\10.1.2531
[2012/09/08 16:16:34 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\AFC9600B9BB530C41B6C98EC92E0A5EF\5.2.6
[2012/10/10 06:59:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\b25099274a207264182f8181add555d0\8.0.56336
[2012/06/30 18:33:12 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\BEF1496C59505ff4F8136B4F3BC130F1\90.0.189
[2012/03/12 20:33:56 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\C10F569CAE677DB479E36432A63E217D\10.0.1600
[2012/03/12 20:33:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\c1c4f01781cc94c4c8fb1542c0981a2a\8.0.61001
[2012/06/30 18:33:38 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\C78E1E01C65680D4686D45342D5838EB\90.0.146
[2012/03/12 20:33:47 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\C839E3454CDB33946A211092936948F5\9.0.0
[2012/03/12 20:33:54 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\C8422FA4FD3BBF645969785FBD916398\10.0.1600
[2009/03/14 09:32:41 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0
[2012/03/12 20:33:48 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\DD7906EE4F50871479913D71B00F898E\1.4.1
[2012/05/27 08:14:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\DDE7F2BCF1D91C3409CFF425AE1E271A\1.1.4322
[2012/10/10 17:49:49 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\F4876AB401B3A3749B5F333AA63C455D\3.0.14358
[2012/05/01 07:53:57 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\FCDAC0A0AD874C333A05DC1548B97920\4.0.30319
[2009/02/28 18:37:20 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\FF26F08EC3D591A4489079122F292860\3.4.1
[2012/08/02 16:52:45 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\UnManaged\S-1-5-21-110388515-1034420003-653005438-1000
[2012/08/02 16:52:45 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\UnManaged\S-1-5-21-110388515-1034420003-653005438-1000\3DBC477DF72A1A543AD4B65E9C8164E2
[2012/08/02 16:52:46 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\UnManaged\S-1-5-21-110388515-1034420003-653005438-1000\3DBC477DF72A1A543AD4B65E9C8164E2\9.1.2
 
<          >
[2006/11/02 15:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 15:01:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2008/05/11 12:11:41 | 000,000,590 | ---- | C] () -- C:\Windows\Tasks\Norton Internet Security - Systemprüfung ausführen - christoph.job
[2009/01/02 09:02:35 | 000,000,416 | ---- | C] () -- C:\Windows\Tasks\PCConfidential.job
[2009/02/21 15:55:43 | 000,001,052 | ---- | C] () -- C:\Windows\Tasks\Google Software Updater.job
[2009/07/01 06:17:59 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009/07/01 06:18:00 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< End of report >

cosinus 24.10.2012 15:33
Ok ist unauffällig. Was ist bzgl. der Weiterleitung noch offen oder ist das behoben?


Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

christoph03 24.10.2012 16:52
Hier ist erst einmal die log Datei von gmer

Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit quick scan 2012-10-24 17:51:16
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.GM4O
Running: drxt9ymm.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\kwtiruod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\tdx \Device\Ip  SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp  SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\tdx \Device\Udp  SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----
Und dann jene von osam.
Die Google-Umleitung ist heute morgen - jetzt hab ichs nicht probiert - wieder bei jedem Link aktiv geworden, so "arg" war die Seuche noch nie. Nach jedem Klick springt die Seite sofort auf "searchnowfq" und danach irgendwo andershin, nur nicht an die Zielseite.

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:59:10 on 24.10.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Norton Internet Security - Systemprüfung ausführen - christoph.job" - ? - c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe  (File not found)
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"PCConfidential.job" - ? - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe  (File not found)

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL
"TosBtLocalCOM" - "TOSHIBA CORPORATION" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\LocalCOM.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"kwtiruod" (kwtiruod) - ? - C:\Users\CHRIST~1\AppData\Local\Temp\kwtiruod.sys  (Hidden registry entry, rootkit activity | File not found)
"NAVENG" (NAVENG) - "Symantec Corporation" - C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121020.007\NAVENG.SYS
"NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121020.007\NAVEX15.SYS
"NetGroup Packet Filter Driver" (NPF) - "CACE Technologies" - C:\Windows\System32\drivers\npf.sys
"SPBBCDrv" (SPBBCDrv) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
"SRTSP" (SRTSP) - "Symantec Corporation" - C:\Windows\System32\Drivers\SRTSP.SYS
"SRTSPL" (SRTSPL) - "Symantec Corporation" - C:\Windows\System32\Drivers\SRTSPL.SYS
"SRTSPX" (SRTSPX) - "Symantec Corporation" - C:\Windows\System32\Drivers\SRTSPX.SYS
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
"Symantec Intrusion Prevention Driver" (IDSvix86) - "Symantec Corporation" - C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20121019.001\IDSvix86.sys
"SYMDNS" (SYMDNS) - "Symantec Corporation" - C:\Windows\System32\Drivers\SYMDNS.SYS
"SymEvent" (SymEvent) - "Symantec Corporation" - C:\Windows\system32\Drivers\SYMEVENT.SYS
"SYMFW" (SYMFW) - "Symantec Corporation" - C:\Windows\System32\Drivers\SYMFW.SYS
"SYMNDISV" (SYMNDISV) - "Symantec Corporation" - C:\Windows\System32\Drivers\SYMNDISV.SYS
"SYMREDRV" (SYMREDRV) - "Symantec Corporation" - C:\Windows\System32\Drivers\SYMREDRV.SYS
"SYMTDI" (SYMTDI) - "Symantec Corporation" - C:\Windows\System32\Drivers\SYMTDI.SYS

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth-Informationsaustausch" - "TOSHIBA" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosBtExt.dll
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{6230EF55-8E71-4F40-861A-DBA282584FF5} "AVSVideoConverter Object" - "Online Media Technologies Ltd." - C:\PROGRA~1\AVS4YOU\AVSVID~1\AVSVID~1.DLL
{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth-Informationsaustausch" - "TOSHIBA" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosBtExt.dll
{F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} "BUContextMenu Class" - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\kbcplext.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -  (File not found | COM-object registry key not found)
{B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\mcplext.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "Shell Extensions for RealOne Player" - ? -  (File not found | COM-object registry key not found)
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll
{A40526DD-F152-4C1D-844C-CE668D29B77E} "TPContextMenu Class" - "Symantec Corporation" - C:\PROGRA~1\NORTON~1\tpShell.dll
{DBD8E168-244D-448C-9922-25508950D1DC} "USIShellExt Class" - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\USIShex.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "Show Norton Toolbar" - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "Java Plug-in 1.6.0_01" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.7.2" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} "MSN Photo Upload Tool" - "Microsoft® Corporation" - C:\Windows\Downloaded Program Files\MsnPUpld.dll / hxxp://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldde-at.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
{E77F23EB-E7AB-4502-8F37-247DBAF1A147} "Windows Live Hotmail Photo Upload Tool" - "Microsoft® Corporation" - C:\Windows\Downloaded Program Files\CONFLICT.1\MsnPUpld.dll / hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldde-at.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC} "ClsidExtension" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "Show Norton Toolbar" - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\ssv.dll
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} "Symantec Intrusion Prevention" - "Symantec Corporation" - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
{22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} "{22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF}" - ? -  (File not found | COM-object registry key not found)
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
"Logitech SetPoint.lnk" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\SetPoint.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"ccApp" - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\ccApp.exe
"HP Software Update" - "Hewlett-Packard Co." - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"hpsysdrv" - "Hewlett-Packard Company" - c:\hp\support\hpsysdrv.exe
"IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
"KBD" - ? - C:\HP\KBD\KbdStub.EXE  (File found, but it contains no detailed information)
"SunJavaUpdateReg" - "Sun Microsystems, Inc." - "C:\Windows\system32\jureg.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Nitro PDF Port Monitor" - "Nitro PDF Software" - C:\Windows\system32\nitrolocalmon.dll
"PCL hpz3l5ha" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l5ha.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
"Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\Windows\system32\tbtmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Capture Device Service" (Capture Device Service) - "InterVideo Inc." - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
"COM Host" (comHost) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
"Flash Media Administration Server" (FMSAdmin) - "Adobe Systems Incorporated." - C:\Program Files\Adobe\Flash Media Server 3.5\FMSAdmin.exe
"Flash Media Server (FMS)" (FMS) - "Adobe Systems Incorporated." - C:\Program Files\Adobe\Flash Media Server 3.5\FMSMaster.exe
"FMSHttpd" (FMSHttpd) - "Apache Software Foundation" - C:\Program Files\Adobe\Flash Media Server 3.5\Apache2.2\bin\httpd.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1c9942c2d4a157c)" (gupdate1c9942c2d4a157c) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
"LiveUpdate" (LiveUpdate) - "Symantec Corporation" - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
"LiveUpdate Notice" (LiveUpdate Notice) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"NitroPDFReaderDriverCreatorReadSpool" (NitroReaderDriverReadSpool) - "Nitro PDF Software" - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe
"Remote Packet Capture Protocol v.0 (experimental)" (rpcapd) - ? - "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"  (File not found)
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"SQL Server (SQLEXPRESS)" (MSSQL$SQLEXPRESS) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"Symantec Core LC" (Symantec Core LC) - ? - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
"Symantec Event Manager" (ccEvtMgr) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
"Symantec Lic NetConnect service" (CLTNetCnService) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
"Symantec Settings Manager" (ccSetMgr) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
"TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Das ist noch die letzte Logfile von aswMBR


Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-24 18:07:18
-----------------------------
18:07:18.758    OS Version: Windows 6.0.6002 Service Pack 2
18:07:18.758    Number of processors: 4 586 0xF0B
18:07:18.759    ComputerName: CHRISTOPH-PC  UserName: christoph
18:07:21.122    Initialize success
18:08:28.621    AVAST engine defs: 12102400
18:08:41.310    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:08:41.312    Disk 0 Vendor: Hitachi_ GM4O Size: 476940MB BusType: 3
18:08:41.314    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
18:08:41.317    Disk 1 Vendor: Hitachi_ GM4O Size: 476940MB BusType: 3
18:08:41.329    Disk 0 MBR read successfully
18:08:41.332    Disk 0 MBR scan
18:08:41.356    Disk 0 unknown MBR code
18:08:41.359    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS      469210 MB offset 63
18:08:41.398    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        7726 MB offset 960944040
18:08:41.407    Disk 0 scanning sectors +976768065
18:08:41.470    Disk 0 scanning C:\Windows\system32\drivers
18:08:53.491    Service scanning
18:09:25.215    Modules scanning
18:09:40.102    Disk 0 trace - called modules:
18:09:40.117    ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
18:09:40.122    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d8b358]
18:09:40.127    3 CLASSPNP.SYS[8a7ab8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x843fa030]
18:09:41.836    AVAST engine scan C:\Windows
18:09:47.351    AVAST engine scan C:\Windows\system32
18:10:15.136    File: C:\Windows\system32\d3dx10_33G.dll  **INFECTED** Win32:Malware-gen
18:15:18.721    AVAST engine scan C:\Windows\system32\drivers
18:15:45.574    AVAST engine scan C:\Users\christoph
18:31:11.493    AVAST engine scan C:\ProgramData
18:37:22.294    Scan finished successfully
18:39:55.560    Disk 0 MBR has been saved successfully to "C:\Users\christoph\Desktop\MBR.dat"
18:39:55.567    The log file has been saved successfully to "C:\Users\christoph\Desktop\aswMBR.txt"

cosinus 24.10.2012 19:18
Code:
C:\Windows\system32\d3dx10_33G.dll
Bitte diese Datei mal bei uns hochladen => http://www.trojaner-board.de/54791-a...tml#post349565

christoph03 25.10.2012 05:27
Der Versuch, diese Datei hochzuladen, scheitert vorerst. Die Einstellungen im
Bereich Ordner- und Suchoptionen passen.
In einem Fenster wird mir aber nach Anklicken von "Öffnen" der Datei angezeigt, daß ich nicht über die Rechte zu diesem Vorgang verfüge, und ich mich an Besitzer oder Administrator wenden soll.
Die Benutzerkontensteuerung, die ich standardmäßig abgeschaltet hatte, wollte ich aktivieren und neustarten, merkwürdigerweise ist der Haken , der das Aktivieren anzeigt, offenbar automatisch entfernt. Anderseits öffnen sich permanent die für diese vista-Steuerung obligaten Fenster, die zur Zustimmung zur Fortsetzung auffordern. Ich kenne mich da zu wenig aus.
Daher wollte ich nicht schon wieder einen Fehler machen und hab vorerst weitere Versuche gestoppt. Was könnte ich ändern, um die Datei doch hochzuladen, oder haben Sie einen anderen Tip?

Herzlich c.

cosinus 25.10.2012 10:37
Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":Files" muss mitkopiert werden!!!)

Code:
:Files
C:\Windows\system32\d3dx10_33G.dll
ipconfig /flushdns /c
:Commands
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

christoph03 25.10.2012 14:04
Das Fixen hat zwar begonnen, danach sind alle icons vom desktop verschwunden und auf der Randzeile von OTL ist die Information "Keine Rückmeldung" angezeigt worden. Der Maus Cursor hat sich in einen drehenden Kreis verwandelt, das ist bei meinem pc das Zeichen, daß etwas gesucht oder versucht wird.
Letztlich ist OTL auf diese Weise abgestürzt, es ist kein Ende signalisiert worden und auch keine logfile. Ich mußte den PC herunterfahren, weil keine Eingaben mehr angenommen wurden.
Die.dll Datei ist verschoben worden in den C:\_OTL Ordner.
Ein erster Probelauf im Google war erfolgreich, es erfolgt keine Umleitung mehr.
"Alle Programme schließen", umfaßt das auch die Anzeigen im task Manager?
Oder nur die von mir manuell gestarteten Programme, wie IE, oder Module aus dem Startmenü? Virenscanner Symantec ist die ganze Zeit abgeschaltet.
Herzlich C.

cosinus 25.10.2012 14:57
Zitat:
Die.dll Datei ist verschoben worden in den C:\_OTL Ordner.
Sehr schön, dann lad sie mal jetzt bei uns in den Upchannel

christoph03 25.10.2012 17:04
Jetzt hab ich die Datei aus dem OTL-Ordner im Upchannel hochgeladen.
Herzlich c.

markusg 25.10.2012 17:32
nur eine kurze bitte, wenn es mir erlaubt ist.
da wir die dll einsenden wollen an antimalware hersteller:
downloade get info:
http://markusg.trojaner-board.de/GetInfo.exe
doppelklicke die .exe
im selben ordner wird nun eine .txt erstellt:
summary-info.txt
diese doppelklicken und deren inhalt posten.

und, eine frage.
diese malware wird meist über gehackte websites verbreitet, und zwar, wenn du in einer suchmaschine einen begriff eingibst, wirst du, beim besuch einer seite aufgefordert, etwas runterzuladen, ist meist ein archiv.
kannst du dich erinnern, dass soetwas vor dem infektionszeitpunkt passiert ist? falls ja, welcher suchbegriff, bzw welche seite hast du aufgerufen, bzw, hast du das archiv noch?
falls du das archiv noch hast, lads mal im up-channel hoch, und infos über den suchbegriff an mich als private nachicht.

christoph03 26.10.2012 07:04
Guten Morgen,

hier sende ich noch die gewünschte Textdatei

Code:
System volume information:        dwHighDateTime = 0x1c89014,dwLowDateTime = 0x8303ea0d
System32:                        dwHighDateTime = 0x1c6fe70,dwLowDateTime = 0xa3cd0a16
dwSerialNumber = 0x1e0f33b6
Zu der anderen Frage muß ich noch ein wenig recherchieren, und melde dann wieder.
Herzlichen Dank für Ihre Hilfe, herzlich c.

In der letzten halben Stunde habe ich den "Verlauf" der besuchten Seiten geprüft.

Soweit ich mich erinnern kann, habe ich am Morgen des 16. Oktober - das ist der Tag, an dem ich die Infektion bemerkt habe, sie war eindeutig davor nicht zu erkennen - einen Suchbegriff wie "stereo view" oder " fundamental matrix" verwendet gemeinsam mit "software". Dabei ist mir unter anderem die Seite
devernay.free.fr angezeigt worden, die ich angeklickt habe. Das weiß ich deshalb noch, weil die Verbindung zunächst geblockt war und erst auf Umwegen (Eingabe in der obersten url-Zeile) hergestellt wurde. Außerdem enthält die Seite einen Unterordner "hacks", was mir merkwürdig vorgekommen ist. Ich möchte aber niemanden explizit verdächtigen, dazu kenne ich mich viel zu wenig aus.
Heruntergeladen habe ich von dort nichts, es ist zwar nicht mehr hundertprozentig nachzuprüfen, aber ich bin mir fast sicher.
Viele Grüße
C.

markusg 26.10.2012 13:00
danke das teste ich, und, wenn ne seite geblockt wird, hat das schon seinen grund, solche mechanissmen sind natürlich sinnlos, wenn sie keiner beachtet, dann muss man sich aber auch nicht wundern, wenn man dann seinen pc mit malware infiziert :-)

cosinus 26.10.2012 13:04
Code:
Disk 0 unknown MBR code
Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

christoph03 26.10.2012 14:18
Bevor ich mit dem Fixen beginne, hab ich noch eine Frage, die mich wahrscheinlich als ziemlich ahnungslos enttarnt:


Wie sichere ich meine Daten, und welche sind betroffen?
Danke im voraus!

cosinus 26.10.2012 14:28
Gut dass du fragst ;)

Da gibt es mehrere Möglichkeiten. Das einfachste wäre es wohl alle Dateien und wichtigen persönlichen Ordner auf eine ext. Platte zu kopieren. Dann hast du deine Daten gesichert, zB nach einem Systemcrash kannst du Windows dann manuell sauber neu installieren und die Daten aus der einfachen manuellen Backupmethode einfach wieder zurückkopieren

Man kann aber auch Abbilder eines gesamten System (besser gesagt der gesamten Platte oder von einzelnen oder auch mehreren Partitionen erstellen), Denkanstoß hier => http://www.trojaner-board.de/115678-...r-backups.html

Wenn du eine Festplatte von WesternDigital oder Seagate hast, bekommst du ein AcronisTrueImage für lau :) (das aber ohne SecureZone soweit ich weiß, ich empfehle aber eh Images auf externe Platten, diese sollten nur angesteckt sein wenn man das Backup braucht bzw. ein Backup erstellen muss!)

WesternDigtal => Acronis True Image WD Edition Download - Acronis True Image WD Edition 13.0
Seagate => Seagate DiscWizard Download - Seagate DiscWizard 13.0

Mit Windows7 hat man auch ein Bordmitteln für die Imageerstellung zB hier => [Anleitung] Komplettes Image-Backup (Systemabbild) von Windows 7 erstellen - Anleitungen / Tutorials / FAQ (Windows 7)

Gibt auch andere Programme, wie zB Drive Snapshot - Disk Image Backup leicht gemacht


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:53 Uhr.
Seite 3 von 4 12 3 4
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20